0

I'm having problems with IE, WE, and all other folders on the desktop. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:01:27 AM, on 16/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
F:\WINDOWS\system32\CTHELPER.EXE
F:\Applications\Logitech\iTouch\iTouch.exe
F:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
F:\Applications\Logitech\MouseWare\system\em_exec.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Applications\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Applications\Plextor\PlexTool.exe
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\WINDOWS\system32\MsPMSPSv.exe
F:\APPLIC~1\WinFax\WFXMOD32.EXE
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Netscape\Netscape\Netscp.exe
F:\WINDOWS\explorer.exe
F:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\swenx.dll/sp.html#27063
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\swenx.dll/sp.html#27063
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.ca"); (F:\Documents and Settings\Arthur\Application Data\Mozilla\Profiles\default\flwcqf9r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (F:\Documents and Settings\Arthur\Application Data\Mozilla\Profiles\default\flwcqf9r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Applications\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D1DEAEB-94B4-8C6D-EA70-4785C21F6B00} - F:\WINDOWS\javaod32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Device Detector] "F:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Applications\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AWMON] "F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [mshp32.exe] F:\WINDOWS\mshp32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Downloads\IDM 4.01\IDMan.exe /onboot
O4 - HKCU\..\Run: [Frimpx] F:\WINDOWS\system32\apllb.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Applications\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PlexTools Professional.lnk = F:\Applications\Plextor\PlexTool.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Downloads\IDM 4.01\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Downloads\IDM 4.01\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.streamload.com
O20 - Winlogon Notify: NavLogon - F:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - F:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - F:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: pcAnywhere Install Service - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\pca_run.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE

2
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb falcon123.

-

We'll need to disable AdAware's AdWatch, since it might interfere with other program(s) we might be using to 'clean' off your system; you can re-enable it after we're done. To disable this feature, run Run AdAware SE, then:

1. Click "AdWatch".
2. Click "Tools and Preferences".

(Look at the bottom of the window you will see two options...)


3. Uncheck these options:

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically


Remember to re-enable this feature once your system is clean.


===============

Download CWShredder 2 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.


===============

Download, unzip to your desktop About:Buster and run it, then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip to step #4.)

3. Click "Download Update", and wait for it to be installed.
4. Click "Start".

(Wait for the initial ADS scan to complete.)

5. Click "Yes", to shutdown any IE session currently open.

(Wait for the about:blank scan to complete.)

6. Click "Ok", to scan once more.
7. Click "Yes", to shutdown any IE sessions currently open.
8. Click "Yes", to begin the second pass.

9. Click "Save log", and post this log back along with your new log.
10. Click "Exit".
11. Click "Exit".


===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u javaod32.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://F:\WINDOWS\swenx.dll/sp.html#27063
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\swenx.dll/sp.html#27063
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://F:\WINDOWS\swenx.dll/sp.html#27063

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (F:\Documents and Settings\Arthur\Application Data\Mozilla\Profiles\default\flwcqf9r.slt\prefs.js)

O2 - BHO: (no name) - {6D1DEAEB-94B4-8C6D-EA70-4785C21F6B00} - F:\WINDOWS\javaod32.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [mshp32.exe] F:\WINDOWS\mshp32.exe
O4 - HKCU\..\Run: [Frimpx] F:\WINDOWS\system32\apllb.exe
O4 - Global Startup: VPN Client.lnk = ?


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

F:\WINDOWS\swenx.dll
F:\WINDOWS\javaod32.dll
F:\WINDOWS\mshp32.exe
F:\WINDOWS\system32\apllb.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============


When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

Post back a new log after rebooting and let me know how everything goes.

0

Thank you Crunchie for the welcome. I'm glad to report that I have regained control of windows.

Here are the updated logs. I have re-run everything few times...Smilie

Logfile of HijackThis v1.99.1
Scan saved at 7:04:33 PM, on 16/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
F:\WINDOWS\system32\CTHELPER.EXE
F:\Applications\Logitech\iTouch\iTouch.exe
F:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Applications\Logitech\MouseWare\system\em_exec.exe
F:\Applications\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Applications\Plextor\PlexTool.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\WINDOWS\system32\MsPMSPSv.exe
F:\APPLIC~1\WinFax\WFXMOD32.EXE
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\regsvr32.exe
F:\WINDOWS\system32\drwtsn32.exe
F:\HJT\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.ca"); (F:\Documents and Settings\Arthur\Application Data\Mozilla\Profiles\default\flwcqf9r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (F:\Documents and Settings\Arthur\Application Data\Mozilla\Profiles\default\flwcqf9r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Applications\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Device Detector] "F:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Applications\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Downloads\IDM 4.01\IDMan.exe /onboot
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Applications\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PlexTools Professional.lnk = F:\Applications\Plextor\PlexTool.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Downloads\IDM 4.01\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Downloads\IDM 4.01\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.streamload.com
O20 - Winlogon Notify: PCANotify - F:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - F:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: pcAnywhere Install Service - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\pca_run.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE

Scanned at: 6:02:16 PM on: 16/03/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25


Removed Data Streams:
F:\WINDOWS\addnx32.dll.tcf:xsyuu
F:\WINDOWS\addvy32.dll.tcf:gsrjf
F:\WINDOWS\addyc.dll.tcf:zczel
F:\WINDOWS\apihb.dll.tcf:lvzrw
F:\WINDOWS\apijg32.dll.tcf:rslce
F:\WINDOWS\apizi.dll.tcf:yokbj
F:\WINDOWS\appnr32.dll.tcf:pgquu
F:\WINDOWS\appts32.dll.tcf:inymn
F:\WINDOWS\appwm32.dll.tcf:nytbo
F:\WINDOWS\atlhc.dll.tcf:bqnpx
F:\WINDOWS\atlvi.dll.tcf:mbtjj
F:\WINDOWS\clock.avi:xcecf
F:\WINDOWS\cmsetacl.log:xhuql
F:\WINDOWS\comsetup.log:cafrc
F:\WINDOWS\crgk32.dll.tcf:gdbia
F:\WINDOWS\d3mp32.dll.tcf:ictms
F:\WINDOWS\d3nx.dll.tcf:bderu
F:\WINDOWS\DEVREG.DLL:rrnjs
F:\WINDOWS\Gone Fishing.bmp:lrnxr
F:\WINDOWS\iecn32.dll:isrnu
F:\WINDOWS\iehu32.dll.tcf:uzeju
F:\WINDOWS\ieij.dll.tcf:zhmsw
F:\WINDOWS\ieuy.dll.tcf:qenzd
F:\WINDOWS\INRES.DLL:gzgws
F:\WINDOWS\ipbk32.dll.tcf:jywyc
F:\WINDOWS\jautoexp.dat:odmqu
F:\WINDOWS\javaox32.dll.tcf:ubggv
F:\WINDOWS\javatj32.dll.tcf:lvqsv
F:\WINDOWS\javawc32.dll.tcf:vgwgk
F:\WINDOWS\LUINSTALL.LOG:vmopv
F:\WINDOWS\mfcqx.dll.tcf:ahrqa
F:\WINDOWS\mfcub.dll.tcf:ygjar
F:\WINDOWS\msav32.dll.tcf:imirr
F:\WINDOWS\msav32.dll.tcf:imirr
F:\WINDOWS\mslh32.dll.tcf:uqjkv
F:\WINDOWS\msnm.dll.tcf:gwarr
F:\WINDOWS\mspt.dll.tcf:qxlem
F:\WINDOWS\mspt.dll.tcf:qxlem
F:\WINDOWS\mstb.dll.tcf:bmqge
F:\WINDOWS\netuw32.dll.tcf:iqdjh
F:\WINDOWS\ntne.dll.tcf:rlbmx
F:\WINDOWS\ntpe32.dll.tcf:deoam
F:\WINDOWS\PSCONV.EXE:etokh
F:\WINDOWS\sdkbu32.dll.tcf:qtfvr
F:\WINDOWS\sdkhu.dll.tcf:emxtl
F:\WINDOWS\setup.log:bbulj
F:\WINDOWS\sysir32.dll.tcf:gqbwp
F:\WINDOWS\tsoc.log:mrygr
F:\WINDOWS\wincg32.dll.tcf:fdool
F:\WINDOWS\winrg.dll.tcf:oabgu
F:\WINDOWS\winvc.dll.tcf:tvnxn
F:\WINDOWS\winyy32.dll.tcf:xardo
F:\WINDOWS\WMSysPr9.prx:zzdmy


Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25


Removed Data Streams:
F:\WINDOWS\addnx32.dll.tcf:xsyuu
F:\WINDOWS\addvy32.dll.tcf:gsrjf
F:\WINDOWS\addyc.dll.tcf:zczel
F:\WINDOWS\apihb.dll.tcf:lvzrw
F:\WINDOWS\apijg32.dll.tcf:rslce
F:\WINDOWS\apizi.dll.tcf:yokbj
F:\WINDOWS\appnr32.dll.tcf:pgquu
F:\WINDOWS\appts32.dll.tcf:inymn
F:\WINDOWS\appwm32.dll.tcf:nytbo
F:\WINDOWS\atlhc.dll.tcf:bqnpx
F:\WINDOWS\atlvi.dll.tcf:mbtjj
F:\WINDOWS\clock.avi:xcecf
F:\WINDOWS\cmsetacl.log:xhuql
F:\WINDOWS\comsetup.log:cafrc
F:\WINDOWS\crgk32.dll.tcf:gdbia
F:\WINDOWS\d3mp32.dll.tcf:ictms
F:\WINDOWS\d3nx.dll.tcf:bderu
F:\WINDOWS\DEVREG.DLL:rrnjs
F:\WINDOWS\Gone Fishing.bmp:lrnxr
F:\WINDOWS\iecn32.dll:isrnu
F:\WINDOWS\iehu32.dll.tcf:uzeju
F:\WINDOWS\ieij.dll.tcf:zhmsw
F:\WINDOWS\ieuy.dll.tcf:qenzd
F:\WINDOWS\INRES.DLL:gzgws
F:\WINDOWS\ipbk32.dll.tcf:jywyc
F:\WINDOWS\jautoexp.dat:odmqu
F:\WINDOWS\javaox32.dll.tcf:ubggv
F:\WINDOWS\javatj32.dll.tcf:lvqsv
F:\WINDOWS\javawc32.dll.tcf:vgwgk
F:\WINDOWS\LUINSTALL.LOG:vmopv
F:\WINDOWS\mfcqx.dll.tcf:ahrqa
F:\WINDOWS\mfcub.dll.tcf:ygjar
F:\WINDOWS\msav32.dll.tcf:imirr
F:\WINDOWS\msav32.dll.tcf:imirr
F:\WINDOWS\mslh32.dll.tcf:uqjkv
F:\WINDOWS\msnm.dll.tcf:gwarr
F:\WINDOWS\mspt.dll.tcf:qxlem
F:\WINDOWS\mspt.dll.tcf:qxlem
F:\WINDOWS\mstb.dll.tcf:bmqge
F:\WINDOWS\netuw32.dll.tcf:iqdjh
F:\WINDOWS\ntne.dll.tcf:rlbmx
F:\WINDOWS\ntpe32.dll.tcf:deoam
F:\WINDOWS\PSCONV.EXE:etokh
F:\WINDOWS\sdkbu32.dll.tcf:qtfvr
F:\WINDOWS\sdkhu.dll.tcf:emxtl
F:\WINDOWS\setup.log:bbulj
F:\WINDOWS\sysir32.dll.tcf:gqbwp
F:\WINDOWS\tsoc.log:mrygr
F:\WINDOWS\wincg32.dll.tcf:fdool
F:\WINDOWS\winrg.dll.tcf:oabgu
F:\WINDOWS\winvc.dll.tcf:tvnxn
F:\WINDOWS\winyy32.dll.tcf:xardo
F:\WINDOWS\WMSysPr9.prx:zzdmy


Attempted Clean Of Temp folder.
Pages Reset... Done!


Scanned at: 6:23:53 PM on: 16/03/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Scanned at: 6:43:10 PM on: 16/03/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Scanned at: 6:56:18 PM on: 16/03/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Scanned at: 7:03:40 PM on: 16/03/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


:)

0

Congratulations! Your log looks clean - good work!

===============

It's probably a good idea to defragment your hard drive too. This may well improve the performance of your PC.

===============

Download, install and run Cleanup! from Steven Gould, then:

1. Click "Cleanup!"

(wait for the program to finish scanning your system, and selecting files to be removed.)

2. Exit the program and reboot the computer, if necessary.

-

For more information about using Cleanup! see here.

===============

If everything is running ok, let's do the final cleanup...

===============

1. Run "Disk Cleanup" and allow it to remove everything it finds.

2. Go to www.trendmicro.com and click "Free Online Scan", then "Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) "Auto clean", then click "Scan".

3. Run AdAware SE Personal and "perform a full system scan", then Spybot S&D, and "Check for Problems". Let them both remove the residual 'problems' left that HiJackThis couldn't fix.

4. Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually.

===============

If your having any more problems, post back.

-

Happy surfing,

[crunchie].

0

Thank you Crunchie. Everything is working fine. The only thing I couldn't do is run an online scan. For some reason I kept getting setups for netscape and I couldn't install it. I don't have netscape on my computer anymore. Don't know if it supports any other browsers. Currently, I am running Firefox. Other than that, everythin works fine.

Thanks again...

0

You need to run the scans using Internet Exploder as FF does not facilitate the use of active X controls :).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.