WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

howiper.exe and ewido cleanup

Started by geezer , May 20 2006 06:20 PM

This topic is locked

49 replies to this topic

#16 geezer

Authentic Member

Authentic Member
27 posts

Posted 03 June 2006 - 12:50 PM

Well Siggyx,
I am at a loss.
I must be missing some important step that is completely obvious to others but not to me.
This is where I stand:
The BlackLight Cleaning screen shows me:
CLTEST.EXE
cscgh.exe
howiper.exe
wbemtest.exe

I highlight howiper.exe
click Rename
click Next
click wish to continue
click OK

Black Light shows summary
4 found
1 queued for renaming

I click restart now
I click ok to restart

The computer restarts and when I rerun BlackLight it still finds 4 hidden files (same).
The only differences between the before and after logs is the time stamps of the entries.

Does this application expect me to rename the file? If so I see no opportunity to do so.
If I open explorer to do so the file still is not visible.

Here are the before and after logs and a HiJack

____________________________________

06/03/06 13:33:50 [Info]: BlackLight Engine 1.0.37 initialized
06/03/06 13:33:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/03/06 13:33:50 [Note]: 7019 4
06/03/06 13:33:50 [Note]: 7005 0
06/03/06 13:33:56 [Note]: 7006 0
06/03/06 13:33:56 [Note]: 7011 2072
06/03/06 13:33:56 [Note]: 7026 0
06/03/06 13:33:56 [Note]: 7026 0
06/03/06 13:34:02 [Note]: FSRAW library version 1.7.1015
06/03/06 13:34:22 [Info]: Hidden file: c:\Program Files\CyberLink\PowerDVD\CLTEST.EXE
06/03/06 13:34:22 [Note]: 10002 1
06/03/06 13:35:01 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\howiper.exe
06/03/06 13:35:01 [Note]: 10002 1
06/03/06 13:35:02 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\csgch.exe
06/03/06 13:35:02 [Note]: 7002 32
06/03/06 13:35:02 [Note]: 7003 1
06/03/06 13:35:02 [Note]: 10002 1
06/03/06 13:35:24 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WBEM\wbemtest.exe
06/03/06 13:35:24 [Note]: 10002 1
06/03/06 13:42:08 [Note]: 7007 0
____________________________________

06/03/06 13:53:47 [Info]: BlackLight Engine 1.0.37 initialized
06/03/06 13:53:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/03/06 13:53:47 [Note]: 7019 4
06/03/06 13:53:47 [Note]: 7005 0
06/03/06 14:02:49 [Note]: 7006 0
06/03/06 14:02:49 [Note]: 7011 2028
06/03/06 14:02:49 [Note]: 7026 0
06/03/06 14:02:49 [Note]: 7026 0
06/03/06 14:02:54 [Note]: FSRAW library version 1.7.1015
06/03/06 14:03:12 [Info]: Hidden file: c:\Program Files\CyberLink\PowerDVD\CLTEST.EXE
06/03/06 14:03:12 [Note]: 10002 1
06/03/06 14:03:49 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\howiper.exe
06/03/06 14:03:49 [Note]: 10002 1
06/03/06 14:03:49 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\cshjz.exe
06/03/06 14:03:49 [Note]: 7002 32
06/03/06 14:03:49 [Note]: 7003 1
06/03/06 14:03:49 [Note]: 10002 1
06/03/06 14:04:11 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WBEM\wbemtest.exe
06/03/06 14:04:11 [Note]: 10002 1
06/03/06 14:14:19 [Note]: 7007 0

____________________________________

Logfile of HijackThis v1.99.1
Scan saved at 2:36:03 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Advertisements

Register to Remove

#17 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 04 June 2006 - 07:27 PM

Download wareout

http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click next, then Install, then make sure "Run fixit" is checked and click finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Post a copy at the log located at C:\fixwareout\report.txt

When your system reboots, follow the prompts. Afterwards, Hijack This will launch.

Reboot into safe mode by following the directions here and Open KillBox. Then on killbox top bar press tools and then "Delete Temp Files" then "OK"

Then select the "Replace on Reboot" option.

Copy and Paste this entry to the "Full Path of File to Delete" box:

c:\WINDOWS\SYSTEM32\howiper.exe

When you select "Replace on Reboot", the "Use Dummy" option will highlight.
Click the "Use Dummy" option (Click "Use Dummy" for the following files also).

Click the red circle with the white X.
When the confirmation message appears, you will need to click Yes.

A second message will ask to Reboot now? You will need to click No.

Then Copy and past this entry to the "Full Path of File to Delete" box:

c:\WINDOWS\SYSTEM32\csgch.exe

Again, click the red circle with the white X.
When the confirmation message appears, you will need to click Yes.

On the last file pasted, when asked to Reboot, click Yes

Before you click Yes, close this window and all windows and programs!

It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

After restart, if you have any connection problems, do this:

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Next scan with ewido again and posts the logs and a new hijackthis log please.

#18 geezer

Authentic Member

Authentic Member
27 posts

Posted 10 June 2006 - 01:06 AM

Fixware log 6/9/6

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
.....
please post this at the forum

_________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:59:01 PM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Ed\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_____________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Ed(Administrator)
was started @ Friday, June 09, 2006, 11:06 PM

# 1 [Replace on Delete]
Path = c:\windows\system32\howiper.exe
*Replaced with C:\Documents and Settings\Ed\Local Settings\Temp\kbdummy.0

# 2 [Replace on Delete]
Path = c:\windows\system32\csgch.exe
*Replaced with C:\Documents and Settings\Ed\Local Settings\Temp\kbdummy.2

I Rebooted @ 11:27:09 PM
Killbox Closed(Exit) @ 11:27:09 PM
__________________________________________________

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:23:24 AM, 6/10/2006
+ Report-Checksum: 68B110BA

+ Scan result:

[696] VM_034E0000 -> Downloader.Agent.uj : Error during cleaning
[720] VM_00C80000 -> Downloader.Agent.uj : Error during cleaning
[1432] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning
[2300] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2484] VM_00A40000 -> Downloader.Agent.uj : Error during cleaning
[2632] VM_00AB0000 -> Downloader.Agent.uj : Error during cleaning
[2640] VM_00980000 -> Downloader.Agent.uj : Error during cleaning
[2680] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2704] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
[2716] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning
[2740] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning
[2772] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2796] VM_008F0000 -> Downloader.Agent.uj : Error during cleaning
[2828] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2852] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2928] VM_00910000 -> Downloader.Agent.uj : Error during cleaning
[3172] VM_00C40000 -> Downloader.Agent.uj : Error during cleaning
[3556] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning
[3804] VM_00E10000 -> Downloader.Agent.uj : Error during cleaning
[3988] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning
[4032] VM_00B10000 -> Downloader.Agent.uj : Error during cleaning
[3124] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP15\A0000685.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP15\A0000694.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP15\A0000703.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP15\A0000721.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP17\A0000727.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP18\A0000774.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP18\A0000781.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP18\A0000788.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP19\A0000804.exe -> Trojan.Small.gq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP21\A0000902.exe -> Trojan.Small.gq : Cleaned with backup

::Report End

____________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 12:32:38 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#19 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 12 June 2006 - 08:50 PM

I do apologise. I was called out of town again and had limited time for anything else. Please post an up to date hijackthis log and let me know how things are running at the moment. I am catching up so I will not be able to respond until tomorrow night.

#20 geezer

Authentic Member

Authentic Member
27 posts

Posted 13 June 2006 - 08:32 PM

Since my last posting I downloaded CWShredder and MS Windows Defender.
CWShredder found no errors.
MSWindows Defender found three issues.
FBKORY Unknown Allow
alchem.inf Removed
conscorr.ini Removed

Upon rerunning none of the errors re-occured.

No other other changes since Post # 18.
Please check that post for details.
New hijackthis log follows.

______________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:16:43 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\TEXTPA~1\TextPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\hh.exe
C:\WINDOWS\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#21 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 June 2006 - 08:55 PM

Please disable Windows Defender and Ewido.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

#22 geezer

Authentic Member

Authentic Member
27 posts

Posted 15 June 2006 - 05:09 PM

fixwareout\report

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
.....
please post this at the forum

_____________________________________________

I searched the C drive and found 2 copies of AUTOEXEC.NT located in
c:\I386 and c:\WINDOWS\REPAIR
Both of these files are identical. Is the fact fixwareout is not finding this file causing its testing to stop short?
After the testing I was not asked to Reboot. Is this because it could find no problems?
________________________________________________

The network settings you asked about were already as discribed, and I performed the flushdns.

I assumed you wanted another hijackthis report. (attached below)
The fixwareout report is above.

Are there any other programs you are assuming I have disabled when I follow these instructions? I also disabled Spyguard and NAV for the occasion.

________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 6:51:45 PM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\Trojan\HiJack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#23 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 17 June 2006 - 07:39 PM

Can i see a new ewido log please. Lets see if it removed that file ,thats is hijacking your IE.

#24 geezer

Authentic Member

Authentic Member
27 posts

Posted 25 June 2006 - 02:35 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:30:40 PM, 6/25/2006
+ Report-Checksum: B15610F1

+ Scan result:

[696] VM_03520000 -> Downloader.Agent.uj : Error during cleaning
[720] VM_00C80000 -> Downloader.Agent.uj : Error during cleaning
[2260] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning
[2548] VM_00A40000 -> Downloader.Agent.uj : Error during cleaning
[2564] VM_00AB0000 -> Downloader.Agent.uj : Error during cleaning
[2576] VM_00980000 -> Downloader.Agent.uj : Error during cleaning
[2628] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2644] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning
[2660] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning
[2700] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2728] VM_008F0000 -> Downloader.Agent.uj : Error during cleaning
[2760] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2768] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
[2848] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2864] VM_00910000 -> Downloader.Agent.uj : Error during cleaning
[3020] VM_00C40000 -> Downloader.Agent.uj : Error during cleaning
[3536] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning
[3612] VM_00E10000 -> Downloader.Agent.uj : Error during cleaning
[3900] VM_00B10000 -> Downloader.Agent.uj : Error during cleaning
[3068] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
C:\!KillBox\howiper.exe -> Trojan.Small.gq : Cleaned with backup

::Report E

__________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 1:41:52 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_________________________________________________________________

#25 geezer

Authentic Member

Authentic Member
27 posts

Posted 09 July 2006 - 10:40 PM

Since I haven't heard any response to my 6/25/6 post I figured I'd give it another try.

It has gotten so now when I log on in my own name quite often the log on gets hung in the explorer process generated in the startup.(Not always.) This forces me to log off with the task manager.
A work around that I have found for this is to sign on with my wifes Password, if and when this succeeds to sign off and then I am able to sign on as myself.
Another problem I ran into was when trying to reboot in SAFE mode I was unable to enter any password to log on.
Shutting down completely and after the appropriate prayers this problem healed itself.

I have tried a new approach.
The first set of files I have attached were run in safe mode and I also included the EWIDO connection, process, & startup reports along with a hijack.

The second set of attachments were run with a standard logon and included a hijack report and the 4 ewido reports.

Not knowing exactly what your expectations are before running the above I shut down all antispyware, antivirus, and any other active programs.

I hope this sheds a little more light on the efforts. If there are any specific expectations you have of me when running these tasks please let me know.

___________________________________________________________

SAFE Mode

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:04:29 PM, 7/9/2006
+ Report-Checksum: FECCC6E0

+ Scan result:

[212] VM_034E0000 -> Downloader.Agent.uj : Error during cleaning
[236] VM_00C80000 -> Downloader.Agent.uj : Error during cleaning
[936] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006539.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006545.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006553.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006559.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006564.exe -> Downloader.Small : Cleaned with backup

::Report End

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 7:05:29 PM, 7/9/2006
+ Report-Checksum: C927B671

Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run TemplateDongle Brong32.exe
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run PRONoMgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Reg\HKLM\Run PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
Reg\HKLM\Run Logitech Utility Logi_MwX.Exe
Reg\HKLM\Run Motive SmartBridge C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Reg\HKLM\Run IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Reg\HKLM\Run CTSysVol C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
Reg\HKLM\Run CTHelper CTHELPER.EXE
Reg\HKLM\Run CTDVDDet C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
Reg\HKLM\Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Reg\HKLM\Run DVDSentry C:\WINDOWS\System32\DSentry.exe
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run AsioReg REGSVR32.EXE /S CTASIO.DLL
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
Reg\HKLM\Run BCMSMMSG BCMSMMSG.exe
Reg\HKLM\Run Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Reg\HKCU\Run Spamihilator "C:\Program Files\Spamihilator\spamihilator.exe"
Reg\HKCU\Run SB Audigy 2 Startup Menu /L:ENG
Reg\HKCU\Run LDM \Program\BackWeb-8876480.exe
Shell\CommonStartup Logitech Desktop Messenger.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
Shell\CommonStartup Printkey2000.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
Shell\CommonStartup Verizon Online Support Center.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
Shell\UserStartup SpywareGuard.lnk C:\Documents and Settings\Ed\Start Menu\Programs\Startup\SpywareGuard.lnk

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 7:06:24 PM, 7/9/2006
+ Report-Checksum: A6D702FD

0: System Process
4: System Process
164: \SystemRoot\System32\smss.exe
212: \??\C:\WINDOWS\system32\csrss.exe
236: \??\C:\WINDOWS\system32\winlogon.exe
280: C:\WINDOWS\system32\services.exe
292: C:\WINDOWS\system32\lsass.exe
488: C:\WINDOWS\system32\svchost.exe
532: C:\WINDOWS\system32\svchost.exe
584: C:\Program Files\Windows Defender\MsMpEng.exe
660: C:\WINDOWS\system32\svchost.exe
936: C:\WINDOWS\Explorer.EXE
1052: C:\Program Files\ewido anti-malware\oldewido.exe
1892: C:\WINDOWS\system32\NOTEPAD.EXE

__________________

Logfile of HijackThis v1.99.1
Scan saved at 7:16:00 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\Explorer.EXE
C:\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

____________________________________________________________________________

Regular Logon

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:28:13 PM, 7/9/2006
+ Report-Checksum: 6772756B

+ Scan result:

[672] VM_03520000 -> Downloader.Agent.uj : Error during cleaning
[696] VM_00C80000 -> Downloader.Agent.uj : Error during cleaning
[2232] VM_009E0000 -> Downloader.Agent.uj : Error during cleaning
[2420] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2488] VM_00A40000 -> Downloader.Agent.uj : Error during cleaning
[2528] VM_00AB0000 -> Downloader.Agent.uj : Error during cleaning
[2536] VM_00980000 -> Downloader.Agent.uj : Error during cleaning
[2556] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2620] VM_009F0000 -> Downloader.Agent.uj : Error during cleaning
[2644] VM_003D0000 -> Downloader.Agent.uj : Error during cleaning
[2660] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning
[2716] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2752] VM_008F0000 -> Downloader.Agent.uj : Error during cleaning
[2776] VM_00920000 -> Downloader.Agent.uj : Error during cleaning
[2816] VM_009A0000 -> Downloader.Agent.uj : Error during cleaning
[2852] VM_00910000 -> Downloader.Agent.uj : Error during cleaning
[2956] VM_00B10000 -> Downloader.Agent.uj : Error during cleaning
[3060] VM_00C40000 -> Downloader.Agent.uj : Error during cleaning
[3452] VM_00DF0000 -> Downloader.Agent.uj : Error during cleaning
[3500] VM_00E10000 -> Downloader.Agent.uj : Error during cleaning
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP50\A0006576.exe -> Downloader.Small : Cleaned with backup

::Report End

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 11:28:43 PM, 7/9/2006
+ Report-Checksum: EB923B0B

Reg\HKLM\Run Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run TemplateDongle Brong32.exe
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run PRONoMgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Reg\HKLM\Run PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
Reg\HKLM\Run Logitech Utility Logi_MwX.Exe
Reg\HKLM\Run Motive SmartBridge C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Reg\HKLM\Run mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Reg\HKLM\Run IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Reg\HKLM\Run CTSysVol C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
Reg\HKLM\Run CTHelper CTHELPER.EXE
Reg\HKLM\Run CTDVDDet C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
Reg\HKLM\Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Reg\HKLM\Run DVDSentry C:\WINDOWS\System32\DSentry.exe
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run AsioReg REGSVR32.EXE /S CTASIO.DLL
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run ATIModeChange Ati2mdxx.exe
Reg\HKLM\Run BCMSMMSG BCMSMMSG.exe
Reg\HKLM\Run Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Reg\HKCU\Run Spamihilator "C:\Program Files\Spamihilator\spamihilator.exe"
Reg\HKCU\Run SB Audigy 2 Startup Menu /L:ENG
Reg\HKCU\Run LDM \Program\BackWeb-8876480.exe
Shell\CommonStartup Logitech Desktop Messenger.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
Shell\CommonStartup Printkey2000.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
Shell\CommonStartup Verizon Online Support Center.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
Shell\UserStartup SpywareGuard.lnk C:\Documents and Settings\Ed\Start Menu\Programs\Startup\SpywareGuard.lnk

---------------------------------------------------------
ewido anti-malware - Connection report
---------------------------------------------------------

+ Created on: 11:29:19 PM, 7/9/2006
+ Report-Checksum: 4880D8EC

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:993 0.0.0.0:0 LISTENING
TCP 127.0.0.1:995 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1035 0.0.0.0:0 LISTENING
TCP 192.168.1.47:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1028
UDP 0.0.0.0:4500
UDP 127.0.0.1:123
UDP 127.0.0.1:1027
UDP 127.0.0.1:1036
UDP 127.0.0.1:1900
UDP 192.168.1.47:123
UDP 192.168.1.47:137
UDP 192.168.1.47:138
UDP 192.168.1.47:1900

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 11:29:51 PM, 7/9/2006
+ Report-Checksum: 7E145DE9

0: System Process
4: System Process
340: C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
368: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
416: C:\WINDOWS\System32\CTsvcCDA.exe
452: C:\Program Files\ewido anti-malware\ewidoctrl.exe
472: C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
500: C:\Program Files\Norton AntiVirus\navapsvc.exe
624: \SystemRoot\System32\smss.exe
672: \??\C:\WINDOWS\system32\csrss.exe
696: \??\C:\WINDOWS\system32\winlogon.exe
740: C:\WINDOWS\system32\services.exe
752: C:\WINDOWS\system32\lsass.exe
812: C:\Program Files\Norton AntiVirus\SAVScan.exe
984: C:\WINDOWS\System32\Ati2evxx.exe
1000: C:\WINDOWS\system32\svchost.exe
1080: C:\WINDOWS\system32\svchost.exe
1152: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1176: C:\Program Files\Windows Defender\MsMpEng.exe
1216: C:\WINDOWS\System32\svchost.exe
1252: C:\WINDOWS\System32\MsPMSPSv.exe
1364: C:\WINDOWS\System32\svchost.exe
1368: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1408: C:\WINDOWS\System32\svchost.exe
1540: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
1652: C:\WINDOWS\system32\spoolsv.exe
2032: C:\WINDOWS\System32\alg.exe
2188: C:\Program Files\Internet Explorer\iexplore.exe
2232: C:\WINDOWS\Explorer.EXE
2316: C:\WINDOWS\system32\wscntfy.exe
2420: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2488: C:\Program Files\Dell\Media Experience\PCMService.exe
2528: C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
2536: C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
2556: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
2620: C:\WINDOWS\System32\DSentry.exe
2644: C:\Program Files\Logitech\MouseWare\system\em_exec.exe
2660: C:\WINDOWS\system32\dla\tfswctrl.exe
2716: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
2752: C:\WINDOWS\system32\CTHELPER.EXE
2776: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
2816: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2852: C:\WINDOWS\BCMSMMSG.exe
2956: C:\Program Files\Windows Defender\MSASCui.exe
3060: C:\Program Files\Spamihilator\spamihilator.exe
3452: C:\Program Files\PrintKey2000\Printkey2000.exe
3500: C:\Program Files\SpywareGuard\sgmain.exe
3652: C:\Program Files\ewido anti-malware\oldewido.exe
3820: C:\Program Files\Messenger\msmsgs.exe

___________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:32:34 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Explorer.EXE
C:\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Advertisements

Register to Remove

#26 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 16 July 2006 - 06:01 PM

Sorry, missed you somehow. Please post a new hijackthis log.

#27 geezer

Authentic Member

Authentic Member
27 posts

Posted 16 July 2006 - 11:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:20:44 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Explorer.EXE
C:\Trojan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bigwebportal.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TemplateDongle] Brong32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks,
Geezer

#28 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 17 July 2006 - 03:35 PM

Nothing in that log.

Download MicroWorld virus scan here >>> Micro World http://www.mwti.net/...e_utilities.asp

To run the virus scan make sure you click the following

memory, registry, startup folders, system folders, services, drive (all drives will be added) then click on scan clean. When the scan is complete hilight all the files in the LOWER box. Then ctrl + c and paste them into the thread ctrl + v.

I warn you the scan will take a long time to run and will not fix anything just identifies bad files.

#29 geezer

Authentic Member

Authentic Member
27 posts

Posted 17 July 2006 - 10:45 PM

It took 1hr. 45min. Object "cws.homesearch Browser Hijacker" found in File System! Action Taken: No Action Taken. Object "unspypc Unclassified" found in File System! Action Taken: No Action Taken. Object "wareout Adware" found in File System! Action Taken: No Action Taken. Object "wareout Adware" found in File System! Action Taken: No Action Taken. Object "wareout Adware" found in File System! Action Taken: No Action Taken. Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "WareOut Adware" found in File System! Action Taken: No Action Taken. Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Object "wareout Adware" found in File System! Action Taken: No Action Taken. Object "wareout Adware" found in File System! Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SpSubRx.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinadX.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\winenc32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MasqueGames\uninstall.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SpSubRx.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Aquarium.exe" refers to invalid object "C:\Program Files\SereneScreen\Aquarium\Aquarium.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ldm.exe" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\ldm.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\main.Exe" refers to invalid object "C:\nysdoh\main.Exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MotiveSB.exe" refers to invalid object "C:\PROGRA~1\VERIZO~1\SMARTB~1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSN6.EXE" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\MSN6.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SmartBridge.exe" refers to invalid object "C:\PROGRA~1\VERIZO~1\SMARTB~1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\WMPLYR\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VSRCPLIN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DELLCUSTOM\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\AUDP\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\AUSTRM\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDBURNING\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RMJPLN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDEXTRACT\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDINFO\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\CDROMS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\COMMON\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DATACACHE\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DEVICES\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FIRSTRUN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\DTDRPLINDIR\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\EPLUGINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FAUST\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FFTRANSCDIR\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FIRSTRUN_LOCALGUIDE\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FLASH\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\FREE\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\GEMSETUP\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\GEMXMLBIN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\HOWTO\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\HOWTOHANDLER\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\JSCRIPT\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MinAim\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MINHELP\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3PL\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MP3PLN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGIMG\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGROOT\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MSGUI\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\MULTICST\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNDEVICEINI\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNENGINE\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNPLUGINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNRPPLUGINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDBURNSUPPORT\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PDMGR\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYER\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERPLUGINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERPLUGOCX\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLAYERUNINST\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLSHARED\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\PLUS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RACODECS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJBRES\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJBVIZ\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJDLG\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJMPMED\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RJMPZIP\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RMXPLN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RNADMIN\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RTPLINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RV9CODECS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\RVCODECS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\SECURITY\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\SKINS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TDWNMGR\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TEMPLATES\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\TFILESYS\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\UI\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\UPDATE\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VIDP\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VIZ\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Administrator\Application Data\Real\RealOne Player\Setup\VMPG\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BMK". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BrowseInfo". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DBL". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".flt". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FRQ". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iaf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ima". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IND". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iss". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".NT". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prn". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HSA". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer Active Alert". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer Software Installer". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817611". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826959". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SW". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Web Offer". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winad Client". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\000C7BA0 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\001246B9 infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\00181AB2 tagged as "not-a-virus:AdWare.Win32.BiSpy.o". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\001B44AE tagged as "not-a-virus:AdWare.Win32.PowerScan.b". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\001F6EAA tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\002218A7 infected by "Trojan-Downloader.Win32.Agent.ab" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\013D036C infected by "Trojan-Downloader.Win32.Dyfuca.co" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\01442390 tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\02106899.wmf infected by "Exploit.Win32.IMG-WMF.v" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\024F0654.htm infected by "Exploit.JS.CVE-2006-1359.b" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\02D75268 infected by "Trojan-Downloader.Win32.IstBar.dh" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\04100338 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\058D2BCD infected by "Email-Worm.Win32.Sober.y" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\05F3263F infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\063117A5 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\063562C1.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\063B36BA.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\06C91034 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\06D334F1.wmf infected by "Trojan-Downloader.Win32.Agent.acd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\07351FC8 infected by "Trojan-Downloader.Win32.Agent.ae" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\07C052EF infected by "Email-Worm.Win32.Bagle.cf" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\082F131A infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0AC65EDE infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0B571B77 infected by "Trojan-Downloader.Win32.Agent.ae" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0C7F458A infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0C9F2F54 tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CCE3533 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CD45F8F infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CDB5D25 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CDF7678.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CE55B1A infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CEB2F13 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0CF2030C infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\0E9240CC infected by "Trojan-Downloader.Win32.IstBar.dh" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\11157C14 infected by "Email-Worm.Win32.Sober.y" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\130B3B14.wmf infected by "Trojan-Downloader.Win32.Agent.acd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\133971C0 infected by "Email-Worm.Win32.NetSky.af" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\13F87628 tagged as "not-a-virus:AdWare.Win32.BiSpy.n". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\145545CA.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14BD6505 infected by "Trojan-Downloader.Win32.Agent.ab" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14C00F01 tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14C338FE tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14C762FA infected by "Trojan-Downloader.Win32.WinShow.al" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14CA0CF6 tagged as "not-a-virus:AdWare.Win32.PowerScan.b". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14CD36F3 infected by "Trojan-Downloader.Win32.IstBar.fr" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\14D160EF tagged as "not-a-virus:AdWare.Win32.WinAD.a". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\151F0038 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\15AE0827 infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\164D43C7.class infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\16743574.class infected by "Trojan.Java.ClassLoader.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\17D77505 infected by "Email-Worm.Win32.Bagle.ba" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\182F6B53 infected by "Trojan-Downloader.Win32.WinShow.al" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\18651B8D tagged as "not-a-virus:AdWare.Win32.PurityScan.w". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\188A64FA tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\18BE7768.class infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\195A308E infected by "Trojan-Downloader.JS.IstBar.a" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1AB32D1D infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1AC0550E infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1AC37F0B tagged as "not-a-virus:AdWare.Win32.PurityScan.w". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1B082432.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1B314EF8 infected by "Email-Worm.Win32.NetSky.af" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1C450264 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1CBB2C4B infected by "Email-Worm.Win32.Sober.y" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1CEA6476 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1CFF44BA infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\1DCE1EBB infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\209812DB tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\20A756A7 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\20AD1EF4.wmf infected by "Trojan-Downloader.Win32.Agent.acd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\219E4B19 tagged as "not-a-virus:AdWare.Win32.WinAD.a". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\21A17515 infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\21A41F11 tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\220C7E38.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\223A094A.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\22E11309 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\237C0BB9.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\238933AB.class infected by "Trojan.Java.ClassLoader.h" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\24155869.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\24D040BE infected by "Email-Worm.Win32.Bagle.ba" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\24EA6C8C tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\25B530D2 infected by "Trojan.Java.ClassLoader.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2786453C.wmf infected by "Trojan-Downloader.Win32.Agent.acd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\27F4352F infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\27F75F2B infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\27FA0928 infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\28045D38.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2930126D infected by "Trojan-Downloader.Win32.IstBar.dh" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2C265400 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2D9A51A1.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2E9310A2.class infected by "Trojan.Java.ClassLoader.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2F0A6B38.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\2FBC7E27 tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\30287721 infected by "Email-Worm.Win32.Bagle.cl" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3062503B.zip infected by "Trojan.Java.ClassLoader.j" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\30E11E93 tagged as "not-a-virus:AdWare.Win32.PurityScan.aa". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\30E63E15.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\31926783 infected by "Trojan-Downloader.Win32.Agent.cd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\33746603 infected by "Trojan.Java.ClassLoader.u" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\33AB3BF4.class infected by "Trojan-Downloader.Java.OpenStream.z" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\35672D75.class infected by "Trojan.Java.ClassLoader.k" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\37287214.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\375F3BD7.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\37CF0643 infected by "Trojan-Downloader.Win32.Agent.uj" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\38166B0E.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\38403F41 infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\38C45710.wmf infected by "Exploit.Win32.IMG-WMF" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\38C7010C.class infected by "Trojan-Downloader.Java.OpenStream.z" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\38CB2B09.class infected by "Trojan.Java.ClassLoader.h" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3A445389.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3A487D85.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3A4B2782.class infected by "Trojan.Java.ClassLoader.Dummy.e" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3A4B2782.htm infected by "Trojan-Downloader.JS.Small.d" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3A4E517E.class infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3AC84516 infected by "Trojan-Downloader.Win32.Small.kq" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3B5C44EA tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3B813C2C.class infected by "Trojan.Java.ClassLoader.i" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3BAE77EA.wmf infected by "Trojan-Downloader.Win32.Agent.acd" Virus! Action Taken: No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\3BF20C39.class infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken

#30 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 18 July 2006 - 11:29 AM

Ok, lets start fresh and see what we caome up with

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Next:
Download ewido anti-spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition
files.
On the main screen select the icon "Update" then select the "
Update now" link.
- Next select the "Start Update" button, the update will start and a
  progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.[list=1]
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

We suggest you stop at this point and post a HijackThis log along with the contents of the c:\rapport.txt

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Body Background

skin color theme