Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Aurora, DrPmon, MHTMLRedir problems

Thread Solved
1 2 3 Last »

Join Date: Jul 2005
Posts: 82
Reputation: jd51edwin is an unknown quantity at this point 
Solved Threads: 0
jd51edwin jd51edwin is offline Offline
Junior Poster in Training

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #11
Aug 4th, 2005
Here's my latest HJT......fyi I did not have the 03 - Toolbar.... entry when I ran the first HJT to have it fix what you suggested...also the only file that I found to remove was the C:\WINDOWS\System32\kqdhu.dll - but I could not delete it even in Safe Mode...thanks for the help...this thing won't go away :evil:


Logfile of HijackThis v1.99.1
Scan saved at 10:50:23 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesea...235&id=1.20030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesea...235&id=1.20030
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\kqdhu.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #12
Aug 4th, 2005
Go to Add/Remove Programs and make sure WildTangent has been removed.

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidese...6235&id=1.20030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidese...6235&id=1.20030
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\kqdhu.dll

Remember to close any open windows and hit Fix checked.

Be sure your system is set to 'Show hidden files and folders':
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now, go to the following locations and delete the highlighted files and folder:

C:\WINDOWS\qbet.exe
C:\WINDOWS\system32\kqdhu.dll

C:\Program Files\WildTangent

Do a search for atrivs.exe and delete any instances found.

If any of these could not be deleted, open HijackThis and click on the Config... button in the lower right corner of the main window. In the next window, click on the Misc Tools button at the top, and then click the Delete a file on reboot... button. Type (or copy & paste) the file into the box, and click Open. A new window will pop up asking if you want to restart your computer now; click Yes.

Reboot into Safe Mode and do another scan with Ewido.

When it's finished, reboot normally, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 82
Reputation: jd51edwin is an unknown quantity at this point 
Solved Threads: 0
jd51edwin jd51edwin is offline Offline
Junior Poster in Training

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #13
Aug 5th, 2005
Here's the latest HJT log. Of the files that you asked me to delete, the only one that was present was - C:\WINDOWS\system32\kqdhu.dll - but I could NOT delete it even using the method via HJT. Every time I tried to delete it "normally" I kept getting a message that it was in use by another program and could not be deleted. The HJT method appeared that it would work but the file was still there upon reboot. The other files simply were not present. I removed WildTangent via Add/Remove during one of the the previous threads and it does not show up when I go back to the Add/Remove Program - but an error occurs upon every reboot as it still seems to be looking to load it. Thanks for the contiued help......it's still here somewhere - I keep getting bombarded




Logfile of HijackThis v1.99.1
Scan saved at 11:01:47 PM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads2.revenue.net/r?site_id=14...tive_id=209716
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\ppdx5032.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #14
Aug 5th, 2005
Where's the new Ewido log?

Download Killbox -- http://www.downloads.subratam.org/KillBox.zip -- and unzip the file to your Desktop.

Scan with HJT and have it fix the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads2.revenue.net/r?site_id=1...ative_id=209716
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\ppdx5032.dll

Close any open windows and hit Fix checked.

Go to C:\Program Files and delete the entire WildTangent folder.

Do a search for the following files and delete any instances found:

qbet.exe
GameChannel.exe
kbdsp.exe
atrivs.exe
ppdx5032.dll

If any of the noted files could not be deleted, open KILLBOX, type (or copy and paste) the path of the file into the box; then check the Delete on Reboot box, and click the red X. You will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot. Note: the file path will be something like C:\WINDOWS\System32\kbdsp.exe

Reboot, close any open browser windows, scan with HJT, and post a new log along with the new Ewido log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 82
Reputation: jd51edwin is an unknown quantity at this point 
Solved Threads: 0
jd51edwin jd51edwin is offline Offline
Junior Poster in Training

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #15
Aug 5th, 2005
sorry about the Ewido log last time!....here's the latest HJT and Ewido...some notes:

