Im New, could you help me???

Question

cbbcisace 0 Newbie Poster

18 Years Ago

Hi i am new but i am worried cause i have not task bar or desktop items so i did this scan. Can you help me??

Logfile of HijackThis v1.99.1
Scan saved at 16:58:45, on 14/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Paula\LOCALS~1\Temp\Rar$EX00.718\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Paula\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsel.dll
O2 - BHO: C:\WINDOWS\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\system32\adsldpbe.dll
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (file missing)
O2 - BHO: (no name) - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\system32\AdCom.dll
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\system32\adsldpbj.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ZStart] c:\windows\system32\ppdxregw.exe CS001
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\SYS98
O4 - HKLM\..\Run: [win32106-167252085] C:\WINDOWS\win32106-167252085.exe
O4 - HKLM\..\Run: [win320956-16725208] C:\WINDOWS\win320956-16725208.exe
O4 - HKLM\..\Run: [win3208856-1672520] C:\WINDOWS\win3208856-1672520.exe
O4 - HKLM\..\Run: [win32070856-167252] C:\WINDOWS\win32070856-167252.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [webnexus.exee.org] C:\WINDOWS\system32\webnexus.exee.org
O4 - HKLM\..\Run: [webnexus.exe3.org] C:\WINDOWS\system32\webnexus.exe3.org
O4 - HKLM\..\Run: [webnexus.exe.exeg] C:\WINDOWS\system32\webnexus.exe.exeg
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\system32\webnexus.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [sys11-1672520856] C:\WINDOWS\sys11-1672520856.exe
O4 - HKLM\..\Run: [sys0372520856-16] C:\WINDOWS\sys0372520856-16.exe
O4 - HKLM\..\Run: [sys02672520856-1] C:\WINDOWS\sys02672520856-1.exe
O4 - HKLM\..\Run: [sys011672520856-] C:\WINDOWS\sys011672520856-.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [Setup2-71.exe] C:\WINDOWS\system32\Setup2-71.exe
O4 - HKLM\..\Run: [russandmmx.exe] C:\WINDOWS\system32\russandmmx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ourcash.exe] C:\WINDOWS\system32\ourcash.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ms070856-167252] C:\WINDOWS\ms070856-167252.exe
O4 - HKLM\..\Run: [ms0620856-16725] C:\WINDOWS\ms0620856-16725.exe
O4 - HKLM\..\Run: [ms05520856-1672] C:\WINDOWS\ms05520856-1672.exe
O4 - HKLM\..\Run: [ms042520856-167] C:\WINDOWS\ms042520856-167.exe
O4 - HKLM\..\Run: [ms0372520856-16] C:\WINDOWS\ms0372520856-16.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [mmxruss.exe183a.exeR] C:\WINDOWS\system32\mmxruss.exe183a.exeR
O4 - HKLM\..\Run: [mmxruss.exe] C:\WINDOWS\system32\mmxruss.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [mmxp2passion] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [MediaGateway.exeg] C:\WINDOWS\system32\MediaGateway.exeg
O4 - HKLM\..\Run: [mc-11] C:\WINDOWS\system32\mc-11
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\system32\inrh95
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [drsmartload183a.exe] C:\WINDOWS\system32\drsmartload183a.exe
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [adcomplusanalytic.exe] C:\WINDOWS\system32\adcomplusanalytic.exe
O4 - HKLM\..\Run: [640x] C:\WINDOWS\system32\640x.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\system32\outpostupdate.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [cmctles] C:\WINDOWS\system32\cmctles.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...arch.jhtml?p=ZN
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1125479620453
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/See.../bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O20 - Winlogon Notify: nuclabdll - C:\WINDOWS\SYSTEM32\nuclabdll.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll
O21 - SSODL: AproposClient - {E66CC6A7-0313-881F-7970-AEE8D408E0B3} - (no file)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

windows-virus

4 Contributors
12 Replies
211 Views
1 Week Discussion Span
Latest Post 18 Years Ago Latest Post by 'Stein

All 12 Replies

tayspen 28 <Insert title here>

18 Years Ago

Hi, first lets have HJT clean a few things

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Paula\LOCALS~1\Temp\se.dll/space.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: C:\WINDOWS\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\system32\adsldpbe.dll
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (file missing)
O2 - BHO: (no name) - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - (no file)
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\system32\AdCom.dll
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\system32\adsldpbj.dll - Not to sure about this one, may want to back it up before you clean it
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

Put a tick mark to those items and have HJT Fix selected. You are very infected and the process isnt over. After you have HJT fix those,

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

We will go from there.

-T

tayspen 28 <Insert title here>

18 Years Ago

Hi your log looks cleaner :). But there is still a few things that can be fixed. Fix the following.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...DFJXrwhJ8Xqyg==
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [ourcash.exe] C:\WINDOWS\system32\ourcash.exe
O4 - HKLM\..\Run: [mmxruss.exe] C:\WINDOWS\system32\mmxruss.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [mmxp2passion] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [MediaGateway.exeg] C:\WINDOWS\system32\MediaGateway.exeg
O4 - HKLM\..\Run: [adcomplusanalytic.exe] C:\WINDOWS\system32\adcomplusanalytic.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe - Not to usre about this one.
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...arch.jhtml?p=ZN

There are still more. But please remove these in safe mode with HJT. - Info on gettting into safe mode http://www.computerhope.com/issues/chsafe.htm

When your done post a new log.

tayspen 28 <Insert title here>

18 Years Ago

HI, Now have it clean these, in safe mode.

C:\WINDOWS\system32\wfwall1.exe Check with an antivirus scanner
C:\WINDOWS\system32\wfwall1.exe Check with an antivirus scanner
C:\WINDOWS\system32\wfwall1.exe Check with an antivirus scanner
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ERROR
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [webnexus.exee.org] C:\WINDOWS\system32\webnexus.exee.org
O4 - HKLM\..\Run: [webnexus.exe3.org] C:\WINDOWS\system32\webnexus.exe3.org
O4 - HKLM\..\Run: [webnexus.exe.exeg] C:\WINDOWS\system32\webnexus.exe.exeg
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\system32\webnexus.exe
O4 - HKLM\..\Run: [Setup2-71.exe] C:\WINDOWS\system32\Setup2-71.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [drsmartload183a.exe] C:\WINDOWS\system32\drsmartload183a.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Then while your stillin safe mode. Delete this file C:\WINDOWS\system32\wfwall1.exe you may have to show hidden folders. info on that here - http://www.youthtech.com/techstuff/techhelp/pc-help/misc/unhidefile.htm

Post a new log when your done.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cbbcisace 0 Newbie Poster · Answer 1 · 2006-02-25T22:30:35+00:00

Done what you said here is the reports from ewido and Hijack this

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           16:27:51, 25/02/2006
+ Report-Checksum:      A11ED3BB


+ Scan result:


HKLM\SOFTWARE\Classes\CLSID\{16875E09-927B-4494-82BD-158A1CD46BA0} -> Downloader.Delf.vt : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{71D1708F-973D-4600-AF01-AD86688403AE} -> Adware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware -> Adware.Starware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Cleaned with backup
HKLM\SOFTWARE\SCom -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SCom\Dialers -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Switp -> Adware.180Solutions : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16875E09-927B-4494-82BD-158A1CD46BA0} -> Downloader.Delf.vt : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7950AB4-67F5-458E-A37D-9F2DE7F250AC} -> Adware.NetRevenueStream : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7950AB4-67F5-458E-A37D-9F2DE7F250AC} -> Adware.NetRevenueStream : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\SCom -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\SCom\Dialers -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\SCom\Dialers\Gay_Sexy_gb -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Starware -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Starware\Options -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Starware\OriginalAutoSearch -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-1957994488-1417001333-725345543-1002\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16875E09-927B-4494-82BD-158A1CD46BA0} -> Downloader.Delf.vt : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7950AB4-67F5-458E-A37D-9F2DE7F250AC} -> Adware.NetRevenueStream : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg-ypcorp.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.abcsearch[2].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\34GSX696\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U1L81N8D\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P2HX8J8P\UnitedKingdom[1].exe -> Dialer.EzDial.a : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@e-2dj6wflowmczifp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@e-2dj6wgkowmcjkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@e-2dj6wjliqpdjeep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@e-2dj6wjloelczkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\3152887.exe -> Downloader.VB.et : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Cookies\paula@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\kecnpnmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\mfmipnmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\ohoopnmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\plndpnmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Rar$EX02.609\backups\backup-20060225-154210-119.dll -> Downloader.Delf.lh : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1H30TF9\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1H30TF9\wresalbums[1].htm -> Backdoor.Sitex : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temp\Temporary Internet Files\Content.IE5\JM8MZH05\MediaGateway[1].exe -> Adware.WinAD : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\41UFA36T\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\found.000\file0000.chk -> TrackingCookie.Cliks : Cleaned with backup
C:\Program Files\BT Voyager 205 ADSL Router\Adsl\wcxgg32.dll -> Trojan.Zapchast : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Error during cleaning
C:\Program Files\Elaws nt\Cache\0000456d_436514bf_00086218 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Program Files\MediaGateway\MediaGateway.ex$ -> Adware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\42121A04-4082-497E-83F8-E05B6C\39347D5D-4E33-4C90-9B22-C5F488 -> Downloader.Qoologic.ae : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\08114B18-8A44-44C9-B07F-1EF607 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\0E626C5F-D1D2-4327-A3EB-7FD959 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\13F1A146-E626-427D-BF4C-6F04BC -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\6668B5B9-9545-4D99-A75F-47EA1F -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\8D740892-2DF5-4CF1-B7FF-B9F202 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\D2C045C6-D05A-412F-A4FE-F3FE13 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\ED051EC4-3762-47F2-8239-C46A32 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E0DC62E-B5A5-42AC-A8C1-A96974\FEB96A92-45C2-477A-91A5-041556 -> Downloader.Qoologic.ac : Cleaned with backup
C:\Program Files\Starware -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin\jokester.dll -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin\manifest.txt -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin\Starware.dll -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin\un.manifest.txt -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\brand.bmp -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\icons -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\icons\star_16.ico -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\StarwareConfig.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\StarwareUninstall.exe -> Adware.Starware : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Adware.Pacer : Cleaned with backup
C:\WINDOWS\1.d -> Downloader.Delf.vt : Cleaned with backup
C:\WINDOWS\cpblpbc5.log -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\etb\nt_hide78.dll -> Trojan.EliteBar.g : Cleaned with backup
C:\WINDOWS\etb\pokapoka78.ex$ -> Adware.EliteBar : Cleaned with backup
C:\WINDOWS\gadlwrldgo.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\iexplore.exe -> Hijacker.StartPage.kk : Cleaned with backup
C:\WINDOWS\linun.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\mm83.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\ms0372520856-16.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\ms042520856-167.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\ms05520856-1672.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\ms0620856-16725.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\ms070856-167252.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\msxp.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\SearchB.exe -> Hijacker.VB.jz : Cleaned with backup
C:\WINDOWS\seli.exe/mrjj.exe -> Trojan.LowZones.am : Error during cleaning
C:\WINDOWS\sys011672520856-.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\sys02672520856-1.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\sys0372520856-16.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\sys11-1672520856.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\SYS98.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\640x.exe -> Downloader.Small.bvn : Cleaned with backup
C:\WINDOWS\system32\adcomplusanalytic.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\cashplusmedia.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\cashplusmedia1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\child.dll -> Downloader.Small.bug : Cleaned with backup
C:\WINDOWS\system32\cmctles.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\cxdxregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\kkdsregr.ex$ -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\loadadv640.exe -> Downloader.Agent.xq : Cleaned with backup
C:\WINDOWS\system32\lsysleiz.ex$ -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\MediaGatewayX.dl$ -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\system32\mediapluscash.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\million.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\mmxourguyz.exe -> Downloader.VB.sh : Cleaned with backup
C:\WINDOWS\system32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup
C:\WINDOWS\system32\mmxruss.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\mpndhdon.exe -> Dropper.Small.afo : Cleaned with backup
C:\WINDOWS\system32\MSAgentXP.exe -> Downloader.Agent.acr : Cleaned with backup
C:\WINDOWS\system32\mscornet.exe -> Downloader.Zlob.gv : Cleaned with backup
C:\WINDOWS\system32\nuclab.sys -> Backdoor.Haxdoor.et : Cleaned with backup
C:\WINDOWS\system32\ogeifljk.exe -> Dropper.Small.aib : Cleaned with backup
C:\WINDOWS\system32\ordevqaw.ex$ -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\ourcash.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\ppdxregw.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\ptcpnk.exe -> Dropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\system32\russandmmx.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\st3.dll -> Trojan.Delf.pu : Cleaned with backup
C:\WINDOWS\system32\syswrk.dll -> Logger.Goldun.ek : Cleaned with backup
C:\WINDOWS\system32\testit.exe -> Downloader.IstBar.is : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\vmplay.dll -> Downloader.Dyfuca.et : Cleaned with backup
C:\WINDOWS\system32\XPAgent.exe -> Downloader.Agent.acr : Cleaned with backup
C:\WINDOWS\system32\zxinst_cs001.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.t : Cleaned with backup
C:\WINDOWS\uk_efp.exe -> Downloader.Small.bci : Cleaned with backup
C:\WINDOWS\UnitedKingdom.exe -> Dialer.EzDial.a : Cleaned with backup
C:\WINDOWS\win32070856-167252.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\win3208856-1672520.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\win320956-16725208.exe -> Downloader.VB.tf : Cleaned with backup
C:\WINDOWS\win32106-167252085.exe -> Downloader.VB.tf : Cleaned with backup



Hi Jack This Report


Logfile of HijackThis v1.99.1
Scan saved at 15:49:11, on 25/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsHkhWqtO3evYGqJGnG503nSyyQNkfNOwhDZxamqWfpFV3sH36Oqj2c5xU4F0+5GGpYElw+alLUWx+0ecV1KEQ53mm81/yRgZbzr6rNOpjDFJXrwhJ8Xqyg==
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ScriptInocUI Class -  - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsel.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\ppdxregw.exe CS001
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\SYS98
O4 - HKLM\..\Run: [win32106-167252085] C:\WINDOWS\win32106-167252085.exe
O4 - HKLM\..\Run: [win320956-16725208] C:\WINDOWS\win320956-16725208.exe
O4 - HKLM\..\Run: [win3208856-1672520] C:\WINDOWS\win3208856-1672520.exe
O4 - HKLM\..\Run: [win32070856-167252] C:\WINDOWS\win32070856-167252.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [webnexus.exee.org] C:\WINDOWS\system32\webnexus.exee.org
O4 - HKLM\..\Run: [webnexus.exe3.org] C:\WINDOWS\system32\webnexus.exe3.org
O4 - HKLM\..\Run: [webnexus.exe.exeg] C:\WINDOWS\system32\webnexus.exe.exeg
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\system32\webnexus.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [sys11-1672520856] C:\WINDOWS\sys11-1672520856.exe
O4 - HKLM\..\Run: [sys0372520856-16] C:\WINDOWS\sys0372520856-16.exe
O4 - HKLM\..\Run: [sys02672520856-1] C:\WINDOWS\sys02672520856-1.exe
O4 - HKLM\..\Run: [sys011672520856-] C:\WINDOWS\sys011672520856-.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [Setup2-71.exe] C:\WINDOWS\system32\Setup2-71.exe
O4 - HKLM\..\Run: [russandmmx.exe] C:\WINDOWS\system32\russandmmx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ourcash.exe] C:\WINDOWS\system32\ourcash.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ms070856-167252] C:\WINDOWS\ms070856-167252.exe
O4 - HKLM\..\Run: [ms0620856-16725] C:\WINDOWS\ms0620856-16725.exe
O4 - HKLM\..\Run: [ms05520856-1672] C:\WINDOWS\ms05520856-1672.exe
O4 - HKLM\..\Run: [ms042520856-167] C:\WINDOWS\ms042520856-167.exe
O4 - HKLM\..\Run: [ms0372520856-16] C:\WINDOWS\ms0372520856-16.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [mmxruss.exe183a.exeR] C:\WINDOWS\system32\mmxruss.exe183a.exeR
O4 - HKLM\..\Run: [mmxruss.exe] C:\WINDOWS\system32\mmxruss.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [mmxp2passion] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [MediaGateway.exeg] C:\WINDOWS\system32\MediaGateway.exeg
O4 - HKLM\..\Run: [mc-11] C:\WINDOWS\system32\mc-11
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\system32\inrh95
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [drsmartload183a.exe] C:\WINDOWS\system32\drsmartload183a.exe
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [adcomplusanalytic.exe] C:\WINDOWS\system32\adcomplusanalytic.exe
O4 - HKLM\..\Run: [640x] C:\WINDOWS\system32\640x.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\system32\outpostupdate.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [cmctles] C:\WINDOWS\system32\cmctles.exe
O4 - Startup: antzte~1.lnk = C:\Program Files\Antz Technology OS1\antzte~1.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.503.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125479620453
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll (file missing)
O21 - SSODL: AproposClient - {E66CC6A7-0313-881F-7970-AEE8D408E0B3} - (no file)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

cbbcisace 0 Newbie Poster · Answer 2 · 2006-02-26T15:51:34+00:00

Here is my new scan

Logfile of HijackThis v1.99.1
Scan saved at 09:51:00, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfwall1.exe
C:\WINDOWS\system32\wfwall1.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\SpySpotter3\Defender.exe
C:\Program Files\SpySpotter3\SpySpotter.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wfwall1.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ERROR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsel.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [webnexus.exee.org] C:\WINDOWS\system32\webnexus.exee.org
O4 - HKLM\..\Run: [webnexus.exe3.org] C:\WINDOWS\system32\webnexus.exe3.org
O4 - HKLM\..\Run: [webnexus.exe.exeg] C:\WINDOWS\system32\webnexus.exe.exeg
O4 - HKLM\..\Run: [webnexus.exe] C:\WINDOWS\system32\webnexus.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [Setup2-71.exe] C:\WINDOWS\system32\Setup2-71.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [mc-11] C:\WINDOWS\system32\mc-11
O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\system32\inrh95
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [drsmartload183a.exe] C:\WINDOWS\system32\drsmartload183a.exe
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\system32\outpostupdate.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: antzte~1.lnk = C:\Program Files\Antz Technology OS1\antzte~1.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.503.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125479620453
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll (file missing)
O21 - SSODL: AproposClient - {E66CC6A7-0313-881F-7970-AEE8D408E0B3} - (no file)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

cbbcisace 0 Newbie Poster · Answer 3 · 2006-03-05T20:38:19+00:00

Sorry Been Away on Holiday here is my new Scan:

Logfile of HijackThis v1.99.1
Scan saved at 14:37:13, on 05/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\SpySpotter3\Defender.exe
C:\Program Files\SpySpotter3\SpySpotter.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wfwall1.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wfwall1.exe
C:\WINDOWS\system32\wfwall1.exe
C:\WINDOWS\system32\wfwall1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsel.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [mc-11] C:\WINDOWS\system32\mc-11
O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\system32\inrh95
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\system32\outpostupdate.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.503.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125479620453
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winantispyware.com/www/download/2006/WinAntiSpyware2006FreeInstall.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll (file missing)
O21 - SSODL: AproposClient - {E66CC6A7-0313-881F-7970-AEE8D408E0B3} - (no file)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tayspen 28 <Insert title here> Team Colleague · Answer 4 · 2006-03-05T20:55:05+00:00

HI, please boot into safe mode again, and have HJT fix these.

C:\WINDOWS\system32\wfwall1.exe

C:\WINDOWS\system32\wfwall1.exe

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsel.dll

O4 - HKLM\..\Run: [mc-11] C:\WINDOWS\system32\mc-11

O4 - HKLM\..\Run: [inrh95] C:\WINDOWS\system32\inrh95

O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\wfwall1.exe

O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\system32\outpostupdate.exe

O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\cxdxregt.exe

O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)

O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe (file missing)

O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll (file missing)

O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)

O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)

O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll (file missing)

This part is VERY important, while your still in safe mode. Delete the following files.( you will need to have windows show hidden files)

To do this do the follwing:

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now browse to and delete the following. (If they are still there)

C:\WINDOWS\system32\wfwall1.exe

C:\WINDOWS\system32\outpostupdate.exe

C:\WINDOWS\system32\cxdxregt.exe

Reboot normally, scan again and post a new log.

'Stein 150 Lapsed Skeptic Team Colleague · Answer 5 · 2006-03-06T01:27:39+00:00

Several more to fix:

O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.503.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/See.../bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/s...FreeInstall.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab

D3m3nt3d 1 Posting Whiz in Training · Answer 6 · 2006-03-06T07:48:47+00:00

Hey guys, several different infections present there

May not hurt to hit these two tools as well

Spysweeper
http://malwareteks.com/dload.php?action=download&file_id=5

About:Buster
http://malwareteks.com/dload.php?action=download&file_id=7

Perform a full Sweep with Spysweeper - save the log and attach when you return

Reboot to Safe Mode and run About:Buster twice
-Save the logs as ab1.txt and ab2.txt and attach both of them when returning

'Stein 150 Lapsed Skeptic Team Colleague · Answer 7 · 2006-03-06T08:30:40+00:00

Great, thanks demented :cheesy:

Outta curiosity, why about:buster? I've never heard about it before, and am curious about it.

Also, what infections did ya see, and how did ya kno it was those infections?

(Heh, sry, I'm tryin to get better & learn this stuff)

Thanks.

D3m3nt3d 1 Posting Whiz in Training · Answer 8 · 2006-03-06T09:08:58+00:00

About:Buster cleans files and registry entries for the About:Blank infection. In the original log there was this

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Paula\LOCALS~1\Temp\se.dll/space.html

This is a very old variant - and since this infection mutates terribly, I wanted to verify we removed all traces.

Also- we will need to dig into this a little more:

O21 - SSODL: AproposClient - {E66CC6A7-0313-881F-7970-AEE8D408E0B3} - (no file)

Though it says file missing - Apropos is a serious infection.

They also have/had a Look2Me infection evident here

O20 - Winlogon Notify: st3i - C:\WINDOWS\q231718.dll (file missing)

Spysweeper should knock that out though...

'Stein 150 Lapsed Skeptic Team Colleague · Answer 9 · 2006-03-06T10:15:29+00:00

'Stein 150 Lapsed Skeptic

18 Years Ago

Ahhh I see :o thanks.

Back to you, Cbbicace.

Im New, could you help me???

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers