 |  |  |  |  |  |  |  |
about:blank - HJT Log
 |
Hi guys, my computer started giving me the about:blank page starting yesterday some time. I browsed around today and learned a lot about malware. I've tried Ad-Aware and Spybot, not mentioning a host of others, but they aren't helping. Here is my HJT log, please have a look and help me out. TIA.
Logfile of HijackThis v1.99.1
Scan saved at 3:43:28 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Viper\Files\Programs\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\REGSVR32.EXE
C:\Viper\hijackthis\HijackThis.exe
R3 - URLSearchHook: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PepiMK\SPYBOT~1\SDHelper.dll
O2 - BHO: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Viper\Files\Programs\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Viper\Files\Programs\DAP7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Viper\Files\Programs\DAP7\dapextie2.htm
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNS] Chinese keywords
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} - http://www.swissquake.ch/chumbalum-s...DViewerOCX.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Viper\Programs\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Logfile of HijackThis v1.99.1
Scan saved at 3:43:28 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Viper\Files\Programs\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\REGSVR32.EXE
C:\Viper\hijackthis\HijackThis.exe
R3 - URLSearchHook: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PepiMK\SPYBOT~1\SDHelper.dll
O2 - BHO: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Viper\Files\Programs\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Viper\Files\Programs\DAP7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Viper\Files\Programs\DAP7\dapextie2.htm
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNS] Chinese keywords
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} - http://www.swissquake.ch/chumbalum-s...DViewerOCX.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Viper\Programs\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Hi,
Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.
Download CCleaner and install it.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R3 - URLSearchHook: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} - http://www.swissquake.ch/chumbalum-s...DViewerOCX.cab
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Delete this folder (and also files inside it):-
C:\Program Files\3721
Delete these files:-
C:\WINDOWS\downlo~1\CnsHook.dll
C:\WINDOWS\downlo~1\CnsMin.dll
C:\WINDOWS\downlo~1\cnshint.dll
C:\WINDOWS\downlo~1\CnsMinEx.dll
Here, downlo~1 can be either Downloaded Program Files or Downloaded Installations. So please take a look in both folders and delete the above listed files.
Run CCleaner:
Run Ewido:
Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.
Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.
Download CCleaner and install it.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R3 - URLSearchHook: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: é?í??úê? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} - http://www.swissquake.ch/chumbalum-s...DViewerOCX.cab
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Delete this folder (and also files inside it):-
C:\Program Files\3721
Delete these files:-
C:\WINDOWS\downlo~1\CnsHook.dll
C:\WINDOWS\downlo~1\CnsMin.dll
C:\WINDOWS\downlo~1\cnshint.dll
C:\WINDOWS\downlo~1\CnsMinEx.dll
Here, downlo~1 can be either Downloaded Program Files or Downloaded Installations. So please take a look in both folders and delete the above listed files.
Run CCleaner:
- Click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours".
- Click OK to exit from the Options.
- Finally click "Run Cleaner" and click "OK" to continue cleaning.
Run Ewido:
- Click on the "Scanner" button in the left menu, then click on the "Start" button.
- If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file.
Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Aug 2005
Posts: 3
Reputation: 
Solved Threads: 0
Newbie Poster
I am having the same problem with the about:blank page. Can someone help? Can you tell me how to provide the HJT log? Thanks a ton!
Hi,
Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Start a new topic by clicking "New Topic" button, and post the entire contents of the HijackThis logfile.
•
•
•
•
Originally Posted by Michael McNamar
I am having the same problem with the about:blank page. Can someone help? Can you tell me how to provide the HJT log? Thanks a ton!
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Start a new topic by clicking "New Topic" button, and post the entire contents of the HijackThis logfile.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
Hi swatcat, thanks for your help. But I am sorry to report that the problem persists, i.e. I still cannot reset my home page.
Here is the HJT log file:
Logfile of HijackThis v1.99.1
Scan saved at 7:30:36 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Viper\Files\Programs\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Viper\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PepiMK\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Viper\Files\Programs\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Viper\Files\Programs\DAP7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Viper\Files\Programs\DAP7\dapextie2.htm
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Viper\Programs\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
... and here is the Ewido log file:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:24:22 PM, 8/7/2005
+ Report-Checksum: AFF44AB8
+ Scan result:
HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{141A5E19-BDCB-4E27-A3D7-9E16503BC05B} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EB2B422-C9EE-46C4-A471-1E79C7517B1D} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0BD10A76-90DB-498E-9BCB-B262A125CE13} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{25DE7220-A4D0-484B-A68A-3D4A6EBAF504} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{02A81BF7-D105-4B24-82DB-54305282017D} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3177EAAE-96B9-49C8-9831-2D7844A08538} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3EE88A1F-B8CC-45B9-B2AF-6CFB9D19218E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D4839331-534D-4D0C-875F-D25AF6A10CCC} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1B0E7716-898E-48cc-9690-4E338E8DE1D3} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6D8F256B-6AB8-4398-8F86-1E56207DB77A} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\tmp\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\tmp\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsUrl -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\InputCns -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B0E7716-898E-48CC-9690-4E338E8DE1D3} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB936323-19FA-4521-BA29-ECA6A121BC78} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\disPh8.exe -> TrojanDownloader.IstBar.kp : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\041D9FF1-9155-44E4-9C09-688E49\37F02AF3-D3D4-4EA7-9DB2-4945F3 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0AB09B31-E86E-4E4F-B379-B2997D\1E37678D-F56F-4B7B-BE36-8C9DA4 -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2083068A-E518-4A68-B77A-8014C9\11F4AD4C-8452-47CD-9296-AAA625 -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\444AB20A-6B7F-489C-94FB-FE47FC -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\49F996C4-A4B1-433B-B458-A5A99B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\99BF9762-4F5E-439E-B61D-46A270 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\AFF2D5D3-66F2-4896-96D9-2E914F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\E45A8F2F-C882-484D-A19D-FA7237 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23B729A6-2D46-4B33-A25C-FA0E83\2622C847-FDD4-4E88-A2F8-241C25 -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\0FFE4E34-AC65-4CD0-96E7-3D11C8 -> Spyware.Assist : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\169B413E-5C1C-4156-BD40-164E2E -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\1BBE8DD2-A442-497B-A0B0-6D819B -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\076E6653-9B77-496E-A3A1-206250 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\881D5661-B0BB-4213-8302-1E4A2D -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\918F6FFE-9E3A-4448-A024-B3993B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\C779BD35-4E75-48E3-815E-708995 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\C973C61C-7EB0-41A5-8DB2-600167 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6B868082-251F-4B50-B440-299C2A\64AF84F8-8237-45BF-981B-2F25C0 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6B868082-251F-4B50-B440-299C2A\CC13ABB2-C9B5-4FDC-8B63-04D38C -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8EFC784C-DC13-4A15-8520-B7C3C3\2C59F981-9E83-4A9B-A024-BE8FA2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8EFC784C-DC13-4A15-8520-B7C3C3\966DE1C7-4F04-4CEC-B6FE-BA36BB -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\79A32F8A-48B6-4869-AD5D-E08690 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\9829284B-3C43-4A4A-8531-6A7419 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\A2FDCD36-25AE-4799-870A-C89E2F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\BF477CA1-36B2-4589-9EB7-B1A1FE -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\D3DD55F0-F6D0-4D2B-8C83-AD45BB -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\0E034457-90A3-4221-81FE-CC474A -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\3D4F1E09-D153-43E6-9050-0E79E9 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\563A1E7D-84DD-40AF-BCEA-C50EAE -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\7FCDE1DC-77F6-4204-A996-096DB2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\9523D2D9-4700-497A-82D1-A4B5A2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E26C41B2-A4C8-4F85-882E-535A0A\7BB3E248-CC76-4F0B-ABCC-E27A3E -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\21FCB68A-5021-48D9-BDFF-CD368B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\7B438B84-DBAB-4DBD-8A97-DA29A0 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\C1381FEF-C66C-4397-9B51-3D524F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\CE711B0B-5152-4238-B509-4B820D -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\E105FFD9-D349-4160-8E61-81C3D2 -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP7\A0000952.exe -> Spyware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP8\A0001145.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP9\A0001364.dll -> Spyware.CnsMin : Cleaned with backup
::Report End
Thanks again for your help.
Here is the HJT log file:
Logfile of HijackThis v1.99.1
Scan saved at 7:30:36 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Viper\Files\Programs\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Viper\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\PepiMK\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\PepiMK\Spybot Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Viper\Files\Programs\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Viper\Files\Programs\DAP7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Viper\Files\Programs\DAP7\dapextie2.htm
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Viper\Programs\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
... and here is the Ewido log file:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:24:22 PM, 8/7/2005
+ Report-Checksum: AFF44AB8
+ Scan result:
HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CesMain.Main\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{141A5E19-BDCB-4E27-A3D7-9E16503BC05B} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EB2B422-C9EE-46C4-A471-1E79C7517B1D} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CoolBar.CoolBarObj\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0BD10A76-90DB-498E-9BCB-B262A125CE13} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{25DE7220-A4D0-484B-A68A-3D4A6EBAF504} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{02A81BF7-D105-4B24-82DB-54305282017D} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3177EAAE-96B9-49C8-9831-2D7844A08538} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3EE88A1F-B8CC-45B9-B2AF-6CFB9D19218E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D4839331-534D-4D0C-875F-D25AF6A10CCC} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1B0E7716-898E-48cc-9690-4E338E8DE1D3} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6D8F256B-6AB8-4398-8F86-1E56207DB77A} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\tmp\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\tmp\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\CnsUrl -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\3721\InputCns -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B0E7716-898E-48CC-9690-4E338E8DE1D3} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB936323-19FA-4521-BA29-ECA6A121BC78} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-2111342016-4217759621-2681017343-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\disPh8.exe -> TrojanDownloader.IstBar.kp : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\041D9FF1-9155-44E4-9C09-688E49\37F02AF3-D3D4-4EA7-9DB2-4945F3 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0AB09B31-E86E-4E4F-B379-B2997D\1E37678D-F56F-4B7B-BE36-8C9DA4 -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2083068A-E518-4A68-B77A-8014C9\11F4AD4C-8452-47CD-9296-AAA625 -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\444AB20A-6B7F-489C-94FB-FE47FC -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\49F996C4-A4B1-433B-B458-A5A99B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\99BF9762-4F5E-439E-B61D-46A270 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\AFF2D5D3-66F2-4896-96D9-2E914F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23726009-2328-462A-977B-070FE4\E45A8F2F-C882-484D-A19D-FA7237 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\23B729A6-2D46-4B33-A25C-FA0E83\2622C847-FDD4-4E88-A2F8-241C25 -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\0FFE4E34-AC65-4CD0-96E7-3D11C8 -> Spyware.Assist : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\169B413E-5C1C-4156-BD40-164E2E -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\630F961A-457F-4914-9CE1-B18CEE\1BBE8DD2-A442-497B-A0B0-6D819B -> Spyware.CnsMin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\076E6653-9B77-496E-A3A1-206250 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\881D5661-B0BB-4213-8302-1E4A2D -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\918F6FFE-9E3A-4448-A024-B3993B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\C779BD35-4E75-48E3-815E-708995 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6510087E-A04A-47AC-9AD5-F258EA\C973C61C-7EB0-41A5-8DB2-600167 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6B868082-251F-4B50-B440-299C2A\64AF84F8-8237-45BF-981B-2F25C0 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6B868082-251F-4B50-B440-299C2A\CC13ABB2-C9B5-4FDC-8B63-04D38C -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8EFC784C-DC13-4A15-8520-B7C3C3\2C59F981-9E83-4A9B-A024-BE8FA2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8EFC784C-DC13-4A15-8520-B7C3C3\966DE1C7-4F04-4CEC-B6FE-BA36BB -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\79A32F8A-48B6-4869-AD5D-E08690 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\9829284B-3C43-4A4A-8531-6A7419 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\A2FDCD36-25AE-4799-870A-C89E2F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\BF477CA1-36B2-4589-9EB7-B1A1FE -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C5530C64-C120-4770-AF2F-FE3830\D3DD55F0-F6D0-4D2B-8C83-AD45BB -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\0E034457-90A3-4221-81FE-CC474A -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\3D4F1E09-D153-43E6-9050-0E79E9 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\563A1E7D-84DD-40AF-BCEA-C50EAE -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\7FCDE1DC-77F6-4204-A996-096DB2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4EEA2DC-E9AD-4012-9A1E-57ADF1\9523D2D9-4700-497A-82D1-A4B5A2 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E26C41B2-A4C8-4F85-882E-535A0A\7BB3E248-CC76-4F0B-ABCC-E27A3E -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\21FCB68A-5021-48D9-BDFF-CD368B -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\7B438B84-DBAB-4DBD-8A97-DA29A0 -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\C1381FEF-C66C-4397-9B51-3D524F -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\CE711B0B-5152-4238-B509-4B820D -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F70F3783-23BA-441B-87D4-69A780\E105FFD9-D349-4160-8E61-81C3D2 -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP7\A0000952.exe -> Spyware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP8\A0001145.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP9\A0001364.dll -> Spyware.CnsMin : Cleaned with backup
::Report End
Thanks again for your help.
Hi,
Sorry for replying late. But there are still some entries to be reomved. Especially, Chinese Keywords spyware.
Open NotePad, and copy the contents of the below "Quote" box:-
Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.
Boot in safe mode.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
O2 - BHO: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Double-Click on the file Test.bat, a small DOS type window should open and close immediately.
Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log.
Sorry for replying late. But there are still some entries to be reomved. Especially, Chinese Keywords spyware.
Open NotePad, and copy the contents of the below "Quote" box:-
•
•
•
•
cd "%WinDir%\Downloaded Program Files"
attrib -s -r -h CnsHook.dll
del CnsHook.dll
attrib -s -r -h CnsMin.dll
del CnsMin.dll
attrib -s -r -h CnsMinEx.dll
del CnsMinEx.dll
Boot in safe mode.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
O2 - BHO: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenge...ger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Double-Click on the file Test.bat, a small DOS type window should open and close immediately.
Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
|
Similar Threads
- About Blank Prob - HJT log here (Viruses, Spyware and other Nasties)
- Help i think i have the about:blank virus hjt log attached (Viruses, Spyware and other Nasties)
- my HJT log, 2 of them for 2 comp (Viruses, Spyware and other Nasties)
- can somebody pls. help me out with my HJT log.. (Viruses, Spyware and other Nasties)
- My HJT log, please help (about:blank, etc.) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Cool Web Search - You Ain't So Cool!
- Next Thread: i have this on my XP desktop:TROJAN-SPY.HTML.SMITFRAUD.c
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