1) when I ran the HJT the first time the 04 - HKCU's for kbdsp.exe and atrivs.exe were not in the run and thus not "fixed"....the 020 Winlogon Nofiy:Unimodem actuall had "CSC Setting" instead of the word "Unimodem" - I fixed it anyway

2) there was no WildTangent folder in my C:\Program Files

3) None of the files that were to be deleted were present on a search....thus I did not need to use the KILLBOX


I get the feeling I'm doing something wrong ...thanks for the continued support

Logfile of HijackThis v1.99.1
Scan saved at 6:59:30 PM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\ppdx5032.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:56:43 PM, 8/5/2005
+ Report-Checksum: 87BBC54

+ Scan result:

[500] C:\WINDOWS\system32\ppdx5032.dll -> Spyware.Look2Me : Error during cleaning
[1080] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
[1748] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1856] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1864] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1872] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1896] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[2040] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[152] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[160] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[176] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[404] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1144] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[596] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[2532] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8QWS7QIX\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FZ3U1H5M\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Program Files\CashBack -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_auto_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_click_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome1.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\cashback.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\blank.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\icon.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\logo.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template2.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\Uninstall.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\GenLy.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\corner_expand.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_LL.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_LR.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL_2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UL_NoFollow.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR_2.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Corner_UR_NoFollow.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\Images\Thumbs.db -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\mmod.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\ccmuid.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dwdmo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iopeers.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\josh400.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kedro.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kqdhu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mbdtcuiu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\meexcl35.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mndimap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mwbe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ncwrsja.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rTsser.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\StmNeti.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wvnmp32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ѕеcurity\explorer.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\tthakai.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #16
Aug 6th, 2005
Make sure your system is set to 'Show hidden files and folders' -- Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

Update, and run these utilities again:

CWShredder
about:Buster
PurityScan uninstaller

Repeat the instructions in my last post (#14), and then post a new HJT log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 82
Reputation: jd51edwin is an unknown quantity at this point 
Solved Threads: 0
jd51edwin jd51edwin is offline Offline
Junior Poster in Training

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #17
Aug 12th, 2005
Here's the new HJT and Ewido logs. I have been careful to show all the hidden files when searching but none of the ones that we've been searching for have been found. There was one issue with CWShredder. It foung a file it did not like - VX2.Look2ME ...it seemed to remove it but said it needed to reboot to complete the process. I tried it 3 times but CWShredder kept coming back with an error saying that it had to close and did I want to send a report to Microsoft etc. - so it still seems to be lurking. The other issue is that I continue to get the following error on start-up:

Error loading C:\Program File\WildTangent\Apps\CDA\ceda Engine 0400.dll

The specified module could not be found

not sure if that mattered or not....I'm getting bombarded as I write this reply by pop ups ! :mad: ...thanks for the help


Logfile of HijackThis v1.99.1
Scan saved at 11:06:08 PM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\halpum.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesea...464&id=1.20030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesea...464&id=1.20030
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\ttext.dll
O2 - BHO: SDWin32 Class - {25BC5023-012B-4883-B5CB-523A8409C73A} - C:\WINDOWS\System32\llqrl.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ylthpdta.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsj19.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\ppdx5032.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe






---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:21:33 PM, 8/11/2005
+ Report-Checksum: 8F25E07A

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaMain.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.TopText : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\eZula -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\eZula\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\eZula\Setup\ID -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\eZula\Setup\path -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Web Offer -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Web Offer\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Web Offer\Setup\ID -> Spyware.eZula : Cleaned with backup
[500] C:\WINDOWS\system32\ppdx5032.dll -> Spyware.Look2Me : Error during cleaning
[1088] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Cleaned with backup
[1520] C:\WINDOWS\System32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
[1872] C:\WINDOWS\System32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
[1880] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[1888] C:\WINDOWS\System32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Error during cleaning
[1900] C:\WINDOWS\System32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Error during cleaning
[1908] C:\WINDOWS\System32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Error during cleaning
[180] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[144] C:\WINDOWS\System32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Error during cleaning
[188] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[208] C:\WINDOWS\System32\halpum.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
[240] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[824] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[908] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[592] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[1004] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
[3572] C:\PROGRA~1\ezula\CHCON.dll -> Adware.eZula : Error during cleaning
C:\WINDOWS\system32\aDaamon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\atrc8parb.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\cnutil.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iZlmrnt5.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\llqrlc.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\llqrlf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\nsj19.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\thin-94-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\wugky.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\ylthpdta.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\Temp\atrc8parb_.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\Temp\hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\Temp\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\thin-94-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Temp\umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #18
Aug 12th, 2005
Please download Kill2Me -- http://www.majorgeeks.com/downloadge...7c01f2922c271f

Run it to remove Look2Me from your computer.

Download WinPFind -- http://www.bleepingcomputer.com/files/winpfind.php

Right-click the Zip Folder, Select Extract All, and Extract the file to a convenient location, such as your Desktop, but don't do anything with it yet!

Reboot into Safe Mode.

Now, double-click WinPFind.exe

Click Start Scan; it will scan your entire system, so please be patient.

Once the Scan is complete, go to the WinPFind folder, and locate WinPFind.txt; copy and paste the results in your next post.

Scan with Ewido again, and post the results with your next reply.

Reboot (normal mode).

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidese...8464&id=1.20030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidese...8464&id=1.20030
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\ttext.dll
O2 - BHO: SDWin32 Class - {25BC5023-012B-4883-B5CB-523A8409C73A} - C:\WINDOWS\System32\llqrl.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ylthpdta.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsj19.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [qbet] C:\WINDOWS\qbet.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\ppdx5032.dll

Remember to close any open windows and hit Fix checked.

Go to the following locations and delete the highlighted files and folder:

C:\WINDOWS\ttext.dll
C:\WINDOWS\qbet.exe
C:\WINDOWS\System32\llqrl.dll
C:\WINDOWS\System32\ylthpdta.dll
C:\WINDOWS\System32\nsj19.dll
C:\WINDOWS\system32\ppdx5032.dll

C:\Program Files\WildTangent <-- Folder

Do a search for WildTangent and delete any instances found.

If any of these files cannot be deleted, try booting into Safe Mode first.

Empty your Recycle Bin and reboot (normally).

Scan with HJT, and post a new log along with the Ewido and WinPFind logs.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 82
Reputation: jd51edwin is an unknown quantity at this point 
Solved Threads: 0
jd51edwin jd51edwin is offline Offline
Junior Poster in Training

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #19
Aug 12th, 2005
Here are the logs. Some notes:

1) I don't think the Kill2Me worked. It said that it did not find evidence of any infection and asked me if I wanted to continue..which I did and it said it had removed any infection if it was there. I ran CWShredder as a double check and that program found the VX2.Look2ME pest still present. I tried to have it removed upon reboot but the same issue occured as in my previous post.

2) Of the file you asked me to the delete, the only one present was the ppdx5032.dll. I could not delete it as is, in Safe Mode, or even using KILLBOX (from one of your previous posts). KILLBOX seemed like it was going to work but it never followed through on the reboot.

thanks for the continued help....is this amount of cleanup normal or am I just luck




Logfile of HijackThis v1.99.1
Scan saved at 10:32:37 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\zuuzzgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\halpum.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: sextension - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\Downloaded Program Files\sextension.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: XBTB01658 - {38A15633-D04F-4bed-A8D0-DF1D687D1F7E} - C:\WINDOWS\DOWNLO~1\SEXTEN~1.DLL (file missing)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: sextension - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\Downloaded Program Files\sextension.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://snipernet.us/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} (sextension) - ms-its:mhtml:file://c:\sxtens.mht!http://bar.sxload.com/data/sxt.chm::/sextension.cab
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ppdx5032.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe







---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:41:53 PM, 8/12/2005
+ Report-Checksum: 45486886

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FE82BA0-9335-4D4E-8E98-76409A88F2C1} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{ACE5B10B-92A3-4103-8583-3684BB09409F} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{487E7682-B976-41FB-A944-E8B83689A454} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\SideFind\History -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\salm -> Spyware.180Solutions : Cleaned with backup
[208] C:\WINDOWS\system32\ppdx5032.dll -> Spyware.Look2Me : Error during cleaning
[592] C:\WINDOWS\system32\GHCollection.dll -> Spyware.Look2Me : Error during cleaning
[680] VM_00900000 -> Adware.BetterInternet : Error during cleaning
[812] C:\WINDOWS\System32\vykevp.exe -> Trojan.Agent.cp : Cleaned with backup
[1364] C:\WINDOWS\System32\pnqblo.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\sextension.dll -> Spyware.SideSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\WINDOWS\nqhpozgaz.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\WINDOWS\pinmbib.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\shop1004.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\stubinstaller5975.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\suslppm.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\system32\atrc8parb.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\halpum.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\ikgsv.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\sjarddlg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wugky.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__nkyicuy.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\Temp\atrc8parb_.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Temp\Del16A.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\Temp\res161.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res170.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res173.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/atrc8parb_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\shop1004.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\WINDOWS\Temp\umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup


::Report End






WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 6/19/2003 2:00:26 PM 3278 C:\WINDOWS\abiuninst.htm
aspack 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu
PTech 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu
UPX! 11/28/2004 9:00:40 PM 255700 C:\WINDOWS\del.tmp
UPX! 8/12/2005 5:48:14 PM 189859 C:\WINDOWS\dsr.exe
PTech 11/28/2004 9:10:52 PM 1073501 C:\WINDOWS\Flgczsswjyh.lzw
PEC2 11/28/2004 9:10:40 PM 184535 C:\WINDOWS\Iingbqeu.aaw
PTech 11/28/2004 9:10:46 PM 483851 C:\WINDOWS\Iwwcitsg.dua
PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
web-nex 8/12/2005 5:46:38 PM 4254 C:\WINDOWS\mnrzv.dll
PEC2 11/28/2004 9:10:42 PM 193869 C:\WINDOWS\Mxacorse.trv
UPX! 7/23/2003 10:06:52 AM 52736 C:\WINDOWS\Nail.exe
UPX! 8/11/2005 11:41:22 PM 36608 C:\WINDOWS\nem220.dll
UPX! 9/6/2003 8:45:34 AM 79360 C:\WINDOWS\nqhpozgaz.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
aspack 8/11/2005 11:41:26 PM 38400 C:\WINDOWS\shop1004.exe
UPX! 8/11/2005 11:41:12 PM 10240 C:\WINDOWS\suslppm.exe
UPX! 1/24/2003 12:00:06 PM 6656 C:\WINDOWS\svcproc.exe
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
PTech 11/28/2004 9:10:50 PM 1626626 C:\WINDOWS\Wpkrkcqrrjf.uwm

Checking %System% folder...
SAHAgent 6/30/2005 2:00:58 PM 35 C:\WINDOWS\SYSTEM32\9hk5g7bj.ini
SAHAgent 6/17/2005 3:21:42 PM 204288 C:\WINDOWS\SYSTEM32\atrc8parb.exe
SAHAgent 8/8/2005 2:05:46 PM 796 C:\WINDOWS\SYSTEM32\atrc8parb.ini
UPX! 8/12/2005 5:06:30 PM 24576 C:\WINDOWS\SYSTEM32\AUNPS2.dll
69.59.186.63 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 9/16/2000 7:41:42 PM 28160 C:\WINDOWS\SYSTEM32\DrPMon.dll
69.59.186.63 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
209.66.67.134 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
web-nex 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
winsync 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
Umonitor 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
aspack 8/12/2005 10:44:40 AM 61952 C:\WINDOWS\SYSTEM32\halpum.exe
SAHAgent 6/30/2005 2:00:58 PM 35 C:\WINDOWS\SYSTEM32\havijo1d.ini
aspack 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
KavSvc 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
69.59.186.63 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
209.66.67.134 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
web-nex 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
yourkey 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
Umonitor 11/3/1998 2:01:02 AM 324096 C:\WINDOWS\SYSTEM32\ipebase11.dll
69.59.186.63 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
209.66.67.134 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
web-nex 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
winsync 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
SAHAgent 6/30/2005 9:25:36 PM 3132 C:\WINDOWS\SYSTEM32\l2r348ov.ini
aspack 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
KavSvc 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
69.59.186.63 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
209.66.67.134 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
testpopup 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
web-nex 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
yourkey 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
Umonitor 8/29/2002 8:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\SYSTEM32\sjarddlg.dll
WinShutDown 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\SYSTEM32\sjarddlg.dll
winsync 8/29/2002 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 8/12/2005 10:44:40 AM 61952 C:\WINDOWS\SYSTEM32\wugky.dat
aspack 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
KavSvc 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
69.59.186.63 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
209.66.67.134 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
testpopup 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
web-nex 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
yourkey 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
aspack 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
KavSvc 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
69.59.186.63 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
209.66.67.134 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
66.63.167.97 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
66.63.167.77 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
web-nex 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
yourkey 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
rec2_run 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/12/2005 5:52:24 PM 2048 C:\WINDOWS\bootstat.dat
S 8/12/2005 5:53:00 PM 417792 C:\WINDOWS\system32\GHCollection.dll
S 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\system32\guard.tmp
S 8/4/2005 10:43:40 PM 417792 C:\WINDOWS\system32\ppdx5032.dll
S 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\system32\sjarddlg.dll
H 8/12/2005 5:53:02 PM 20480 C:\WINDOWS\system32\config\default.LOG
H 8/12/2005 5:52:58 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
H 8/12/2005 5:52:30 PM 12288 C:\WINDOWS\system32\config\SECURITY.LOG
H 8/12/2005 5:53:46 PM 163840 C:\WINDOWS\system32\config\software.LOG
H 8/12/2005 5:52:26 PM 999424 C:\WINDOWS\system32\config\system.LOG
H 8/8/2005 11:05:22 AM 1024 C:\WINDOWS\system32\config\userdiff.LOG
SH 8/11/2005 10:18:20 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a65c4887-7a56-462f-a379-47f4c17c5e26
SH 8/11/2005 10:18:20 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
SH 8/4/2005 10:20:44 PM 190 C:\WINDOWS\Tasks\RUTASK.job
H 8/12/2005 5:49:04 PM 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 6/28/2003 12:40:32 AM 8606208 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
8/11/2005 11:19:52 PM 28672 C:\WINDOWS\SYSTEM32\conres.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Hewlett-Packard 1/26/1999 1:06:28 AM 25524 C:\WINDOWS\SYSTEM32\hpsctrlc.cpl
Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation6/16/2004 7:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5/3/2003 2:19:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Softex, Inc 2/21/2003 7:06:04 AM 32768 C:\WINDOWS\SYSTEM32\scurecpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
The Weather Channel Interactive4/6/2005 4:21:18 PM 3006464 C:\WINDOWS\SYSTEM32\wxfw.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 6/28/2003 12:40:32 AM 8606208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/27/2004 2:54:38 PM 1903 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
11/27/2004 11:50:40 AM 729 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
11/27/2004 11:56:28 AM 1031 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
1/18/2005 10:51:12 PM 1738 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
7/24/2003 5:47:38 AM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
aspack 8/8/2005 11:17:24 AM 61952 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\raui.exe
8/8/2005 11:17:24 AM 61952 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\raui.exe

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
7/24/2003 5:53:24 AM 1715 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Compaq Organize.lnk
7/26/2003 4:57:50 AM 844 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

Checking files in %USERPROFILE%\Application Data folder...
3/14/2005 7:50:12 PM 110120 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
3/10/2005 3:51:34 PM 12358 C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
3/10/2005 3:51:34 PM 61678 C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
8/11/2005 11:52:22 PM 39 C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
8/11/2005 11:44:16 PM 414915 C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
8/11/2005 11:52:22 PM 37 C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{B2AB8673-9BAB-410E-B5F0-08AC7E387EBF} = C:\WINDOWS\system32\iZlmrnt5.dll
{75740AC3-4BF8-4B46-B9FD-0888D046D7DE} = C:\WINDOWS\system32\GHCollection.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mysxkqsf
{17518f7b-bc35-47a9-aa4d-3ef376234885} = C:\WINDOWS\System32\earak.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OPShellE
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OPShellE
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\System32\datadx.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
BHObj Class = C:\WINDOWS\nem220.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}
Band Class = C:\WINDOWS\ttext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59}
Band Class = C:\WINDOWS\dsr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC5023-012B-4883-B5CB-523A8409C73A}
SDWin32 Class = C:\WINDOWS\System32\llqrl.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38A15633-D04F-4bed-A8D0-DF1D687D1F7E}
XBTB01658 Class = C:\WINDOWS\DOWNLO~1\SEXTEN~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71D1708F-973D-4600-AF01-AD86688403AE}
LANBridge Class = C:\WINDOWS\System32\ylthpdta.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}
ohb Class = C:\WINDOWS\System32\nsj19.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
BAHelper Class = C:\Program Files\SideFind\sfbho.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
ADP UrlCatcher Class = C:\WINDOWS\System32\msbe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} = :
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} = YourSiteBar : C:\Program Files\YourSiteBar\ysb.dll
{CC8C8F4F-F2E8-404B-A43D-5CC57876A008} = sextension : C:\WINDOWS\Downloaded Program Files\sextension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
ButtonText = SideFind :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
SideFind = C:\Program Files\SideFind\sidefind.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_3_16_0.dll
{86227D9C-0EFE-4F8A-AA55-30386A3F5686} = YourSiteBar : C:\Program Files\YourSiteBar\ysb.dll
{CC8C8F4F-F2E8-404B-A43D-5CC57876A008} = sextension : C:\WINDOWS\Downloaded Program Files\sextension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv c:\windows\system\hpsysdrv.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
KBD C:\HP\KBD\KBD.EXE
StorageGuard "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /installquiet /keeploaded /nodetect
AlcxMonitor ALCXMNTR.EXE
PS2 C:\WINDOWS\system32\ps2.exe
QuickFinder Scheduler "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
hplampc C:\WINDOWS\system32\hplampc.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
AWMON "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
ccRegVfy "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
qbet C:\WINDOWS\qbet.exe
WildTangent CDA RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
WT GameChannel C:\Program Files\WildTangent\Apps\GameChannel.exe
IST Service C:\Program Files\ISTsvc\istsvc.exe
Media Gateway C:\Program Files\Media Gateway\MediaGateway.exe
iwhsuxi C:\WINDOWS\System32\vykevp.exe r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NVIEW rundll32.exe nview.dll,nViewLoadHook
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Io02RRM3V atrivs.exe
kbdsp C:\WINDOWS\System32\kbdsp.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe C:\WINDOWS\Nail.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout
= C:\WINDOWS\system32\ppdx5032.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/12/2005 6:02:19 PM
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: Aurora, DrPmon, MHTMLRedir problems

 
0
  #20
Aug 13th, 2005
Well, Aurora has managed to get back into your system

Before cleaning that up again, please download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double-click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double-click l2mfix.bat and select option #1 for 'Run Find Log' by typing 1, and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or two, notepad will open with a log. Copy the contents of that log and paste it into this thread with your next reply.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Now go to post #5 in this thread again to remove Aurora:
http://www.daniweb.com/techtalkforums/thread28196.html

When you've finished, please post a new HJT log, the new Ewido log, and the L2MFix log.
Reply With Quote Quick reply to this message  
Reply
1 2 3 Last »

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC