Jump to content

here's my new hijackthis log!


Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 11:07:25 AM, on 12/14/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\system32\BRMFRSMG.EXE

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINNT\system32\UMonit2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\AIM\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

C:\Program Files\BUFFALO\HDManage\HDManage.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINNT\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt tzt

O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab

O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks so much!!

Link to post
Share on other sites

Hi,

Open HijackThis, click the "Scan" button, and check the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt tzt

Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis.

Locate the following folder and delete it:

C:\Program Files\daei

Reboot and post a new log.

Danny :D

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 3:58:34 PM, on 12/16/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

C:\WINNT\system32\UMonit2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\AIM\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

C:\WINNT\system32\??pPatch\winword.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINNT\System32\nvsvc32.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\system32\BRMFRSMG.EXE

C:\Program Files\BUFFALO\HDManage\HDManage.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\daei\siha.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv

O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab

O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Link to post
Share on other sites

Hi,

Sorry for the delay...

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\system32\??pPatch /a h > files.txt

notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log.

Danny :D

Link to post
Share on other sites

Ah! Sorry

Try the search again, but:

When you launch Windows Search:

  • Click on "All Files and Folders"
  • Click On "More Advanced Options"
  • Check Search Hidden files and folders"

Now Search for it. Tell me:

How many folders there are (I'm hoping for two), and the Contents of the folder(s)

Thanks,

Danny :D

Link to post
Share on other sites

Hi,

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINNT\system32\??pPatch /a h > files.txt

notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log.

(This is different than what I did before. Please tell me if it doesn't work)

Danny :D

Link to post
Share on other sites

it worked! here's what was in notepad:

Volume in drive C has no label.

Volume Serial Number is 1475-3D3F

Directory of C:\WINNT\system32

12/16/2005 01:27 PM <DIR> ??pPatch

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Carl Weber\Desktop

Here's the new HJT log;

Logfile of HijackThis v1.99.1

Scan saved at 12:01:01 PM, on 12/20/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINNT\system32\UMonit2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\AIM\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\WINNT\system32\??pPatch\winword.exe

C:\Program Files\daei\siha.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\system32\BRMFRSMG.EXE

C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

C:\Program Files\BUFFALO\HDManage\HDManage.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv

O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab

O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks!

Link to post
Share on other sites

Please double-click on My Computer and locate the file "C:\WINNT\system32\AppPatch\winword.exe".

Right-click on it and choose "Properties", then click on the "Version" tab at the top.

Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.

Next, please download the Suspicious File Packer from here:

http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.

Paste the following list of bad files into the Suspicious File Packer window:

C:\WINNT\system32\AppPatch\winword.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to danny[AT]malwarebytes[DOT]org. (replace [AT] with @ and [DOT] with .)

Danny

Link to post
Share on other sites

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.

  1. Install ewido security suite
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot and post a new HJT log as well as report.txt.

Danny :D

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:43:13 AM, on 12/21/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

C:\WINNT\system32\UMonit2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\AIM\aim.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\WINNT\system32\??pPatch\winword.exe

C:\Program Files\daei\siha.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINNT\System32\nvsvc32.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\system32\BRMFRSMG.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

C:\Program Files\BUFFALO\HDManage\HDManage.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll (file missing)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv

O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab

O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:32:52 AM, 12/21/2005

+ Report-Checksum: FDBB1D5D

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup

HKLM\SOFTWARE\AutoLoader\owuY1KdQZILK -> Spyware.AproposMedia : Cleaned with backup

HKLM\SOFTWARE\Classes\Applications\STC.exe -> Spyware.SecondThought : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup

HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup

HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup

HKU\S-1-5-21-861567501-436374069-854245398-1000\Software\Bundles -> Spyware.SecondThought : Cleaned with backup

:mozilla.18:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup

:mozilla.23:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.24:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.25:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.26:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.27:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

:mozilla.35:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

:mozilla.61:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.62:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.63:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.64:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.65:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.66:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.67:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.68:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.71:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

:mozilla.76:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

:mozilla.77:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

:mozilla.78:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

:mozilla.83:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.84:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.85:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.86:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.87:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.88:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.89:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

:mozilla.90:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup

:mozilla.91:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup

:mozilla.96:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.97:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.98:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.99:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.100:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.101:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

:mozilla.105:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup

:mozilla.107:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

:mozilla.108:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

:mozilla.118:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup

:mozilla.120:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

:mozilla.128:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.129:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

:mozilla.130:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

:mozilla.131:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.132:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.133:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.134:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.135:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.146:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.147:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.148:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.151:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup

:mozilla.152:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

:mozilla.153:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

:mozilla.154:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

:mozilla.155:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

:mozilla.156:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

:mozilla.157:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

:mozilla.158:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

:mozilla.159:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

:mozilla.160:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup

:mozilla.175:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup

:mozilla.190:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

:mozilla.191:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

:mozilla.194:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

:mozilla.195:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

:mozilla.196:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

:mozilla.219:C:\Documents and Settings\Carl Weber\Application Data\Mozilla\Firefox\Profiles\wbk56c5h.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@e-2dj6wfkoegcjcbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Carl Weber\Cookies\carl weber@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup

C:\Program Files\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup

C:\Program Files\AutoUpdate\libexpat.dll -> Spyware.AproposMedia : Cleaned with backup

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\184FD302-24BE-46E8-954A-34E4AB -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\5A01015E-EE83-4A51-A7B3-2A32D5 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\862FB812-2A0C-4B2A-99FB-94E07D -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\095DEF73-8690-49AE-BBBD-DF5EFB\9133E87B-97DF-43AE-B275-3110EE -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\17EBE2A6-73A4-41B8-8671-A0D2EB -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\3A4778D2-5AF6-42FE-94B6-60E021 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\86743C82-2193-4C0F-9068-CCBB86 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\0F8B0789-3C0D-44EC-A701-CC9DA7\DCF44376-9142-41C7-A2FE-CA7F31 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\1C44C474-E4EF-49B2-879B-18BD89\0663B960-E848-4A94-969B-83F5E6 -> Spyware.IBIS : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\1C44C474-E4EF-49B2-879B-18BD89\194A072E-7F6D-44F1-B14C-BC3E32 -> Spyware.IBIS : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\82CB59A5-C061-4D79-819D-50A101 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\8AEA7A84-5DCF-496D-920C-F8498C -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\8DB3C38B-19B1-485E-9F69-8C35EF -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\87021279-8824-47AB-AD52-140EB7\93900A27-55B1-4913-BF98-FAE3E3 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\0703AB12-8299-4393-999B-434908 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\115E3F81-99E0-4315-AEED-EB43E1 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\6B5DD2AD-0BAF-453F-9062-A4A38D -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\934FEF93-DA20-4CC5-A57D-67B1CD\DC79A9D5-150B-4142-BEDB-435C8C -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\3D336174-E5A9-438E-ACDC-612692 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\66C3AE27-F68D-4D69-92F3-5F9536 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\DB702687-D523-496A-9015-14C0EA -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ACDDD455-82D7-4D30-8C09-C28DD5\EFB8A2AB-1783-4868-A841-8C1712 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\3E52001D-0E9B-43CF-B937-761085 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\567A85E5-8A51-4AE3-B302-20F37D -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\84140CAA-B418-4FE3-A39D-CFDC5F -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\B7DE2129-3165-4268-8D6A-4EE0A2\E0879F63-CC66-4A2C-BADC-0DC101 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\4747C0F9-B719-4BA4-A26B-25CB45 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\7A158BA6-61DF-4D1C-9D28-133545 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\B52FD6B2-5586-406F-AA35-E4926B -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F0152215-8DFF-4F2D-B46F-AB5275\DE6358EB-3E14-4672-94BC-E281BB -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\25FA7260-E4A6-4E59-9871-F491E0 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\37C9D1EB-CE2E-408F-A886-4A5898 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\C8A8EFEB-6EB5-42BB-9C4F-BF569F -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F04A2154-4FC7-4D5E-A97C-0E8106\CEB303EF-64E8-4AD9-A0C7-CCB5F1 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\2451DD94-76AA-4816-9BA9-FF40A5 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\B5D30564-25C4-4190-A9E0-020AF5 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\F8F2F3FA-D28F-475D-9796-44B7E8 -> Trojan.Pakes : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F38EC441-EB82-49AC-8DF2-EF5A82\F9DDE356-34D8-426F-A099-2BDBFF -> Trojan.Pakes : Cleaned with backup

C:\WINNT\system32\ekcgmvcq.dll -> Adware.PurityScan : Cleaned with backup

::Report End

Link to post
Share on other sites

Hi,

Sorry for the delay. I hope you had a great holiday :D

Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • then Click on the "All Files" button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\WINNT\system32\??pPatch\winword.exe

    C:\Program Files\daei\siha.exe

    [*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

    [*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.

If your computer does not restart automatically, please restart it manually.

When your computer reboots, please open HijackThis and check the following items (If Present):

O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll (file missing)

O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe

O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv

Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis.

Reboot and post a new log.

Danny

Edited by Danny
Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 9:01:50 PM, on 12/28/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\progra~1\scansoft\paperp~1\pptd40nt.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINNT\system32\UMonit2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINNT\system32\devldr32.exe

C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

C:\Program Files\BUFFALO\HDManage\HDManage.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\Program Files\TrueAssistant\TrueAssistant.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\system32\BRMFRSMG.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\AOL\1125453320\ee\AOLServiceHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

O4 - HKLM\..\Run: [speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\Updreg.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125453320\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: BUFFALO Disk Backup Utility.lnk = C:\Program Files\BUFFALO\HDBackup\HDBackup.exe

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab

O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://login.imagesilo.com/CABS/PVDMDocView400.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks! :D

Link to post
Share on other sites

Hi,

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check Turn off System Restore.

Click Apply, and then click OK.

System Restore will now be active again.

store points which are likely to be infected)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:

and a good antivirus (these are also free for personal use):

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Danny :D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.