Jump to content


Photo
- - - - -

Can't get rid of viruses


  • This topic is locked This topic is locked
76 replies to this topic

#1 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 03 January 2006 - 07:28 PM

I downloaded avast antivirus on to my parents computer because it has been running very very slow lately. I ran it and removed countless infected files. so this morning i start the computer up again and see if i can get IE to run but it still will not. my automatic update for windows comes up and i atart to run it (service pack 2) it is unable to install and all of a sudden the computer starts running very slow again. so i run avast once again and there are even more viruses than last night. so i need some help here.
Here is the log file.
Logfile of HijackThis v1.99.1
Scan saved at 7:17:17 PM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winqg32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kerry and colleen\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {003156AA-B2AD-54C8-CF6D-1C992B937149} - C:\WINDOWS\system32\apifd.dll (file missing)
O2 - BHO: Class - {00317A0E-1167-6D33-BFED-F012365FE844} - C:\WINDOWS\system32\winkv.dll (file missing)
O2 - BHO: Class - {0032D506-4FE0-DF8E-EB48-201C0AF54F67} - C:\WINDOWS\system32\sdkay32.dll (file missing)
O2 - BHO: Class - {004CAE59-A6ED-EFA4-22CF-1C6730C6A2D5} - C:\WINDOWS\javaop.dll (file missing)
O2 - BHO: Class - {005BABB0-E95B-9CB5-BA39-5FD11B1F199C} - C:\WINDOWS\system32\mfcno.dll (file missing)
O2 - BHO: Class - {0063090B-13DF-4A70-B546-1B118D5A15E6} - C:\WINDOWS\apibb32.dll (file missing)
O2 - BHO: Class - {006822A7-054C-D4E1-5DD5-312044BEE60E} - C:\WINDOWS\system32\atlcc.dll (file missing)
O2 - BHO: Class - {007085F0-1707-524E-D27C-EE61D3E63E88} - C:\WINDOWS\system32\javajk32.dll (file missing)
O2 - BHO: Class - {0078391E-5E2C-E562-5F00-073BD75EB9F1} - C:\WINDOWS\mscm.dll (file missing)
O2 - BHO: Class - {007B911E-5570-A396-6F4A-A0CC235143DC} - C:\WINDOWS\d3dn.dll (file missing)
O2 - BHO: Class - {007DB292-112E-4F90-41EA-F1D4D83ADE09} - C:\WINDOWS\sdkxf.dll (file missing)
O2 - BHO: Class - {007FBB10-29F9-1035-4BC6-EADBD6D78464} - C:\WINDOWS\sysay32.dll (file missing)
O2 - BHO: Class - {008764D5-773A-A0CE-0E07-D1A50B2AEB9C} - C:\WINDOWS\system32\crtj32.dll (file missing)
O2 - BHO: Class - {0089926D-DE04-05DF-23E5-7BAF764D77DB} - C:\WINDOWS\system32\winqv.dll (file missing)
O2 - BHO: Class - {009057E0-E644-7B31-F576-A66A75B760A4} - C:\WINDOWS\system32\addfn32.dll (file missing)
O2 - BHO: Class - {00910FC8-0897-B399-2EF2-26EFF8788326} - C:\WINDOWS\system32\sdkqu32.dll
O2 - BHO: Class - {0092CB9E-A898-102E-13F0-85FC8AF2AD31} - C:\WINDOWS\sysbc.dll (file missing)
O2 - BHO: Class - {00A24B03-DD53-09FF-B089-5061C12D30FD} - C:\WINDOWS\system32\atlja.dll (file missing)
O2 - BHO: Class - {00A94FA3-6D7B-4318-1171-4B2F003FC38C} - C:\WINDOWS\ntie32.dll (file missing)
O2 - BHO: Class - {00AD3519-3F00-5087-FF3D-ADBC964ABCAE} - C:\WINDOWS\addkn.dll (file missing)
O2 - BHO: Class - {00B78A2F-66BE-9875-FBF9-E1F486C65401} - C:\WINDOWS\system32\crod32.dll (file missing)
O2 - BHO: Class - {00B90684-CDCB-5F04-FCA4-7F1DEE956606} - C:\WINDOWS\system32\javarl.dll (file missing)
O2 - BHO: Class - {00E97FF9-C2D5-30AF-2580-1DF6C99280CB} - C:\WINDOWS\system32\ipza.dll (file missing)
O2 - BHO: Class - {010A99FA-9882-49E3-F544-44129592A646} - C:\WINDOWS\javakc32.dll (file missing)
O2 - BHO: Class - {01150869-6EAA-DBD5-EC6D-97E0570E4D55} - C:\WINDOWS\system32\ipvp.dll (file missing)
O2 - BHO: Class - {011CA171-EE6B-EF0C-A0D7-D291FDD4ECAA} - C:\WINDOWS\addro.dll (file missing)
O2 - BHO: Class - {0124A396-AB83-9F02-38EC-4CC0C20602CC} - C:\WINDOWS\system32\mset32.dll (file missing)
O2 - BHO: Class - {01263BA8-DD90-3C6A-47E7-0FEAF30DB663} - C:\WINDOWS\system32\winbu32.dll (file missing)
O2 - BHO: Class - {0128CB6A-3BE0-896F-A8BF-286ECE71F3F1} - C:\WINDOWS\system32\winvy.dll (file missing)
O2 - BHO: Class - {012E3C96-088E-958B-C19D-772FA69FFB2A} - C:\WINDOWS\system32\d3ww32.dll (file missing)
O2 - BHO: Class - {013A22CB-C720-7FB1-F261-300904C98BFD} - C:\WINDOWS\system32\sdktj32.dll (file missing)
O2 - BHO: Class - {013F1D00-32FB-D06B-1419-6480DD6E1239} - C:\WINDOWS\winrq.dll (file missing)
O2 - BHO: Class - {0144BFA4-0B7F-AD08-70B4-D0CB8681927E} - C:\WINDOWS\system32\syshz32.dll (file missing)
O2 - BHO: Class - {01455E70-B6DC-DF81-8323-ADC8CB9B6016} - C:\WINDOWS\system32\atlyx32.dll (file missing)
O2 - BHO: Class - {01459542-C37E-C5EA-05BA-1A515DC8EE34} - C:\WINDOWS\system32\ielc.dll (file missing)
O2 - BHO: Class - {014A827D-E04B-4100-86CC-AA5FBCB8F577} - C:\WINDOWS\system32\ntlb.dll (file missing)
O2 - BHO: Class - {0152093B-52C0-D7E8-FBD3-2B2966BDB4FC} - C:\WINDOWS\netpi32.dll (file missing)
O2 - BHO: Class - {0155D68B-7071-FAF3-02DB-27C5446BD84B} - C:\WINDOWS\system32\javaop32.dll (file missing)
O2 - BHO: Class - {01760CDC-D77E-6490-7E10-7131683D9C12} - C:\WINDOWS\winjl32.dll (file missing)
O2 - BHO: Class - {017A0FF7-26F5-7344-C985-64575DDA97DD} - C:\WINDOWS\appld32.dll (file missing)
O2 - BHO: Class - {01C3675A-742C-F571-C549-9B7E893FC5E9} - C:\WINDOWS\system32\javami32.dll (file missing)
O2 - BHO: Class - {01D2AB2E-F21F-B5AE-9B4D-2760FBB33C6D} - C:\WINDOWS\system32\msxp.dll (file missing)
O2 - BHO: Class - {01DD0E35-D044-4315-C8F3-594EFE0AAF3B} - C:\WINDOWS\system32\sdkyi32.dll (file missing)
O2 - BHO: Class - {01EBCE5B-9CE3-6F54-707D-17AF4A43EA22} - C:\WINDOWS\system32\ipqe32.dll (file missing)
O2 - BHO: Class - {01F3905D-2042-3016-19C2-68533992D798} - C:\WINDOWS\appns.dll (file missing)
O2 - BHO: Class - {01F91520-9F2B-B84B-1458-DF849EFEAEE8} - C:\WINDOWS\system32\mfcml32.dll (file missing)
O2 - BHO: Class - {0207AE86-DEC5-5CC1-9C0F-FF84E29A81F5} - C:\WINDOWS\system32\syshq32.dll (file missing)
O2 - BHO: Class - {022B05B8-2B04-C6AA-AF23-E6174F8F7AEB} - C:\WINDOWS\system32\syskv32.dll (file missing)
O2 - BHO: Class - {027602E2-163B-E675-169C-61D11C7D6D27} - C:\WINDOWS\system32\addbg32.dll (file missing)
O2 - BHO: Class - {0283E400-BF96-1C65-2C3F-9441F31430C2} - C:\WINDOWS\ieot32.dll (file missing)
O2 - BHO: Class - {0286A45F-27C1-EAF6-004E-A147DE178896} - C:\WINDOWS\system32\d3aj32.dll (file missing)
O2 - BHO: Class - {029FBD34-C8B2-9002-2C1A-6F854F82041A} - C:\WINDOWS\winla.dll (file missing)
O2 - BHO: Class - {02A69FBB-7B0E-C07B-30E9-E43203460F06} - C:\WINDOWS\system32\addiy32.dll (file missing)
O2 - BHO: Class - {02AC2B1F-8EDC-D35D-97A9-9E5B4B8A9DB3} - C:\WINDOWS\javaxw32.dll (file missing)
O2 - BHO: Class - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - C:\WINDOWS\sdkes32.dll (file missing)
O2 - BHO: Class - {02B1DD18-286C-7339-2831-1E97FFBF8C58} - C:\WINDOWS\sysys.dll (file missing)
O2 - BHO: Class - {02B55B9A-C396-BC1A-9595-FA210D9AEEA0} - C:\WINDOWS\netfh.dll (file missing)
O2 - BHO: Class - {02C0DCC5-3CE6-0398-0598-65E2B62B528F} - C:\WINDOWS\system32\mshl32.dll (file missing)
O2 - BHO: Class - {02CAD123-9877-5EBB-1EA0-E44C595D1271} - C:\WINDOWS\atltx.dll (file missing)
O2 - BHO: Class - {02CD1EC1-58C9-24B1-C3D0-C7646C96F812} - C:\WINDOWS\addep.dll (file missing)
O2 - BHO: Class - {02D7653D-5083-4FED-0389-1E9D5735F0E5} - C:\WINDOWS\system32\msbp.dll (file missing)
O2 - BHO: Class - {02DA43E3-4040-4537-5E7E-2E3A20068395} - C:\WINDOWS\system32\ntoj32.dll (file missing)
O2 - BHO: Class - {02E461BD-30E0-5DFB-7437-1787679686CA} - C:\WINDOWS\system32\addsc32.dll (file missing)
O2 - BHO: Class - {02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86} - C:\WINDOWS\msun32.dll (file missing)
O2 - BHO: Class - {02FEB6C3-679F-85E9-7FF3-5BCF57122E2D} - C:\WINDOWS\netda.dll (file missing)
O2 - BHO: Class - {030916FE-6CC8-75D9-BFBF-4F3D1C97AF3E} - C:\WINDOWS\atlwq32.dll (file missing)
O2 - BHO: Class - {0313D293-F8C5-AF26-E8D6-0687874060FB} - C:\WINDOWS\addur32.dll (file missing)
O2 - BHO: Class - {0315F317-B483-4A2F-BA76-568F3D29FB28} - C:\WINDOWS\ntba.dll (file missing)
O2 - BHO: Class - {03180DE2-F6E2-6009-8992-9DA5DEF05B55} - C:\WINDOWS\system32\javasy32.dll (file missing)
O2 - BHO: Class - {032F02E7-5716-7D60-3E88-9B6309146D54} - C:\WINDOWS\system32\atlek32.dll (file missing)
O2 - BHO: Class - {032FD310-B05A-9CD7-D30D-E062B48F330F} - C:\WINDOWS\atlsb.dll (file missing)
O2 - BHO: Class - {03370B54-7064-0AB4-E47D-570A8BB29E0D} - C:\WINDOWS\ievp32.dll (file missing)
O2 - BHO: Class - {033935E4-A208-AB9E-DD2A-6A9B7E426D04} - C:\WINDOWS\mfcuw.dll (file missing)
O2 - BHO: Class - {03403984-3210-E5B7-4E13-5458BD540092} - C:\WINDOWS\system32\d3bw.dll (file missing)
O2 - BHO: Class - {03433DF4-52B3-D7BA-CE65-5B6EADF47ABE} - C:\WINDOWS\system32\apils.dll (file missing)
O2 - BHO: Class - {034878B2-7EF9-405E-54C5-AB064A6B6481} - C:\WINDOWS\mfclf.dll (file missing)
O2 - BHO: Class - {035AB507-A454-30C0-7879-F028430BA8A3} - C:\WINDOWS\system32\ipah.dll (file missing)
O2 - BHO: Class - {035B4815-86B1-8C80-8C98-8825BFEDD4A9} - C:\WINDOWS\sdkic32.dll (file missing)
O2 - BHO: Class - {035B9D9B-1F54-732E-6BC9-8636A0AC6460} - C:\WINDOWS\sysbh32.dll (file missing)
O2 - BHO: Class - {035E66F7-FD55-5690-77E4-55B4D846010E} - C:\WINDOWS\netxa.dll (file missing)
O2 - BHO: Class - {0372BF75-CDA2-BD24-2D6F-BCCFC6A8E85C} - C:\WINDOWS\ntqp32.dll (file missing)
O2 - BHO: Class - {0374CA48-A799-5108-7C38-BAC7CF481D17} - C:\WINDOWS\javabb32.dll (file missing)
O2 - BHO: Class - {037FA2F8-372A-C652-77FF-F23198522B67} - C:\WINDOWS\winew32.dll (file missing)
O2 - BHO: Class - {038102A8-6BBF-3523-E9F7-013C8EC35F4A} - C:\WINDOWS\system32\atlie32.dll (file missing)
O2 - BHO: Class - {0394B35E-2AC9-655E-57E6-D9C208651426} - C:\WINDOWS\system32\sysgs.dll (file missing)
O2 - BHO: Class - {03985CE5-1795-ADB0-4881-ECE4DF4553EA} - C:\WINDOWS\windk32.dll (file missing)
O2 - BHO: Class - {039B7C13-F237-757B-D633-29FC992B6EB7} - C:\WINDOWS\system32\javasp32.dll (file missing)
O2 - BHO: Class - {03A2D7B5-7F29-C057-69BA-28A6D6BFD1C8} - C:\WINDOWS\system32\sysbq32.dll (file missing)
O2 - BHO: Class - {03C7E373-5AAC-63DE-1204-203615E7FEB8} - C:\WINDOWS\system32\ntcx32.dll (file missing)
O2 - BHO: Class - {0402ED77-6A3E-935E-AC06-95ADD3F1EC13} - C:\WINDOWS\apptn32.dll (file missing)
O2 - BHO: Class - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} - C:\WINDOWS\ntvf.dll (file missing)
O2 - BHO: Class - {04194DC1-FE3C-EB9E-862A-625742602CF4} - C:\WINDOWS\msfn.dll (file missing)
O2 - BHO: Class - {041D1EC3-6007-E092-7365-E16CBCAE9E0B} - C:\WINDOWS\crap32.dll (file missing)
O2 - BHO: Class - {04253698-01F7-A6BE-9E31-AEAA3D1A199F} - C:\WINDOWS\ntae32.dll (file missing)
O2 - BHO: Class - {0426289E-C3E9-C13A-ED9A-FA21D3758986} - C:\WINDOWS\ieeu32.dll (file missing)
O2 - BHO: Class - {04280B5C-D8EC-8CBA-64C0-902824D9E96E} - C:\WINDOWS\system32\ntlq.dll (file missing)
O2 - BHO: Class - {042DBEF5-EE80-F569-CAC1-C25AEDCADB03} - C:\WINDOWS\addyp.dll (file missing)
O2 - BHO: Class - {04324C8A-2846-9CDA-7AE9-6D0D763453AE} - C:\WINDOWS\addjx32.dll (file missing)
O2 - BHO: Class - {0435B265-2FA6-A319-F52C-9B10427ADF8D} - C:\WINDOWS\system32\ieiu.dll (file missing)
O2 - BHO: Class - {043F02AD-CD1E-97CC-ADFC-0D6EFF6BCAC5} - C:\WINDOWS\system32\sysis.dll (file missing)
O2 - BHO: Class - {0442E405-0105-7F0E-EF25-907454BCBB4D} - C:\WINDOWS\system32\ntvz.dll (file missing)
O2 - BHO: Class - {0457DBF9-CCA3-26EC-6311-BF8B9C15E2C2} - C:\WINDOWS\system32\apict32.dll (file missing)
O2 - BHO: Class - {04586809-C5E8-A2F8-EDA5-6597DA0AD199} - C:\WINDOWS\system32\atlhb.dll (file missing)
O2 - BHO: Class - {04A2CA19-69CB-6234-29E3-85CCFE6F5405} - C:\WINDOWS\system32\javaaf32.dll (file missing)
O2 - BHO: Class - {04CABB8A-1C34-EAB8-A8CB-9FFB336540D4} - C:\WINDOWS\atlrs.dll (file missing)
O2 - BHO: Class - {04D30BC2-BAAC-DF6B-6F8B-0149E0564B1D} - C:\WINDOWS\system32\ntzi32.dll (file missing)
O2 - BHO: Class - {04D536A8-BE6C-6283-AD25-18CADEF98984} - C:\WINDOWS\sysdw32.dll (file missing)
O2 - BHO: Class - {04D84A7E-AF1A-27B3-7174-33D2BABA7210} - C:\WINDOWS\apijk32.dll (file missing)
O2 - BHO: Class - {04E19B1B-1EAE-FFA4-6D31-B92152BEDCC9} - C:\WINDOWS\system32\apihj.dll (file missing)
O2 - BHO: Class - {04E44D61-38BB-E8B2-A1A9-21ADD21CA485} - C:\WINDOWS\system32\winsj32.dll (file missing)
O2 - BHO: Class - {04FA0937-0930-1006-31A1-535AEA9649FE} - C:\WINDOWS\netzh.dll (file missing)
O2 - BHO: Class - {04FC9658-0375-8D02-BA36-0965398A38C5} - C:\WINDOWS\system32\crsk32.dll (file missing)
O2 - BHO: Class - {0535FF3D-8B14-0B58-1F20-E93989E72FB0} - C:\WINDOWS\system32\d3lj32.dll (file missing)
O2 - BHO: Class - {05429DE5-9AEC-4A99-3592-2D986ECF6294} - C:\WINDOWS\system32\iecw.dll (file missing)
O2 - BHO: Class - {054F5E50-28A8-4816-3209-EFF9B61A1BEC} - C:\WINDOWS\system32\javaei32.dll (file missing)
O2 - BHO: Class - {05563232-5F02-763A-E92E-D32E0B4BF53F} - C:\WINDOWS\crjx.dll (file missing)
O2 - BHO: Class - {0566E16E-2A99-5084-E121-5895960CC230} - C:\WINDOWS\system32\javayj32.dll (file missing)
O2 - BHO: Class - {0573961B-FD45-7838-DF47-E4F51430CAF7} - C:\WINDOWS\appan.dll (file missing)
O2 - BHO: Class - {057AA07B-6035-C977-C4F6-22C3007CC2F8} - C:\WINDOWS\sdkmx32.dll (file missing)
O2 - BHO: Class - {058680EF-4C0E-9D88-7204-989DB27DFD59} - C:\WINDOWS\javacc32.dll (file missing)
O2 - BHO: Class - {059571E8-E486-1B82-E2B1-5E7F1A56B1E8} - C:\WINDOWS\sysqm.dll (file missing)
O2 - BHO: Class - {059AB543-4789-E145-BA9A-9825AEACF11B} - C:\WINDOWS\system32\ieno.dll (file missing)
O2 - BHO: Class - {05A88A23-B9D1-7899-EB64-F4AEB6601F25} - C:\WINDOWS\system32\netoa32.dll (file missing)
O2 - BHO: Class - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - C:\WINDOWS\system32\sdkor32.dll (file missing)
O2 - BHO: Class - {05B92FED-4D76-7AC5-786D-B39C086729FC} - C:\WINDOWS\sdkba.dll (file missing)
O2 - BHO: Class - {05BA99FE-B9FE-C1A4-557E-880036A20118} - C:\WINDOWS\syscv.dll (file missing)
O2 - BHO: Class - {05C13EB5-7881-2B00-7C2C-BE433C3C51A6} - C:\WINDOWS\system32\sdkyh.dll (file missing)
O2 - BHO: Class - {05C2CD81-24FE-5D99-8F9B-7B4071451E4E} - C:\WINDOWS\system32\javagp32.dll (file missing)
O2 - BHO: Class - {05D28462-944E-6985-69CD-AF3E4EABB1C8} - C:\WINDOWS\system32\d3ft32.dll (file missing)
O2 - BHO: Class - {05DBFB5A-148E-655D-A543-649DA7D51173} - C:\WINDOWS\system32\mfcvs32.dll (file missing)
O2 - BHO: Class - {05DF759A-7AB8-74F8-1007-762880E7156C} - C:\WINDOWS\atlfc.dll (file missing)
O2 - BHO: Class - {05E7E2E5-A44B-22B2-1B14-3168021210A7} - C:\WINDOWS\ntwf32.dll (file missing)
O2 - BHO: Class - {05EDEE7D-0B9D-F21C-6066-1E94044BD1BC} - C:\WINDOWS\system32\cryd32.dll (file missing)
O2 - BHO: Class - {05F6F6EC-DA71-D6F9-3745-C8D289B4EDEF} - C:\WINDOWS\appft32.dll (file missing)
O2 - BHO: Class - {0602B01F-0C23-2945-B36B-FD4B02C0B514} - C:\WINDOWS\system32\appaw.dll (file missing)
O2 - BHO: Class - {060E35E9-E407-EE2E-E95E-803984534324} - C:\WINDOWS\system32\netjw.dll (file missing)
O2 - BHO: Class - {06197E31-50B6-4043-D6C9-8E70AAB849E5} - C:\WINDOWS\system32\windh.dll (file missing)
O2 - BHO: Class - {061C880C-9214-661C-A5E5-D5955C8EB912} - C:\WINDOWS\apptb32.dll (file missing)
O2 - BHO: Class - {0631CBDA-7F99-C68B-C89A-E8A19DA73BEE} - C:\WINDOWS\system32\addra32.dll (file missing)
O2 - BHO: Class - {063D279E-A38A-A210-36D9-149D77FEE32B} - C:\WINDOWS\system32\cren.dll (file missing)
O2 - BHO: Class - {063F0059-A1A5-3C34-2788-9C85F54F8033} - C:\WINDOWS\system32\msbv32.dll (file missing)
O2 - BHO: Class - {063FF24F-53A7-58B0-86E1-F81C9BAAFF3A} - C:\WINDOWS\windx32.dll (file missing)
O2 - BHO: Class - {064905B7-0C45-8757-3090-1BEF98713F25} - C:\WINDOWS\javase.dll (file missing)
O2 - BHO: Class - {064B07E4-3062-F9A9-AD59-69604F8C8F77} - C:\WINDOWS\system32\msqd32.dll (file missing)
O2 - BHO: Class - {064CE72F-402C-6FA9-72C8-ADF5FEC210AD} - C:\WINDOWS\addil32.dll
O2 - BHO: Class - {06511831-9B79-0A9B-0C92-991F58C5B4A7} - C:\WINDOWS\crmo.dll (file missing)
O2 - BHO: Class - {0652D47D-1C86-4A6E-368E-FC2CE7424D23} - C:\WINDOWS\system32\addcf32.dll (file missing)
O2 - BHO: Class - {065681BC-006E-9E35-5DC5-EF4FEF1D58C6} - C:\WINDOWS\atljx32.dll (file missing)
O2 - BHO: Class - {065FC1F3-9ED6-83E8-0595-519D9C0E43FF} - C:\WINDOWS\system32\nthn32.dll (file missing)
O2 - BHO: Class - {0661D7C2-371C-C623-4982-2277DF99E129} - C:\WINDOWS\addma32.dll (file missing)
O2 - BHO: Class - {066D61E7-31BC-C0E4-CE4E-F5740253643A} - C:\WINDOWS\mfcxk32.dll (file missing)
O2 - BHO: Class - {0678BD57-7926-2CB9-09D4-78CBB306F3AF} - C:\WINDOWS\system32\iefg32.dll (file missing)
O2 - BHO: Class - {068489CE-C742-D99D-0B6E-1D0E454D2566} - C:\WINDOWS\system32\apphh.dll (file missing)
O2 - BHO: Class - {069FEA99-1168-7949-95DD-D064A827ABDC} - C:\WINDOWS\sdkkp.dll (file missing)
O2 - BHO: Class - {06E9293B-0874-4C97-3FF4-7898452B2624} - C:\WINDOWS\system32\netmn.dll (file missing)
O2 - BHO: Class - {06F2F9D7-CBB7-3A1B-945B-B55C3958B32A} - C:\WINDOWS\system32\addko32.dll (file missing)
O2 - BHO: Class - {07058BA3-7AA4-113B-9631-087033B78712} - C:\WINDOWS\system32\d3bl.dll (file missing)
O2 - BHO: Class - {0706338B-9CE7-5994-DFBC-88F6A678A984} - C:\WINDOWS\system32\mser32.dll (file missing)
O2 - BHO: Class - {070A9AF7-732E-A801-646D-0D9F1C0626F9} - C:\WINDOWS\system32\addzq.dll (file missing)
O2 - BHO: Class - {070C3EB7-6F3B-2B33-71B8-05AA17347B31} - C:\WINDOWS\system32\atlpm32.dll (file missing)
O2 - BHO: Class - {0713F490-5897-74D3-8736-456602C0D47B} - C:\WINDOWS\system32\ntwa.dll (file missing)
O2 - BHO: Class - {07146AF0-7FF5-EAB9-8DF4-A761A47B6EC0} - C:\WINDOWS\mfcda.dll (file missing)
O2 - BHO: Class - {072CAE8C-38F2-5B21-58C7-3F1949B30C0E} - C:\WINDOWS\system32\msoa.dll (file missing)
O2 - BHO: Class - {072E4343-D602-0ADF-C47C-83BCE94CC13E} - C:\WINDOWS\ntbn32.dll (file missing)
O2 - BHO: Class - {0743DA68-0E28-C684-9FC4-83C242C144CB} - C:\WINDOWS\system32\ntyh32.dll (file missing)
O2 - BHO: Class - {077B6257-5FF2-99E2-4271-626F5736BD18} - C:\WINDOWS\addle32.dll (file missing)
O2 - BHO: Class - {07850CE3-1044-C87E-2D7E-A3B83871E631} - C:\WINDOWS\atlma32.dll (file missing)
O2 - BHO: Class - {0785E382-D842-E060-C164-DD3F0FB832F7} - C:\WINDOWS\system32\ipcl.dll (file missing)
O2 - BHO: Class - {079FC989-AC41-02CB-5596-5A02A41BB70E} - C:\WINDOWS\addlz32.dll (file missing)
O2 - BHO: Class - {07AEE7F2-1978-9E11-ECC0-B7E565673770} - C:\WINDOWS\system32\ntfe.dll (file missing)
O2 - BHO: Class - {07C26786-AEB9-D008-6BFF-7402FA16E391} - C:\WINDOWS\system32\sysco.dll (file missing)
O2 - BHO: Class - {07D9AB78-38D2-24CF-7AAF-10AB9B60E030} - C:\WINDOWS\sysxf.dll (file missing)
O2 - BHO: Class - {07D9FD4D-6D4C-4A65-72AC-9B3400AF232F} - C:\WINDOWS\sdkyq.dll (file missing)
O2 - BHO: Class - {07DABBD5-6266-88F3-4EEF-7DCA2FA9AB12} - C:\WINDOWS\sdkxl32.dll (file missing)
O2 - BHO: Class - {07DCD1F0-3431-2061-572B-9CC2066EF30E} - C:\WINDOWS\system32\addhr.dll (file missing)
O2 - BHO: Class - {07E3A13B-657F-5210-C8A4-A2F729B41F82} - C:\WINDOWS\ntjh.dll (file missing)
O2 - BHO: Class - {07E65FDF-2A73-7925-24D8-A81B2D818986} - C:\WINDOWS\mfcef32.dll (file missing)
O2 - BHO: Class - {07F1BD9C-F6EB-D4B5-02B4-8ADA6FA20652} - C:\WINDOWS\system32\sysut32.dll (file missing)
O2 - BHO: Class - {07F58C42-E5B8-EA0E-6CBA-AA7738739A02} - C:\WINDOWS\winxj.dll (file missing)
O2 - BHO: Class - {07FB823E-F9DE-12D2-61F9-F3BC18F30BF8} - C:\WINDOWS\system32\systd.dll
O2 - BHO: Class - {07FFA67A-712E-10CA-AB2F-005BE3833F6F} - C:\WINDOWS\nthx32.dll (file missing)
O2 - BHO: Class - {082FA205-CF3A-E156-F50C-35DEC1A41A0F} - C:\WINDOWS\ipbz.dll (file missing)
O2 - BHO: Class - {083A00C1-8BB2-5BD6-D3E8-27ADF3D597CA} - C:\WINDOWS\msns.dll (file missing)
O2 - BHO: Class - {083BB3F1-97E9-86D9-D6D7-D82343AADC7D} - C:\WINDOWS\system32\sdkpq32.dll (file missing)
O2 - BHO: Class - {08484541-BCCD-C18F-32D6-EB815B6DEC10} - C:\WINDOWS\system32\ntim.dll (file missing)
O2 - BHO: Class - {0849D85E-9E3A-1D4E-46F5-738EC7501816} - C:\WINDOWS\system32\netpf.dll (file missing)
O2 - BHO: Class - {08672C48-A150-AFA8-7101-3AF575D1EB75} - C:\WINDOWS\system32\addfa32.dll (file missing)
O2 - BHO: Class - {086A2B10-CBD6-9425-CAB7-630B339588D1} - C:\WINDOWS\apisj32.dll (file missing)
O2 - BHO: Class - {08742320-7B91-B041-BB02-54EE6347959B} - C:\WINDOWS\system32\apiqx.dll (file missing)
O2 - BHO: Class - {0877A705-CF0F-9B04-E7FC-376A8A21A172} - C:\WINDOWS\system32\javazk32.dll (file missing)
O2 - BHO: Class - {087899FB-71F1-C680-3656-92E12F8C1179} - C:\WINDOWS\syspq32.dll (file missing)
O2 - BHO: Class - {088042C1-CF32-5709-F987-88BB55DF78A1} - C:\WINDOWS\system32\crdj32.dll (file missing)
O2 - BHO: Class - {089822DD-A09F-FC5F-3372-8ED9AEC3F610} - C:\WINDOWS\system32\sdkce32.dll (file missing)
O2 - BHO: Class - {089852EF-DA68-EB82-3233-986283B60FCC} - C:\WINDOWS\system32\mfcbx.dll (file missing)
O2 - BHO: Class - {0899151F-E69F-1686-3512-49E8D49B547E} - C:\WINDOWS\ieps.dll (file missing)
O2 - BHO: Class - {08A16CBA-2D4A-CD2A-AC68-B1289A8DFA47} - C:\WINDOWS\system32\mshj32.dll (file missing)
O2 - BHO: Class - {08AA5DB2-A44F-8F76-711C-956A8C663487} - C:\WINDOWS\crcq.dll (file missing)
O2 - BHO: Class - {08B37597-543F-3682-9CE8-5399FDD1AF1B} - C:\WINDOWS\iemx.dll (file missing)
O2 - BHO: Class - {08BCB911-27A7-446C-4557-9FF6E0AB08B2} - C:\WINDOWS\system32\mfcrc32.dll (file missing)
O2 - BHO: Class - {08CC5E40-8C58-29E6-174D-52D53EB571EA} - C:\WINDOWS\system32\ipqc32.dll (file missing)
O2 - BHO: Class - {08D7DCB9-A18D-AF6B-AF0D-4A3C5AC6A8F1} - C:\WINDOWS\d3dq.dll (file missing)
O2 - BHO: Class - {090277E5-E08B-F02D-EFC4-EC18EF57335C} - C:\WINDOWS\javays32.dll (file missing)
O2 - BHO: Class - {09130DA4-2602-1DD5-DB25-F69DD7B9CD2A} - C:\WINDOWS\iend32.dll (file missing)
O2 - BHO: Class - {091F1994-2589-E2A5-3267-A7E14CC24368} - C:\WINDOWS\system32\winru32.dll (file missing)
O2 - BHO: Class - {092C0E63-121E-FA9D-1E4E-5DDAA0E963DB} - C:\WINDOWS\system32\addnm32.dll (file missing)
O2 - BHO: Class - {092CC6AA-538B-D8B7-4D6D-94C9785175B6} - C:\WINDOWS\system32\msvl32.dll (file missing)
O2 - BHO: Class - {093090BA-B1FE-72F7-A6A9-7CF6C4D3393E} - C:\WINDOWS\system32\ntnn32.dll (file missing)
O2 - BHO: Class - {09344CF2-F3E4-9C52-6F87-02823733C5DA} - C:\WINDOWS\ntvh32.dll (file missing)
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\iprq.dll (file missing)
O2 - BHO: Class - {0940292B-4CA0-70A8-794E-09E449B611D4} - C:\WINDOWS\system32\netff.dll (file missing)
O2 - BHO: Class - {094C8991-D4CA-2D16-BFB0-B84ABF8D27DA} - C:\WINDOWS\appvv.dll (file missing)
O2 - BHO: Class - {094D3C6B-0FD5-85DB-7DA2-55DE1550FD2B} - C:\WINDOWS\system32\atlkh32.dll (file missing)
O2 - BHO: Class - {0958BFE2-0B32-DB04-80FC-3F165E4F5062} - C:\WINDOWS\crto.dll (file missing)
O2 - BHO: Class - {095AE626-BAC9-8D23-E652-D32FB0624101} - C:\WINDOWS\netby32.dll (file missing)
O2 - BHO: Class - {095AEAC7-0EE3-5E2C-CE96-56983CF29ED9} - C:\WINDOWS\system32\apici32.dll (file missing)
O2 - BHO: Class - {0972EE38-5F19-0CDC-F8F2-205E91929353} - C:\WINDOWS\apizi.dll (file missing)
O2 - BHO: Class - {097FEAC8-2F66-1ADA-699F-2838B1F22928} - C:\WINDOWS\winyt32.dll (file missing)
O2 - BHO: Class - {09A44D23-36D4-1C12-AD2A-E655F1C400AD} - C:\WINDOWS\javajg32.dll (file missing)
O2 - BHO: Class - {09D5204A-874B-9DCA-CD74-A138A4451225} - C:\WINDOWS\system32\sdkii32.dll (file missing)
O2 - BHO: Class - {09D6E9D5-A43E-FBA5-1F3C-92CDA7424EE9} - C:\WINDOWS\system32\iprw32.dll (file missing)
O2 - BHO: Class - {09FB32FD-A37F-80FB-81BA-E5E7A992B7C6} - C:\WINDOWS\addmd32.dll (file missing)
O2 - BHO: Class - {0A0FF6B2-F037-E653-9B2C-9C1544FD844C} - C:\WINDOWS\system32\ntrx.dll (file missing)
O2 - BHO: Class - {0A261981-5087-4BD5-BB1C-2E35FF54882F} - C:\WINDOWS\system32\d3gw32.dll (file missing)
O2 - BHO: Class - {0A66CBAA-236D-B89D-CD83-DE127147DC70} - C:\WINDOWS\atlhy32.dll (file missing)
O2 - BHO: Class - {0A70899B-4378-E095-99F0-F4E37E5E8CA5} - C:\WINDOWS\system32\netxm.dll (file missing)
O2 - BHO: Class - {0A89880E-AC76-CE92-49C2-EBA9B61044FE} - C:\WINDOWS\atlvu.dll (file missing)
O2 - BHO: Class - {0A8D0092-6F79-27C0-3B9C-D542A7FC6907} - C:\WINDOWS\system32\javaoj32.dll (file missing)
O2 - BHO: Class - {0A8F9DA2-68AE-94CC-C521-8B5DF5E048DD} - C:\WINDOWS\msvz32.dll (file missing)
O2 - BHO: Class - {0A970907-E04F-2619-61D4-DA07C2C0D521} - C:\WINDOWS\system32\addmd.dll (file missing)
O2 - BHO: Class - {0A9AC70B-D55C-F5E0-B29D-89941C454F9E} - C:\WINDOWS\apigc32.dll (file missing)
O2 - BHO: Class - {0AA3F3DE-030A-E239-79EC-175ABD7AC2CC} - C:\WINDOWS\system32\javang.dll (file missing)
O2 - BHO: Class - {0AB844A3-59F7-B49D-2CE3-649396BA8F19} - C:\WINDOWS\atlkm.dll (file missing)
O2 - BHO: Class - {0ABA38C6-4006-515B-E705-1E8AF3205F52} - C:\WINDOWS\system32\netmu.dll (file missing)
O2 - BHO: Class - {0ABBF74F-5521-80E9-A448-F010122AC646} - C:\WINDOWS\system32\msin32.dll (file missing)
O2 - BHO: Class - {0ABDB1DF-2316-1A30-4569-3C2CBA8172F0} - C:\WINDOWS\system32\addza32.dll (file missing)
O2 - BHO: Class - {0AC5D5FC-CDEA-D4D6-2A99-1B6A091210B5} - C:\WINDOWS\system32\netvg.dll (file missing)
O2 - BHO: Class - {0AC7FED9-E4EE-4D4E-1A19-CDEB6C66C58A} - C:\WINDOWS\system32\msxl32.dll (file missing)
O2 - BHO: Class - {0ADC4EA8-88E9-0336-6EB6-BF9DB04B13C0} - C:\WINDOWS\system32\addas32.dll (file missing)
O2 - BHO: Class - {0ADD29EE-5803-289D-3949-C714A97C2D55} - C:\WINDOWS\system32\javamh.dll (file missing)
O2 - BHO: Class - {0ADEE711-8B02-83DC-B2AE-86A9DD5436D7} - C:\WINDOWS\system32\javaga.dll (file missing)
O2 - BHO: Class - {0AE873A4-EE46-DEE5-FB05-2379630ADDE8} - C:\WINDOWS\d3rr.dll (file missing)
O2 - BHO: Class - {0AF23546-627B-E7D6-AEB6-CBB4FC91EBE4} - C:\WINDOWS\system32\ntvx32.dll (file missing)
O2 - BHO: Class - {0B01EADD-4EEA-1744-7321-45BB28A5E86A} - C:\WINDOWS\system32\javabq32.dll (file missing)
O2 - BHO: Class - {0C53C50B-D818-F1CB-C013-1D3F181EDD6C} - C:\WINDOWS\ntec32.dll (file missing)
O2 - BHO: Class - {0CEEC41A-54F9-F1D2-230D-B4B044ECC202} - C:\WINDOWS\atlyi32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {53B83EBA-809F-C983-5C07-4CB6E85D8F3A} - C:\WINDOWS\system32\javart.dll
O2 - BHO: Class - {8CC2DB24-461E-930B-0400-42B4EFEC2D77} - C:\WINDOWS\system32\d3db.dll (file missing)
O2 - BHO: Class - {DFA66CB8-38A2-958B-E335-DF82AF8300E8} - C:\WINDOWS\system32\netid.dll
O2 - BHO: Class - {ED83DE83-1A0E-2A73-D318-B4BD3272FB28} - C:\WINDOWS\system32\d3pr32.dll (file missing)
O2 - BHO: Class - {F514A8BE-BE2B-3710-CB9C-43C461BF044F} - C:\WINDOWS\ntcj32.dll (file missing)
O2 - BHO: Class - {F5155F20-FF52-9C3B-B02B-CF48E85DA740} - C:\WINDOWS\system32\appmj.dll (file missing)
O2 - BHO: Class - {F51732EE-1445-46BB-3740-655F49B0F738} - C:\WINDOWS\appts.dll (file missing)
O2 - BHO: Class - {F5175406-F001-516B-847A-DA5FC41F90DC} - C:\WINDOWS\system32\javarg32.dll (file missing)
O2 - BHO: Class - {F521300B-AC38-427A-A225-491396604012} - C:\WINDOWS\system32\atlys32.dll (file missing)
O2 - BHO: Class - {F52146BB-9F0F-599F-26EC-9C244299A684} - C:\WINDOWS\system32\ntme32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F52DCF2D-8EF0-1BEE-927B-FD01E6180063} - C:\WINDOWS\system32\iefj.dll (file missing)
O2 - BHO: Class - {F52E2033-83A1-5DFD-596F-100DD7ACA4B6} - C:\WINDOWS\system32\atlsx.dll (file missing)
O2 - BHO: Class - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - C:\WINDOWS\system32\cruv32.dll
O2 - BHO: Class - {FFCDF546-F480-31CB-7C6B-5F25BAA47B24} - C:\WINDOWS\system32\msof.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136010394515
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\winqg32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)

Thanks for any input

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 03 January 2006 - 09:59 PM

Can you do the following please
Try and do it all

==Redownload Hijackthis from my Signature below and save it too a permanent folder on your harddrive
ONLY run hijackthis from this new location

==Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download CWShredder.exe and save to your desktop
Don't run it yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net...wnload/updates/

Download and Install Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet

==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster.zip
by RubbeR Ducky
Unzip it to that new folder so you now have AboutBuster.exe(and included Readme.rtf) extracted to the Aboutbuster folder
Don't run it yet

Now that we have the tools
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Close all open windows, including this one

Open CWShredder.exe, click on the FIX button
Let it Fix what it finds

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
At the Startup menu select Safe mode

In safe mode
==Open the AboutBuster folder and double click on About:Buster.exe
Click the Begin Removal button
Yes to the prompt
Let it finish it's scan, then Exit
Please run About:buster again with the same instructions

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
While Ewido is running, refrain from using the computer, please let it do it's job with no interference

Remain in safe mode
Do a "System scan only" with Hijackthis and put a check next to these entries
Any of the below found

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rawvm.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

All the "02 BHO entries" with one exception
DON'T put a tick next to this one
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

Remember Don't tick the 02 entry related too Spybot, but check all the other
O2 - BHO: Class entries

Then tick the next ones too
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\winqg32.exe


After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back into Normal mode

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page

I need to see the following please

1. Run a Scan and savelogfile with hijackthis and post a fresh log
2. Post the whole report from Ewido's
3. Post the contents of the "Ab LogFile.txt" located in the same folder as About:Buster.exe
4. Also, open Hijackthis>>Open Misc tools section>>Open Hosts file manager
If prompted to create a hosts file, do so
Click the "Open In Notepad" button
A text file should open, copy and paste this back here too please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 04 January 2006 - 03:57 PM

I did everything as you said except when i run aboutbuster in safe mode it comes up with a runtime"6" error overflow. so i'm not sure what to do next.

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 04 January 2006 - 11:04 PM

Please carry on with the rest of the instructions, we'll deal with it later

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 06 January 2006 - 04:32 AM

i think i did it all correctly. here it is.


Logfile of HijackThis v1.99.1
Scan saved at 4:18:05 AM, on 1/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\kerry and colleen\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136010394515
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:06:14 PM, 1/5/2006
+ Report-Checksum: B92F296A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\kerry and colleen\Application Data\tizupd.bin -> Trojan.Scapur.b : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> Downloader.PurityScan.an : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106533757.ssb/C:\Program Files\ISTsvc\istsvc.exe -> Downloader.IstBar.gm : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106533757.ssb/C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106533757.ssb/C:\WINDOWS\system32\SahAgent.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106533757.ssb/C:\WINDOWS\system32\DwsSz1lp.exe -> Downloader.VB.em : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106533757.ssb/C:\WINDOWS\system32\Eola9.exe -> Downloader.VB.em : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ds : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Program Files\eZula\CHCON.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll -> Spyware.eUniverse : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\Program Files\Web Offer\apev.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\SEPinst.exe -> Trojan.Septic.a : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Downloaded Program Files\lsp_.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Downloaded Program Files\SahHtml_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\SAHUninstall.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\angelex.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\exdl.exe -> Adware.eXact : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\exdl0.exe -> Adware.eXact : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\exdl1.exe -> Adware.eXact : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\lsp.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\SahHtml.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\SearchBar.htm -> Spyware.TwainTech : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\system32\Searchx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\pmexe.cab/Points Manager.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\pmfiles.cab/setup.cab/PMuninstall.bde -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106610638.ssb/C:\WINDOWS\zeta.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1106611010.ssb/C:\WINDOWS\system32\lsp.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\MyWayPluginProxy.class -> Spyware.MyWay : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\addcn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addco.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\adddj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addep.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addfl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addfm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addfs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addkf.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addkm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addmn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addnb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addph32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\adduy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addxo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addzg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apicn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apidk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apidl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apied.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apign.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apigq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apihj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apijv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apikl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apisa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apisq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apitp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiux.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apivp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apivv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appfp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appjv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appmv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appsn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appuq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appve32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appvz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appzr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlbg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlbg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atldn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlgg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlgn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlnh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlof32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atloo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlql.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlrm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlsk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlvo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlxk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlym.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlyo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlzp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crda.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crdp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cree32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crgk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crgn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crhj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\criq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crkx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crlq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crmd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crtd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crtl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crup.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crva32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crzp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3at32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3cr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3cw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3cx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3dk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3dp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ea32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ej32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3el.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3fu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3ge.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3id32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3jk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3kz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3mj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3mo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3mq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3na32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3pn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3pt32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3sa.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3se.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3tv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3uh32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3wd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3zf.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3zp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieaa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieew.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieez32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iefd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieib.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ieji.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iejx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieko.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ielk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ielu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieny.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iepc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iepz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieqg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iesq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ieti.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iety.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieuf.dll -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\iewu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iewx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieya32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieyb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieza32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipax32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipdb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipdh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipeu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipfm.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipgg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipgg32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iphe.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipnr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipqv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipte32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iptj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipvr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipwl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipwn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipxr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipyi32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipzq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javafm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javage.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javahe32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javahi32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javair32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javajc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javajh32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javala32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaoi32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javapy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javaqu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javaqx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javarz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javauc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaue.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javavs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javawa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaxb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javayd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javayu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcam32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcbo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcca32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcgy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfchm.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcle32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfclp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcmb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcoh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcqf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcrq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcry.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcsp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfctr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfctu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcuy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcvx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcwo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcwv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcyu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mscs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msdi.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msed32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mshq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mshw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msib.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msix.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msja.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmi.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msnn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msob.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msqk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msqs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msvn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mswe.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mswn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msxn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msya32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msyf.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netaq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netaw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netdt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netha.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netho32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netju32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netkg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netlx32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netmx32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netnb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netoh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netrn.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netrq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netsb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netsh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nettb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netud.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netup.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netuw32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netvq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netxu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netxy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netyl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netym.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntal.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntbr.dll -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ntch.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntfy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntic32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntjg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntmp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntoc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntpl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntqv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntrb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntsp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntuq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntvc32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntvv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntww.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntze.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_dllnkf.dat -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_gedkbq.dat -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_hcrnvr.txt -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_hieksx.log -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_icmhxu.txt -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_mawpxu.dat -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_taukbi.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ycgxyf.txt -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_yjzwgh.dat -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_yrfyme.log -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_zvfmid.dat -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkam32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkcy.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkej32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkjy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkkd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkkq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkpq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkqt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkux32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkwo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkye32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkyx32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkzp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkzp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysaf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysbg32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysci32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syscr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syscv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syseh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysfh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\syshj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysjx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syskd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syslp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syslz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysol32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysot32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\syspr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\syssg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\a3d98631.exe -> Spyware.VB : Cleaned with backup
C:\WINDOWS\system32\addae32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addba.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addcc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addcr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addcw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addcy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addfb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addga32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addjl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addon32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addoy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addqu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addsk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addwc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addwc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addxe32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addyy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addze.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addzh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiak32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apidl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apieh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiey.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apifd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apifw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiga32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apigv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apigy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apijz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apikd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apikg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apimt.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiqz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apirp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apirx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apisj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apite.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apius.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiwa.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apixf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apiyd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apizb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appai.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appbo32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appcz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appdm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appfg32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appgh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apphu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apphw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appiv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appkh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appkp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apppf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apppk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apprp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apptj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appxa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appyt.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appyz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appzx.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlcr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlct32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlec32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlew.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atllc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atllu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlme.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlns32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlnx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlpo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlre.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlrw32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlsx32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atltn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atltv32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atluk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlvz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlyd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlyz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlzd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlzz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\Cache\s4Sept.exe -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\system32\catsrvut.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\cmdial32.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\crdu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\cred.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crfw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crjf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crnh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crod32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crux32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crxj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3cd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3ea32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3ez.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3kn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3ko32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3nq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3ph32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3qh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3qw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3rs32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3rw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3td32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3th.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3tk32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3tq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3tu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3vd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3yj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3zh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ieao.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iebe.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iedr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iegd32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iekl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ielg.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iell32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ielz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ienr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ient32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ieow.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iepx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iero.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ieum.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ievl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iewk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iewo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieyp.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipbs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipcb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipct32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipgt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iphf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipif32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipiz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipjc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipkb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\iplb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ippu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipti32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipts.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipve32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaan32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaei32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javafg32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javait32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javakc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javakq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javami32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javamn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaoj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaop32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javapg32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaqi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javasm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javasn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaty.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javauh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javauv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaxl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaxn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javazd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfccm.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfccp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcdh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcdo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcel32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcim.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfciz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcjk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcjz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcla.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcmj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcmo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcnr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcoz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcqe.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcrf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcsf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcsy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfctl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcts32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcuy.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcvw32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcwl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msah.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msby32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mscw.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mscy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msdu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mshp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msic32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msik.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msit32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msiz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msja32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msnx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mspj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mssv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msts32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msty.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msyh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netad32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netbs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netdi.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netdz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netfg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netgq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netgs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netgu.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netgy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\nethe32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netjm.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netkt32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netlj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netnx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netoj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netol32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netum32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netvi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netwi.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netwr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netxo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netxr.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netzv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netzz32.exe -> D

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 06 January 2006 - 07:03 PM

Sorry for the delay

i think i did it all correctly. here it is.


Not quite, I asked you too redownload Hijackthis from my signature below and save it too a permanent folder on your drive
You are still running hijackthis from a Temporary folder
We cleaned that folder, if you ran hijackthis from there earlier, all backups are now lost

Also, I asked for the following
Open Hijackthis>>Open Misc tools section>>Open Hosts file manager
If prompted to create a hosts file, do so
Click the "Open In Notepad" button
A text file should open, copy and paste this back here too please

Additionally
You cut off the bottom part of the Ewido Report
Can you please do the following

Don't repost the top of the Ewido report
But post anything below this line
C:\WINDOWS\system32\netzv.exe -> Downloader.Agent.bq : Cleaned with backup

AFTER you have posted the above text file from Hosts file manager
and the remainder of the Ewido report
I need you to also do the following

Download DelDomains.inf from HERE
Save it to your desktop
==Right Click on DelDomains.inf>>Choose Install from the menu bar
This will delete all your Trusted and Ranges entries

After you have done that
Do another "Scan and Save logfile" with Hijackthis and repost a fresh log please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 07 January 2006 - 05:08 PM

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

C:\WINDOWS\system32\netzv.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netzz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntax.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntbb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntdw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntin.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntip32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntjy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntka32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntki.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntkr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntnb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntng32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntoi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntpj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntps.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntqc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntqe32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntqm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntqs.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntuf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntuh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntuj.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntvn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntyb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkcn32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkdo.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkex32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkey32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkez.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkgb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkjf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkmq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkmt.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkob.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkpc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkqa32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkqu32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkre32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdktb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkub32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkuk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkun.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkzb32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkzy32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysaa32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysaz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysbs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\syser.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysfc.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysfi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysfr32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysjd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysjn.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysnl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysrw32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\systd.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysyf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winbz.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\wince32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\windl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winer32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winfu32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winhm32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winlh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winmh32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winmy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winnd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winnf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winnz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winot32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winpk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winqf32.dll -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\system32\winqg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winrf32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winug32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winup32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winuq.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winwr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winxs32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winyf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\systl32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syswu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysyg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysze32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syszk.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winaj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winax32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winbd.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wincz32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winfa.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winhb.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winhf.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winoi32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winrz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winuq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winvp32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\_detmp.4:bfdni -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_MSI5166._IS:dmajd -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_MSI5166._IS:ofltz -> Downloader.Agent.td : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 5:01:27 PM, on 1/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136010394515
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)


ok, well sorry about not getting it right before. when you say to save Hijackthis to a permanent folder i assume you mean to create a folder (hjt) in the program files and save it to this folder. that is what i did. i did some web surfing earlier just to check out my IE because it seems to be working now and i'm getting a lot of pop ups. so i did a virus scan and i still had a lot of infected files including coolwebsearch.

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 January 2006 - 05:18 PM

Can you try something please
Delete your copy of About:Buster

Redownload it from here
http://www.malwareby.../click.php?id=1

Save it and UNZIP it
Run the Begin Removal and see if it runs

Additionally, Avast may not be running properly, as indicated by your log
The 04 entry is missing

Did you uninstall Norton's completely?
I see it still in your log
What version of Norton's were you running?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 07 January 2006 - 05:38 PM

About buster will not run. i get a run time error 6 overflow. do i need to run this in safe mode? it also says that i should extract all files before running. also, i'm not sure about the nortons. this is my parents computer and i just started deleting things that i didn't think they needed. i did a search for any norton files and nothing came up.

#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 January 2006 - 05:47 PM

Yes, it's definitely has to be extracted (Unzipped) first
Did you see my Instructions before

Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster.zip
by RubbeR Ducky
Unzip it to that new folder so you now have AboutBuster.exe(and included Readme.rtf) extracted to the Aboutbuster folder
Don't run it yet

Here's how to run the built in utility in XP
http://consumer.inst....asp?id=Q108326

Don't run About:Buster yet
But we must rid you of Norton's if your going to use Avast
I prefer Avast
but you must make sure you uninstall Norton's completely

his is my parents computer and i just started deleting things that i didn't think they needed. i did a search for any norton files and nothing came up.

STOP just deleting things, they must be properly uninstalled!!!!

Find out what version it was/is

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#11 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 07 January 2006 - 06:08 PM

just called my dad. he said he doesn't think he installed nortons, so it might have already been installed when he got the computer. i'm going to stop over there sometime tomorrow (i have to work tonight) to see if i can find any discs or anything.

#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 January 2006 - 06:19 PM

That's a good call, there are uninstall utilities from Symantec's to run on the computer
But you must know what version you have installed
Also, was it just Norton's AV or Nortons Internet Security?
When did Dad get the computer, that might help to know
Has he reinstalled his Operating system since he has owned the computer?

I have to step out for a bit
But can you open Hijackthis>>Open Misc tools section>>Open uninstaller manager
Click the SAVE LIST button>>Save the list to desktop and then copy and paste the info back here

We will later try and remove Norton's(Symantec's) completely later
We might also have to reinstall Avast
Don't do it now

I want to do this in steps to make sure the system is running good!

Can you also do me the following
Look for a file called shell.dll in your C:\Windows\system32 folder
If you find it, it's legit, I just want to make sure it is present

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#13 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 07 January 2006 - 06:23 PM

Ad-Aware SE Personal
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
Ameritech.net SpeedPath DSL Internet Service
avast! Antivirus
ccCommon
CleanUp!
Compaq Connections
DirectX Hotfix - KB825116
EPSON Printer Software
ewido anti-malware
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
I.E. Host
IntelliMover Data Transfer Demo
iPod for Windows 2005-09-06
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft Office Standard Edition 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Word Viewer 97
Microsoft Works 7.0
Napster
Napster Burn Engine
Norton AntiVirus 2004
OIN
QuickTime
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Sonic Update Manager
Spy Sweeper
Spybot - Search & Destroy 1.4
Tweakui Powertoy for Windows XP
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB Storage Driver
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821431
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357

#14 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 January 2006 - 11:52 PM

It appears Norton 2004 was installed
Also, I wouldn't try installing Service pack 2 from Windows until after we have you clean
The install will not usually go that well, while there are infections on the computer

Please follow the instruction outlined by Symantec's to remove your Norton's product
from this link
Click here
Use Add/Remove programs to remove Norton AV 2004
You should be able to also remove LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
ccCommon

If add/remove programs won't work for you, be sure to check out this link or run the utility anyways
I think you should run the following regardless
Click Here

After the above is done, be sure to reboot the computer

Back in Windows

Can you do the following please
Be sure you have AboutBuster unzipped
I'm not sure what version of Ad-Aware you have installed, be sure it SE Personal 1.06
If it isn't
You can Download and Install from here
Ad-Aware SE Personal 1.06
Allow to remove the old version if applicable
In the event you have the newest version of Ad-aware
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet

Your version of Avast looks corrupt, can you please redownload the installer to Avast from here and save it too your desktop
Here's the download location
http://www.avast.com...avast-home.html
Do not install it yet, we have to uninstall your other version first

Next: Download and save to your desktop
Avast Uninstall utility
Don't run this yet, we'll need it in a bit

==Download and save Cwsserviceremove.zip
UNZIP to your desktop so you now have Cwsserviceremove.reg extracted
We'll need it later

Can you recheck for updates with Ewido please
If for some reason the Updater won't work can you manually download the
Updates from this link
http://www.ewido.net...wnload/updates/
Install the updates but don't run a scan yet

Can you also do the following
Follow the link to download and install
VX2 Cleaner Plug-in.
After the plugin is installed
restart Ad-Aware before running the VX2 Cleaner.

Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as New VX2 variant found or VX2 variant 1 found will appear.

Press "Clean" and a dialog box with text The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.

Repeat this until the VX2 Cleaner reports "System clean". Press "Close to exit.

Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.

Access your Add/Remove programs and remove
avast! Antivirus

Reboot into safe mode at this time

==Run CWShredder and click the FIX button, let it fix what it finds

==Open the AboutBuster folder and double click on About:Buster.exe
Make sure you unzipped this
Click the Begin Removal button
Yes to the prompt
Let it finish it's scan, then Exit
Please run About:buster again with the same instructions

==Double click on cwserviceremove.reg and allow to add or merge to the registry

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Run the Avast Uninstall utility
Follow the prompts

Reboot back to normal mode
The installer you downloaded earlier for Avast!
Can you now reinstall AVAST and follow the promps
Run a complete system scan
Reboot afterwards back to Normal windows
Back in Windows

Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Script ActiveX controls marked safe for scripting (Prompt)

I need to see the following please
1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report
3. Post the contents of the "Ab LogFile.txt" located in the same folder as About:Buster.exe
Additonally, Look for a file called shell.dll in your C:\Windows\system32 folder
If you find it, it's legit, I just want to make sure it is present

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#15 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 08 January 2006 - 04:18 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:01:59 PM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:37:56 AM, 1/8/2006
+ Report-Checksum: 9CF21C82

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Error during cleaning
HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Install -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\kerry and colleen\Cookies\kerry and [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\kerry and colleen\Cookies\kerry and [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\qpkky.dat -> Downloader.Qoologic.be : Cleaned with backup


::Report End
I followed the instructions to remove nortons with liveupdate, not sure if it worked. i couldn't understand if they wanted me to reinstall nortons. I stopped at the point where they wanted me to reinstall nortons. about buster still will not run. i still get the overfow error. i found the file shell.dll in the windows/system folder. now i also get some kind of script prompt everytime i go to a web site.

#16 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 January 2006 - 04:38 PM

Can you open Spybot 1.4 please
Click on IMMUNIZE>>OK>>Immunize at the top green cross
Close spybot

The script prompt at websites
For now can you check to make sure the following are true
In Internet Explorer click on TOOLS>>Internet Options
Under the ADVANCED tab
CHECK>>Disable Script debugging
UNCHECK>>Display a notification of every script error
Apply and close out of there

Can you also go to
START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Messenger<-this is not the same as Messenger chat

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for Alerter as well
This should help stop unwanted popups from the Messenger service
This is disable by default in SP2

Can you also make sure that the Windows Firewall is enabled, it's not by default
But is in SP2
You can install SP2 once your clear of all nasties
This link will show you how to enable the Firewall
http://www.arnoldco....p_firewall.html

Can you download and save too your desktop
FxWebsch.exe
from Symantec's

I suggest that you return to safe mode

Before you do
Run another scan only with hijackthis, with all other windows closed
and fix checked this entry please
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Then boot to safe mode
Double click to open FxWebsch.exe
Click START
Let it run a scan and fix what it finds

It should make a log afterwards, I'll want to see it later

Reboot back to Normal mode
Post a new hijackthis log, and the log created by FxWebsch.exe
Can you also let me know what you were able to accomplish in my last steps
No, don't reinstall Norton's
Did you run the uninstall utility I linked you too for Norton's? It doesn't look like it
Did you uninstall and reinstall Avast!? It doesn't look like it
Do what I posted in this reply and then come back to me with these please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#17 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 09 January 2006 - 04:40 AM

ok, sorry if my last post was kinda vague. i was in a rush to get this done before work.
when i say that i deleted files that i didn't think they needed on their computer i meant to say that i uninstalled programs that i didn't think they needed. i don't want you to think that i just go around deleting random files. so nortons was actually uninstalled properly. i don't know how it's still on my log. it has not been listed on my add/remove programs list since i uninstalled it. i did download and run the avast uninstall utility. i also downloaded avast from the link you provided. i installed and ran the vx2 cleaner plugin to ad-aware and everything came up clean. cwshredder came up with nothing also. about buster still gives me the error when running. when i ran ewido it seems like it came up with the same viruses that it was supposed to have deleted the first time that i ran it. i immunized with spybot. when i went to enable the windows firewall i got an error saying "the specific service does not exist as an installed service" so i could not complete that task. ran fxwebsch and it found nothing. here are the logs that you requested.

Symantec Adware.Websearch Removal Tool 1.0.0

Adware.Websearch has not been found on your computer.

Logfile of HijackThis v1.99.1
Scan saved at 6:05:07 PM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hjt\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136010394515
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

#18 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 09 January 2006 - 10:35 PM

Just for a double check
Could you Download GetServices.zip
Unzip it to a folder
Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder.
getservice.txt will list all active Services

Post the getservices.txt

Could you also, Open Hijackthis>>Open Misc tools section
Put a check in the following

List all minor sections (full)
and
List empty sections (complete)


Then afterwards click the "Generate startup listlog"

A text file will open
Can you copy and paste the whole contents back here please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#19 indigenous1

indigenous1

    Journeyman

  • Members
  • PipPip
  • 45 posts

Posted 09 January 2006 - 10:42 PM

here they are.

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: aswUpdSv
Provides automatic updating for the avast! antivirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : avast! iAVS4 Control Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: avast! Antivirus
Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : avast! Antivirus
DEPENDENCIES : aswMon2
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: avast! Mail Scanner
Implements mail scanning for avast! antivirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : avast! Mail Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: avast! Web Scanner
Implements web (HTTP) scanning for avast! antivirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : avast! Web Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Uses idle network bandwidth to transfer data.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: EpsonBidirectionalService
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
LOAD_ORDER_GROUP : EBAPIServiceGroup
TAG : 2
DISPLAY_NAME : EpsonBidirectionalService
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EPSONStatusAgent2
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : EPSON Printer Status Agent2
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ewido security suite control
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\ewido anti-malware\ewidoctrl.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ewido security suite control
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\fxssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPodService
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\iPod\bin\iPodService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPodService
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : LiveUpdate
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: ributed Transaction Coordinator
: r
: ice
: e Service
: ion
: ings\kern
: 
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{27F2F9F1-D427-4562-B368-0E3DDB2CAF31}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: uploadmgr
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

StartupList report, 1/9/2006, 10:40:36 PM
StartupList version: 1.52.2
Started from : C:\Program Files\hjt\hijackthis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\hijackthis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\kerry and colleen\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[3d784421-21ac-4abc-a2fb-8e1d51d4e9a9] *
StubPath = C:\WINDOWS\System32\cbmmqoo.exe

[3d784421-21ac-4abc-a2fb-8e1d51d4e9a9
] *
StubPath = C:\WINDOWS\System32\cbmmqoo.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not

#20 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 09 January 2006 - 10:59 PM

You didn't post the bottom part of Hijackthis Startup list
Could you do that please

Your also missing the Shared access key, that's why the firewall won't start

Can I get you to also do the following
Download Trackqoo.zip
Save it to the Desktop

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post

Also, Download Find-Qoologic.zip and save it to your Desktop.

UNZIP the files inside into their own folder called FindQoologic to the desktop

Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
Choose option 1 for Run Findqoologic by typing 1 and pressing enter.
This will scan your system.
Wait until a text opens.
Post this in your next reply

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here