Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby theglobal » June 7th, 2005, 5:14 pm

Ahhhhh... I got it! Thanks, Perculator!!!

:lol:
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove

Unread postby Perculator » June 8th, 2005, 5:08 pm

Do you have administrator rights (or equivalent)?

Code: Select all
If not log in as adminstrator and try again.




Ok here are some things you need to check

Verify that your computer's date and time are accurate and that the Internet Explorer language option is not empty.

Code: Select all
 To check the language setting in Internet Explorer:

1. Click "Tools" and then choose "Internet Options"
2. Click the "Languages" button
3. Make sure at least one language is listed in the "Language Options" dialog



still problems?

Paste the following line into the adresbar of your Internet Explorer
Code: Select all
http://www.kellys-korner-xp.com/regs_edits/updaterestore.reg  


and hit Enter
Now a dialogbox will appear with the question what you want to do with it.
Choose SAVE and save it to your desktop
When it has been downloaded, a new dialogbox will open itself with the quetsion what you want to do
Choose OPEN
You’ll now receive a message if you want to edit it to the registry.
Click YESSSSSSSSSSSSSS ---I cannot stress how important it is to click yes here, otherwise nothing will happen, and things will still be greyed out…do not fear …trust me


Well in your next post just tell me that, the automatic updates are not greyed out anymore, and everything works fine.
Last edited by Perculator on June 9th, 2005, 1:44 am, edited 2 times in total.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 9th, 2005, 1:09 am

Hello!

The fix worked fine. Automatic Updates are NOT grayed out. All is working well with that. My brother-in law has the upgrade for Windows XP Home to Windows XP Professional. Let me know when it would be ok to install the upgrade.

Also, I am posting a new hijackthis log, just to see where we are now. Do you think we killed off the narraitor infection?

I await any further instructions. :)


Logfile of HijackThis v1.99.1
Scan saved at 11:01:36 PM, on 6/8/2005
------------------------------------------------------

By the way, we never could run Ewido to its completion. I don't recall if we ever got to Killbox...maybe, but i don't recall. Thanks!
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adaware Bootup] C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7392481625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b28578.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby Perculator » June 9th, 2005, 1:46 am

i am really happy, i was so happy tht i put this message instead of the regfix, i gave you so i had to change it back, ofcourse it's still early here.
I will work and then come back here.

We're doing great!
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 9th, 2005, 2:36 am

yes, we are really doing great. I'm honored to have a new Dutch friend!

It's 12:35 am here, so I'm going to get some sleep... so i can go to work in the morning :lol:
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby Perculator » June 9th, 2005, 3:37 pm

Ok Friend

Now run the FindQoologic again and put the log on this board to see whether the narrator is completely gone.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 9th, 2005, 4:09 pm

here's the latest FindQoologic scan:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* aspack C:\WINDOWS\System32\MRT.EXE
* aspack C:\WINDOWS\System32\NTDLL.DLL
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c90df5e

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
America Online 9.0 Tray Icon.lnk
Billminder.lnk
desktop.ini
Microsoft Office.lnk
QuickBooks 2002 Delivery Agent.lnk
QuickBooks Update Agent.lnk
Quicken Startup.lnk
WinZip Quick Pick.lnk

User Startup:
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
.
..
desktop.ini

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
<NO NAME> REG_SZ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
<NO NAME> REG_SZ {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
<NO NAME> REG_SZ {E0D79304-84BE-11CE-9641-444553540000}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

"Find activesetup", version1, launched at: 14:03
Operating System: Windows XP SP2


HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby Perculator » June 9th, 2005, 5:02 pm

Looks good, i will be back tomorrow

See you around
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 9th, 2005, 5:45 pm

thanks! I look forward to your return. :)
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

last bits and pieces

Unread postby Perculator » June 10th, 2005, 6:24 pm

Run two of the following scans and restart after each scan you perform

Online virusscans

Housecall


Panda virus check

Rav antivirus

CA eTrust Antivirus scan

If they don't come up with any nasties you go on with this fix, otherwise, describe what and where they found antything

***
Ok run cleanup.
and after te tool did its work log out as user and log back in.

then create a clean restorepoint , as followed

System restore XP

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


I'll check for your answer tomorrow again.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby theglobal » June 10th, 2005, 11:00 pm

Perculator,

As I have stated a few times, the computer we have been working on is not mine. It is located away from my residence. I visited my brother-in law's home today to run the scans you requested. The computer has Counter Spy running on it and it ran a auto-scan this morning. I thought I should post the results for your review. After posting, I will perform the tasks you requested and post them also.

Counter Spy Scan results:

Spyware Scan Details
Start Date: 6/10/2005 6:00:16 AM
End Date: 6/10/2005 8:31:49 AM
Total Time: 2 hrs 31 mins 33 secs

Detected spyware

ShopAtHome Spyware more information...
Details: ShopAtHome installs itself in the Winsock layer of your computer and redirects visits to merchant sites in order to take the affiliate fees from them automatically without your knowledge.
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011742.exe


AproposMedia Browser Hijacker more information...
Details: A component of PeopleOnPage, sometimes found on machines without the commonly visible portion of the application. Spawns popup ads, and hijacks browser settings.
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002293.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002294.exe


BookedSpace Browser Plug-in more information...
Details: BookedSpace is an Internet Explorer Browser Helper Object used to show popup advertising.
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\documents and settings\all users\application data\nsv\wmv0106.ddx
c:\documents and settings\all users\application data\nsv\wmv1920.dbd
c:\documents and settings\all users\application data\nsv\wmv2007.dbd
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp21\a0013666.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002264.exe
c:\documents and settings\all users\application data\nsv\wmv0204.ddx
c:\documents and settings\all users\application data\nsv\wmv0315.ddx
c:\documents and settings\all users\application data\nsv\wmv0412.ddx
c:\documents and settings\all users\application data\nsv\wmv0504.ddx
c:\documents and settings\all users\application data\nsv\wmv0904.ddx
c:\documents and settings\all users\application data\nsv\wmv1125.ddx
c:\documents and settings\all users\application data\nsv\wmv1204.ddx
c:\documents and settings\all users\application data\nsv\wmv1909.ddx


Unclassified.Spyware.61 Spyware more information...
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011906.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012288.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002549.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002552.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002554.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002575.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002584.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002591.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011746.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011763.exe
c:\windows\system32\dqqhvmn.exe
c:\windows\system32\fxad.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012289.exe
c:\windows\system32\lloufp.exe
c:\windows\system32\mtpaxjc.exe
c:\windows\system32\pggeggyh.exe
c:\windows\system32\pvwttdoa.exe
c:\windows\system32\ulqyds.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012290.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012291.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012292.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012293.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012294.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012297.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012298.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012302.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp11\a0012034.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012303.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012305.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012306.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012307.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012309.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012310.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012311.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012312.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012314.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012315.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp11\a0012037.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012316.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012317.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012318.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012319.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012320.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012321.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012325.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012326.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012327.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012328.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp11\a0012038.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012329.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012330.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012331.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012332.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012334.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012336.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012337.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012340.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012341.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012342.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp11\a0012039.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012343.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012344.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012345.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012346.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012347.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012348.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012350.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012353.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000787.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000788.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012189.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000790.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000853.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002232.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002262.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002270.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002273.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002277.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002304.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002307.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002311.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012193.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002337.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002339.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002342.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002343.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002349.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002351.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002353.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002355.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002357.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002358.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012194.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002383.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002401.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002404.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002415.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002418.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002432.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002462.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002471.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002478.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002483.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012287.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002484.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002493.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002495.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002497.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002501.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002502.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002505.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002524.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002525.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002537.exe


Aurora Spyware more information...
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011952.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000326.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000776.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000778.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000829.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000830.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000954.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000955.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000956.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000957.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002446.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011953.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011631.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011632.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011679.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011680.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011731.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011732.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp9\a0011830.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp9\a0011831.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp2\a0000116.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000161.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000164.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000185.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000187.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000252.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000253.exe


Unclassified.Spyware.69 Spyware more information...
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp21\a0013667.exe


Spyware.BHO.jbamht Browser Plug-in more information...
Details: Spyware.BHO.jbamht adds a Browser Helper Object (BHO) to Internet Explorer.
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\program files\hjt\backups\backup-20050529-121653-953.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012296.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012299.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012301.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012304.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012308.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012313.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012322.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012324.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012333.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012335.exe
c:\program files\hjt\backups\backup-20050604-112309-995.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012338.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012339.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012349.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012351.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012352.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000255.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011623.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011736.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011741.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011743.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011910.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011747.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011748.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011749.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011751.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011756.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011757.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011758.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011759.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011761.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011762.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011912.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011764.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011765.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011766.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011767.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011769.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011770.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011771.exe
c:\windows\system32\aqlgvyww\wvrckwky.dll
c:\windows\system32\cbtmijtm\pfvdmmsa.dll
c:\windows\system32\cnnubcqy\vqplwlfr.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012188.exe
c:\windows\system32\hcsvhqks\wpyxpdah.dll
c:\windows\system32\itgslnfp\hdbwrpqh.dll
c:\windows\system32\lgikkual\epgniovd.dll
c:\windows\system32\ovjffbpf\edwedkkf.dll
c:\windows\system32\oxxnittq\qnxpkmll.dll
c:\windows\system32\rkvludpu\wywpgbki.dll
c:\windows\system32\slgxqrto\qlexohop.dll
c:\windows\system32\tispbqsk\hdqvalji.dll
c:\windows\system32\ubgsnrqo\dulggqyn.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012191.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012204.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012286.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012295.exe


CoolWebSearch Browser Hijacker more information...
Details: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.
Status: Quarantined
Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Infected files detected
c:\program files\hjt\backups\backup-20050604-181332-208-rnkt.exe
c:\windows\system32\opkdp.dll
c:\windows\system32\ozighxo.dll
c:\windows\system32\plbgby.exe
c:\windows\system32\rlkh.exe
c:\windows\system32\us4.0-3.exe
c:\windows\system32\uvknmz.exe
c:\windows\system32\wpavb.dat
c:\windows\system32\ysbinstall_1003032.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012258.exe
c:\windows\bbb.exe
c:\windows\system32\dbnorad.exe
c:\windows\system32\fhoe.exe
c:\windows\system32\hs.exe
c:\windows\system32\jkl.exe
c:\windows\system32\msclock32.dll
c:\windows\system32\msplock32.dll


WinTools Trojan more information...
Details: Bubba WinTools purpose is currently unknown. Bubba.wintools installs a Browser Helper Object, a URLSearchHook and drops several files in Common files\WinTools\. Bubba.wintools runs at startup
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011915.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000602.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000636.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000805.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000838.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000851.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000907.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000949.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0001124.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0001135.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0001176.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000165.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0001405.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002223.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002503.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002609.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0003608.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0004609.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0005609.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0006609.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0007608.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0008612.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000182.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0009614.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0009626.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0010624.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011626.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011657.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011698.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011772.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp8\a0011801.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp8\a0011813.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp9\a0011817.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000214.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp9\a0011826.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000226.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000236.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000356.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000408.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000547.exe


DealHelper Browser Plug-in more information...
Details: DealHelper is an ad supported Internet Explorer browser helper object.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011905.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011744.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011753.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011755.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011768.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011773.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011774.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011775.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\snapshot\mfex-15.dat
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\snapshot\mfex-16.dat
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\snapshot\mfex-17.dat
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000668.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002379.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002425.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002573.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0011634.exe


SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002320.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002321.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002322.exe


Begin2Search Browser Plug-in more information...
Details: Installs a number of thrid part spyware products and displays popup ads in addition to hijacking Internet Explorer.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002539.exe


eZula.WebOffer Adware more information...
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000810.src
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000920.src


eXact.Downloader Trojan Downloader more information...
Details: Trojan used by eXact Bargain Buddy and Cash Back to download and install addtional components.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002373.exe


eZula.Earn Adware more information...
Details: eZula.Earn is tha advertising components of the exula adware software.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002372.exe


VX2.ABetterInternet.Transponder.Ceres Spyware more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp21\a0013669.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000243.inf
c:\windows\kwv2.dat
c:\windows\system32\spgejjdk.xml
c:\windows\system32\spgejju.xml
c:\windows\system32\spgejju1.xml
c:\windows\system32\spgejju2.xml


Spyware.Adsrve Spyware more information...
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002488.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002527.exe


AlwaysUpdateNews Spyware more information...
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011739.dll


PacerDMedia.Installer Trojan Downloader more information...
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000336.exe


eZula.TopText Adware more information...
Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000813.src
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000923.src


IEPlugin Spyware more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Quarantined
High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp2\a0000110.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000157.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp3\a0000170.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp5\a0000937.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002599.exe


InternetOffers Adware more information...
Details: InternetOffers displays popup advertisements with no attribution and installs without consent.
Status: Quarantined
Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp13\a0012195.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp4\a0000791.exe
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp7\a0011737.exe


The CoolBar Toolbar more information...
Details: The CoolBar delivers popup advertising.
Status: Quarantined
Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp21\a0013668.exe


DelFin.Media Viewer Adware more information...
Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player.
Status: Quarantined
Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.

Infected files detected
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp10\a0011914.dll
c:\system volume information\_restore{0a438c3b-a487-4c6d-850c-c76cc3327fd0}\rp6\a0002466.ocx
c:\windows\system32\casino-on-net.ico
c:\windows\system32\free cell phone.ico
c:\windows\system32\free laptop computer.ico
c:\windows\system32\free ringtones!.ico
c:\windows\system32\free sony playstation.ico
c:\windows\system32\free u2 ipod.ico
c:\windows\system32\nba giveaway.ico


Detected Spyware Cookies
No spyware cookies were found during this scan.
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby theglobal » June 11th, 2005, 12:32 am

I ran Housecall and it came up with 408 viruses. The files were deleted. I am going to run one of the other virus scans and will post results.

:) theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby theglobal » June 11th, 2005, 1:31 am

I just ran CA eTrust Antivirus Scan. It came up with 111 Viruses out of 92,357 files scanned. I am assuming the files were deleted, as I could not find any way to "clean" or "delete" the files. Also, for both the Housecall and CA eTrust scans, I did not see a way to post a log of the scan for you to see.
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby theglobal » June 11th, 2005, 3:07 am

i don't know what to think about all of these scan that produced so many infections. At least on this one I have a log to post. I ran Panda Active Scan and came up with a lot of stuff. It almost seems like there is more. I did note that some of the items were noted because they are in CounterSpy Quarantine directory.

I know there is a lot here to look at... especially if you look from your last post... I am posting the results here for Panda, and also another hijackthis log. Let me know if you would like me to put the computer out of its misery... :)

Panda ActiveScan


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/PowerScan No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\Searchx.htm
Spyware:Spyware/Media-motor No disinfected Windows Registry
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\system32\fiz1
Spyware:Spyware/Search3 No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Ab scissor.url
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\sys????.exe
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Owner\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\011D586D-D87A-4144-BFAF-ED3349\FFEE79C0-EA3C-40A7-A322-E0F9B6
Adware:Adware/SAHAgent No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\3E8F8D31-6217-48C6-8DE0-629A03\751CC1B3-C856-4F7A-846E-617EA4
Adware:Adware/eZula No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\416AA933-5015-4D68-B298-1613A7\8E8C4ABD-612E-4ECF-8254-4FBAC3
Possible Virus. No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\465CAD52-0C31-43EA-A600-934446\1DC43B0C-BF57-4FDA-BF35-6597CC
Possible Virus. No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\465CAD52-0C31-43EA-A600-934446\55D6D708-3031-48B6-A8A4-CCCA76
Adware:Adware/IPInsight No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\59601F51-19D1-403A-B9D4-A99C68\09D1A0E6-D6DF-419A-85AF-852671
Adware:Adware/PortalScan No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\59601F51-19D1-403A-B9D4-A99C68\3EECE469-F0D7-4A68-8C14-A3A554
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\5C671271-ACC3-4346-AEE2-203C2C\E5A79E67-DA28-406E-8307-0ED644
Adware:Adware/BookedSpace No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\679967E6-55F1-4CF1-9F81-26F748\F8C1E67D-0C7F-4FE8-8204-FE7A9D
Virus:Trj/Downloader.BJG Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\96B18B07-E48E-4BA7-9CE2-AE016A\5FF34DE6-7A15-4195-99C8-750CA0
Virus:Trj/Downloader.BYZ Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9B6525A3-B518-4712-943F-FAE42A\B80544D1-180A-42DC-A005-8C1C84
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\0AFFD139-48E8-4ADA-A80A-D76892
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\1F774BA8-9D6B-4FBF-8830-D02311
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\2CEDD75F-D61B-49E6-AE7B-BDBB7F
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\3B74E90C-43F7-4E90-82B4-8F0CE6
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\3DD3E884-9BF5-42C2-BC20-9A517B
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\485A6AA5-E259-4AAC-8305-A10CDB
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\5E913100-4445-48B4-9FB2-E898BC
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\6EA66FFA-9370-4F5E-8321-F79E55
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\7B9136D1-C3A8-4471-AA01-CF4DBE
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\9B4AC07B-3124-4D44-9EE2-9AB4CE
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\A45F19CC-3319-4E33-8A50-0D6C06
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\CB100588-EFA7-4094-9ACD-35E7AB
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\ED821C6A-E4A6-4B99-BD08-47D0AC
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\EEEF2B6E-4127-4F68-89B8-79EB10
Adware:Adware/DealHelper No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A8017994-384F-43F3-8A52-F5D85B\F9C74844-2E6E-4687-B4CE-39BA5E
Virus:Trj/Downloader.BJG Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\AE4C4812-1DED-472B-9224-F115D9\04E32DFD-21C2-4321-B521-28BE31
Virus:Trj/Downloader.BJG Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\AE4C4812-1DED-472B-9224-F115D9\7F94E484-3CDA-449E-B022-4C968E
Adware:Adware/PortalScan No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B33E2C4B-F792-485E-9465-59561F\6C2FD18D-B371-48FF-AF47-5AC700
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\0033716F-35CD-4E18-8B2B-A9D644
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\02BF4776-8B2F-475E-B2E2-ABD4A6
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\05CABEC7-6AB0-4A79-A275-4EFC1D
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\0CFAE913-07C3-41B1-9BC8-2E749B
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\305ED4ED-624C-4678-A5BF-A5B4CF
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\45530EC0-734A-4348-B48A-062265
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\4B05607A-7D8F-4B73-89E5-211062
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\4E6D1C6A-B779-4EE2-BB23-9E7B46
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\4ED94E16-D3E3-44D8-B212-A96144
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\6062AAB8-143A-472F-AFA9-4A0A7F
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\622E3497-605E-42A9-AF32-EB6644
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\6AED9F7C-8EC6-4A52-87DB-BBE00D
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\756542BF-3920-4813-9DB4-078D45
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\7FC32C28-32CA-4B66-97B6-8476C4
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\82CFA5BE-18FB-4E28-938D-82A62D
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\85C1CA05-55BC-4DCF-9F60-683F82
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\90442221-BB52-493C-A7C2-B343A6
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\93EBD625-B862-4F60-9443-FDE1E8
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\98CB45EC-1A90-4A08-9D7B-16D770
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\9E249023-0EAA-49D5-93EA-A5C272
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\A3239CA0-284F-4508-A94C-B771B1
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\A861C4CF-5636-4CB2-B21D-9E4B97
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\B3841D51-292D-4FA1-B4A0-736866
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\B5CB1B90-FF3B-48BA-ABF0-873902
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\B6076486-C490-453C-8438-4C38CC
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\B8DB8F96-A1EC-4923-86C0-6F9D9F
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\BC06DC56-FA92-430D-87C8-1C96EF
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\C582F364-F475-4DDC-8339-BA4A9B
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\C6CBE367-719E-4DA7-AC37-0BF02D
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\DC522CE2-A6BD-46FE-A149-FAD661
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\EC541E10-780E-436F-82B6-B2774D
Virus:Trj/Downloader.BVH Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\B794F2AA-A97F-4F50-86EB-DC131C\EF1A8F78-C1B4-444D-B9EA-825161
Virus:Trj/Downloader.BYZ Disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\DFD23633-86F0-4057-8003-9B3A9D\0C18082D-A35B-45CA-BF52-195CF7
Adware:Adware/Startpage.CM No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E2781BAF-56BE-4395-BCBF-FA4023\79371421-512F-4DCA-AB06-22250B
Adware:Adware/StartPage.DD No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E2781BAF-56BE-4395-BCBF-FA4023\EFEC9D59-811C-42F2-A014-7468A1
Adware:Adware/Apropos No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E545EF2B-A339-47E9-8E9B-1601F2\4B0A823E-34C0-4447-BC8E-AD6811
Adware:Adware/Apropos No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E545EF2B-A339-47E9-8E9B-1601F2\E980BAEE-E4EE-4A7C-96F4-7E82B0
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EFE27E34-11EB-45D8-8236-C0870F\82EE446A-79FA-43A4-8B69-E73F96
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\EFE27E34-11EB-45D8-8236-C0870F\BF5AAAD2-38CC-48E2-B9C0-2B8BDA
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\bar.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-tsrkqn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Century.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSV7P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\snackman.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biH.inf
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall5_64.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\sysei32.exe
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
Adware:Adware/PortalScan No disinfected C:\WINDOWS\SYSTEM32\winupdt.008
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Unread postby theglobal » June 11th, 2005, 3:30 am

As noted in the above post... here's yet another hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:26:26 AM, on 6/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Adaware Bootup] C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7392481625
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b28578.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------
I know there are several posts since your last post. I hope in some way I have provided you with info that you can use. Please let me know what I need to do next.

Thanks!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware