Post by: Dale on March 21, 2006, 08:46:44 PM
My friend stopped using the PC a few weeks ago they said. The last time they used it they said windows kept popping open as soon as they started the browser - firefox.
I brought their system to my house to work on. I'm not really sure what all is wrong but I can't seem to start any of the browsers on the computer. As soon as I do things don't seem to work anymore and I have to hold the power button in to turn it off.
I even had trouble getting hijack this installed on their system. Everytime I unzipped it, Mcaffee would intercept the action saying the file contained a virus (whose name I've forgotten), and then delete the file before I could run it. I finally went in to services and disabled everything related to McAffee and was then able to move the unzipped file in to the HJT folder I'd previously created.
Note I tried opening up a command prompt to run ipconfig and was welcomed with a message that said "cmd is not a valid win32 application".
So here's the HJT log copied over from their system. Hope you can help.
Thanks,
Dale
Logfile of HijackThis v1.99.1
Scan saved at 7:29:30 PM, on 3/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\UGF0cmljaWE\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\dsujglf.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\svcnet.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\outlook\outlook.exe
C:\mousepad2.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\sys03075966280.exe
C:\WINDOWS\system32\dgfgql.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\twinnrag.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\WINDOWS\dsujglfA.exe
C:\WINDOWS\win3208628007596.exe
C:\Program Files\Cvcwmje\Wudg.exe
C:\WINDOWS\win3206966280075.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\newname2.exe
C:\WINDOWS\system32\klsx9e.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Optimizer\actalert.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email (http://\"http://bfc.Email\") Removed/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/ (http://\"http://www.java.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03075966280] C:\WINDOWS\sys03075966280.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{19-9E-EB-BE-ZN}] C:\windows\system32\qmdsregl.exe CORN001
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinnrag.exe CORN001
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dsujglfA] C:\WINDOWS\dsujglfA.exe
O4 - HKLM\..\Run: [win3208628007596] C:\WINDOWS\win3208628007596.exe
O4 - HKLM\..\Run: [Dzpxylfx] C:\Program Files\Cvcwmje\Wudg.exe
O4 - HKLM\..\Run: [win3206966280075] C:\WINDOWS\win3206966280075.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinnrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\r46u0ej9eho.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGF0cmljaWE\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dsujglf.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Post by: guestolo on March 21, 2006, 10:32:44 PM
Then we'll get some tools to help fix this sick PC
Open Hijackthis>>Open Misc tools section>>Open Unistall Manager
Click the SAVE LIST button
Save the list to desktop then copy and paste back here the whole contents please
Post by: Dale on March 21, 2006, 11:49:02 PM
I was able to run msconfig so I disabled everything in startup and rebooted the system. I was able to run hijack this after that.
Since I changed things on the system since the last run of hjt I recreated a log - not sure that it's different, and then got the save list output. The output follows.
Thanks for your help,
Dale
Logfile of HijackThis v1.99.1
Scan saved at 10:40:27 PM, on 3/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\UGF0cmljaWE\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\dsujglf.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\dgfgql.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\klsx9e.exe
C:\WINDOWS\dsujglfA.exe
C:\Program Files\FCAdvice\FCAdvice.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com (http://\"http://www.findthewebsiteyouneed.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/ (http://\"http://www.java.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsx1E.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [dsujglfA] C:\WINDOWS\dsujglfA.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
O20 - AppInit_DLLs: repairs303169536.dll,Runner.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\fpl2033oe.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGF0cmljaWE\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dsujglf.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Active Alert
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
Beach Life (remove only)
BroadJump Client Foundation
Command
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
DH
EarthLink setup files
Enhanced Ads by Zeno removal
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate Deluxe User's Guide
EPSON Printer Software
Film Factory
HijackThis 1.99.1
iMesh 6
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Internet Optimizer
iPod for Windows 2005-10-12
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Media-motor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 Small Business
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2004
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.0.7)
Musicmatch for Windows Media Player
My Way Search Assistant
My Web Search Bar
Network Monitor
New.net Domains 7.22
Picture Package
Quicklinks
QuickTime
RealPlayer Basic
RelevantKnowledge
SBC Self Support Tool
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SoundMAX
Surf SideKick
The Weather Channel
Toolbar888
TSA
UCmore - The Search Accelerator
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
USB MP3 Application
USB MP3 Player Win98 Drivers
Viewpoint Media Player
Visual IP InSight(SBC)
webHancer Customer Companion
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Overlay Components
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WSEM Update
Yahoo! Install Manager
Zeno Search Assistant removal
Post by: guestolo on March 22, 2006, 12:32:24 AM
You don't have the regular anti-spyware scanners on this machine
We'll get to this in a bit
Download and save to the desktop of the infected computer
FxNetOpt.exe (http://\"http://securityresponse.symantec.com/avcenter/FxNetOpt.exe\")
By Symantec's
Don't run this yet please
Download and save to desktop
Winsock XP fix.exe (http://\"http://www.majorgeeks.com/download4372.html\")
We may not need this but we have it just in case
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete close it out for now as we will need it later
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU
Please download Brute Force Uninstaller (http://\"http://www.merijn.org/files/bfu.zip\")
Reminder, choose SAVE rather than OPEN
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe
[color=\"#CC0000\"]RIGHT CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
Access your add/remove programs via Control panel
Remove the following please
New.net Domains 7.22
Reboot your computer
Back in windows
Go back to add/remove programs and remove
webHancer Customer Companion
Afterwards
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
Access your add/remove programs in control panel again and remove if you can
Remain in safe mode if any or all can be removed, even if prompted to restart
Active Alert
DH
Enhanced Ads by Zeno removal
Internet Optimizer
Media-motor
My Way Search Assistant
My Web Search Bar
Network Monitor
RelevantKnowledge
Surf SideKick
Toolbar888
TSA
UCmore - The Search Accelerator
Viewpoint Media Player
Windows Overlay Components
WSEM Update
Zeno Search Assistant removal
=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.
==Double click to run FxNetOpt.exe
Let it scan and fix what it finds
Remain in safe mode when it's done
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com (http://\"http://www.findthewebsiteyouneed.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (http://\"http://searchbar.findthewebsiteyouneed.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/ (http://\"http://www.java.com/\")
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsx1E.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [dsujglfA] C:\WINDOWS\dsujglfA.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
O20 - AppInit_DLLs: repairs303169536.dll,Runner.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\fpl2033oe.dll
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
Reboot back to Normal mode
Please download the latest version of Look2Me-Remover.exe (http://\"http://www.atribune.org/ccount/click.php?id=7\") to your desktop.
Ensure that McAfee's realtime protections are disabled so they won't interfere
* Close all windows before continuing.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of log from look2me destroyer on your desktop or in C:\Look2Me-Remover.txt
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX (http://\"http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX\")
Additionally, I know it helps to disable entries with msconfig, but it doesn't help me help you
Can you go back to msconfig
Enable EVERYTHING on startup>>Apply it and Close but don't reboot the computer yet
Instead post a new hijackthis log with the look2me log please
We'll have more to do, but that should be a great start in cleaning this computer
NOTE: If you have trouble with your Internet connection after doing the above fixes
Please open Winsock XPfix and run the FIX with all other windows closed
Follow the prompts and reboot your computer
Post by: Dale on March 22, 2006, 11:41:13 PM
Below are the requested logs.
Thanks again,
Dale
Logfile of HijackThis v1.99.1
Scan saved at 10:36:49 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sys02007596628.exe
C:\WINDOWS\ms05596628007.exe
C:\WINDOWS\system32\504B5051555255.exe
C:\WINDOWS\win3207662800759.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [sys02007596628] C:\WINDOWS\sys02007596628.exe
O4 - HKLM\..\Run: [ms05596628007] C:\WINDOWS\ms05596628007.exe
O4 - HKLM\..\Run: [BAB5BABBBFBCBFB9] 504B5051555255.exe
O4 - HKLM\..\Run: [win3207662800759] C:\WINDOWS\win3207662800759.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{19-9E-EB-BE-ZN}] C:\windows\system32\qmdsregl.exe CORN001
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [win3208628007596] C:\WINDOWS\win3208628007596.exe
O4 - HKLM\..\Run: [win3206966280075] C:\WINDOWS\win3206966280075.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03075966280] C:\WINDOWS\sys03075966280.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [newname] c:\windows\newname4.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ms04759662800] C:\WINDOWS\ms04759662800.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard4.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [Dzpxylfx] C:\Program Files\Cvcwmje\Wudg.exe
O4 - HKLM\..\Run: [dsujglfA] C:\WINDOWS\dsujglfA.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinnrag.exe CORN001
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [5404] c:\windows\eee2.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinnrag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - AppInit_DLLs: repairs303169536.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Look2Me-Destroyer V1.0.11
Scanning for infected files.....
Scan started at 3/22/2006 10:25:07 PM
Infected! C:\WINDOWS\system32\r0r60a9sed.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047521.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047541.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0048568.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0051601.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP429\A0055657.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056673.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056704.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056839.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056847.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0057119.dll
Infected! C:\WINDOWS\SYSTEM32\dnj6011se.dll
Infected! C:\WINDOWS\SYSTEM32\gpjsl3171.dll
Infected! C:\WINDOWS\SYSTEM32\hrn2055oe.dll
Infected! C:\WINDOWS\SYSTEM32\hrpq0575e.dll
Infected! C:\WINDOWS\SYSTEM32\imetwh32.dll
Infected! C:\WINDOWS\SYSTEM32\irlol5331.dll
Infected! C:\WINDOWS\SYSTEM32\k2260cfsef260.dll
Infected! C:\WINDOWS\SYSTEM32\l6r00g9me6.dll
Infected! C:\WINDOWS\SYSTEM32\lv4o09h3e.dll
Infected! C:\WINDOWS\SYSTEM32\lv6o09j3e.dll
Infected! C:\WINDOWS\SYSTEM32\mv40l9hm1.dll
Infected! C:\WINDOWS\SYSTEM32\r0r60a9sed.dll
Infected! C:\WINDOWS\SYSTEM32\r46u0ej9eho.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\r0r60a9sed.dll
C:\WINDOWS\system32\r0r60a9sed.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047521.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047521.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047541.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0047541.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0048568.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP421\A0048568.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0051601.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0051601.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP429\A0055657.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP429\A0055657.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056673.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056673.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056704.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056704.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056839.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056839.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056847.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0056847.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0057119.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP430\A0057119.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\dnj6011se.dll
C:\WINDOWS\SYSTEM32\dnj6011se.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\gpjsl3171.dll
C:\WINDOWS\SYSTEM32\gpjsl3171.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\hrn2055oe.dll
C:\WINDOWS\SYSTEM32\hrn2055oe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\hrpq0575e.dll
C:\WINDOWS\SYSTEM32\hrpq0575e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\imetwh32.dll
C:\WINDOWS\SYSTEM32\imetwh32.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\irlol5331.dll
C:\WINDOWS\SYSTEM32\irlol5331.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\k2260cfsef260.dll
C:\WINDOWS\SYSTEM32\k2260cfsef260.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\l6r00g9me6.dll
C:\WINDOWS\SYSTEM32\l6r00g9me6.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\lv4o09h3e.dll
C:\WINDOWS\SYSTEM32\lv4o09h3e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\lv6o09j3e.dll
C:\WINDOWS\SYSTEM32\lv6o09j3e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\mv40l9hm1.dll
C:\WINDOWS\SYSTEM32\mv40l9hm1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\r0r60a9sed.dll
C:\WINDOWS\SYSTEM32\r0r60a9sed.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\r46u0ej9eho.dll
C:\WINDOWS\SYSTEM32\r46u0ej9eho.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{78F55702-D986-4C29-BA45-A17CD39B54AF}"
HKCR\Clsid\{78F55702-D986-4C29-BA45-A17CD39B54AF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A4472E72-3E88-46C5-8375-55C3145E52A4}"
HKCR\Clsid\{A4472E72-3E88-46C5-8375-55C3145E52A4}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{01859E7A-4DB8-4FBE-8FB7-C2EF5C912031}"
HKCR\Clsid\{01859E7A-4DB8-4FBE-8FB7-C2EF5C912031}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Post by: guestolo on March 23, 2006, 12:12:37 AM
It appears you may not of run alcanshorty.bfu or having entries disabled in msconfig interfered
Remember to keep everything enabled until we have you clean please
On to the next steps
Hold onto Spybot 1.4, it's yours for free
I forgot you had trouble accessing the internet earlier, if you didn't get a chance to do the updates with Spybot earlier, do them now please
Can I have you install another couplle free tools again, after this we should see some more improvement
Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
==Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck
"Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
Can you go into the C:\BFU folder
Ensure you have in that folder BFU.exe that you unzipped
Also make sure that alcanshorty.bfu is in the BFU folder
make sure it is the exact name of alcanshorty.bfu please, if not, rename it to that
With all other windows closed, including this one
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O4 - HKLM\..\Run: [sys02007596628] C:\WINDOWS\sys02007596628.exe
O4 - HKLM\..\Run: [ms05596628007] C:\WINDOWS\ms05596628007.exe
O4 - HKLM\..\Run: [BAB5BABBBFBCBFB9] 504B5051555255.exe
O4 - HKLM\..\Run: [win3207662800759] C:\WINDOWS\win3207662800759.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{19-9E-EB-BE-ZN}] C:\windows\system32\qmdsregl.exe CORN001
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [win3208628007596] C:\WINDOWS\win3208628007596.exe
O4 - HKLM\..\Run: [win3206966280075] C:\WINDOWS\win3206966280075.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03075966280] C:\WINDOWS\sys03075966280.exe
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [newname] c:\windows\newname4.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ms04759662800] C:\WINDOWS\ms04759662800.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard4.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Dzpxylfx] C:\Program Files\Cvcwmje\Wudg.exe
O4 - HKLM\..\Run: [dsujglfA] C:\WINDOWS\dsujglfA.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinnrag.exe CORN001
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [5404] c:\windows\eee2.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinnrag.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O20 - AppInit_DLLs: repairs303169536.dll
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Then do this again
Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot back into safe mode please
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the C: directory or somewhere you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted
When it's done
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Run another Scan with Spybot 1.4 if you were able to update it
RESTART your computer back to Normal mode
Can I see the following logs back please
1. Run hijackthis again with a system scan and save logfile and post the new log
2. Post the whole contents of the Ewido log
The above will help to clean more malware from this computer
We're almost there
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Dale on March 23, 2006, 10:35:29 PM
Tonight hasn't gone too well.
I had to uninstall McAfee before I could really get started. After setting everything on in startup last night before shutting down, when the system started today, McAfee started too - I had disabled it before working on the system yesterday. McAfee almost immediately popped up a dialog that said HJT was a virus and it deleted it. Not knowing how to prevent that any other way, I ended up deleting McAfee. I killed, I mean deleted, a couple of other programs that were either back again or unsuccessfully deleted last night too via add/remove programs.
The friend has SBC DSL and I know you can get virus software and more from SBC Yahoo at no cost. I figured later, after this system was back - I'm ready to format the drive - almost, I'd install their protection stuff on the system before I gave it back to them. And make an image of their harddrive. If this ever happens again, I'm just going to put it back to how it is once we get it running again. I'll let them know they need to back up their files because they'll be gone if this happens again. At least if I'm the one to restore it.
So, after restarting the system without McAfee, I copied the software you said to get off a CD I'd burned with my computer. My friends wasn't very Internet friendly after I'd set everything to start up again via msconfig so I just downloaded everything with my PC.
Note I had managed to get the updates for Spybot last night. It took over an hour to download less than a mb of updates, which was pretty amazing, but it did finally finish. So know that SpyBot did run with the latest updates last night.
I installed and got the updates for ad aware.
I installed and got updates for ewido.
After restoring a copy of hjt.exe to the hjt folder. I ran it, and checked off the entries you'd listed.
At least all the ones I could still find.
Then I ran BFU.
I then booted in safe mode and ran cleanup
Ewido was/is the problem. It took almost an hour to scan the system. Then when it came time to dealing with the 1600 odd infected files it asked me for permission to delete the zip file they were in for about the first 900 infected files. Then it started deleting/quarenteening the rest automatically. THank goodness. I was getting tired of holding the enter key down. :-)
Things were fine until it got to one infection named surf side kick. Then it just got stuck.
Or I got impatient too fast. Anyway, I wasn't able to get a report out of it. Nor was I able to get the thing to scan again. I couldn't get it to shutdown either. I finally killed it with Task Manager.
To top it off, after that, it would just hang everytime I started it. Or it least that's how it looked to me. Windows Task Manager said it was "non responsive". It was probably doing something but I killed it - impatient guy that I am.
To get it to run again, which it is right now, I ended up completely uninstalling it. Twice actually. The first time I said to go on and keep the quaranteened files. When I started eiwdo up though after that it just hung again. Or seemed like it did. Maybe it was analyzing all the quaranteened files. Whatever. I killed it again.
This time, I uninstalled everything. Then I reinstalled it. Got it to update itself. And now it's running again.
It took about 60 minutes to get stuck the last time. It's been running about 20 minutes so far.
I don't know that I'll be able to wait up for it.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />What do I do if it gets "stuck" again?
Just continue with the rest of the directions? I.e., continue with Ad Aware and then SpyBot?
Thanks,
Dale
Post by: Dale on March 23, 2006, 10:54:03 PM
Ewido seems to be stuck again. AFter it found 559 infected files, cleaned 6, and started to clean c:\Program Files\SurfSideKick 3\Ssk.exe.
THe elapsed time counter is stuck at 38 minutes and 40 seconds and the CPU is pegged at 100%.
I'll just let it run overnight and check back on it and this forum tomorrow.
Good night,
Dale
Post by: guestolo on March 23, 2006, 11:48:06 PM
Afterwards post back any logs I asked for if you can
Info is the most important!!!!!
Post by: Dale on March 24, 2006, 08:20:29 AM
Dale
P.S. Well, I guess Surf Sidekick is still there because when I toggled between windows to get a copy of the HJT log to paste here there was an IE window open that had "This offer brought to you by your personal Surf Side kick. For more info visit SurfSideKick.com" in the title bar. Oh well.
Dale
Here's the current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:13:52 AM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\sys01800759662.exe
C:\WINDOWS\ms03075966280.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\svcnet.exe
C:\Program Files\bama\tlii.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [wahm] c:\windows\eee2.exe
O4 - HKLM\..\Run: [sys01800759662] C:\WINDOWS\sys01800759662.exe
O4 - HKLM\..\Run: [ms03075966280] C:\WINDOWS\ms03075966280.exe
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt yazb
O4 - HKCU\..\Run: [Ptv] C:\Documents and Settings\Big Lou\My Documents\s?mbols\r?ndll.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (http://\"http://click.getmirar.com\") (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (http://\"http://click.mirarsearch.com\") (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (http://\"http://redirect.mirarsearch.com\") (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - AppInit_DLLs: repairs303169536.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Post by: guestolo on March 25, 2006, 01:34:07 AM
Ewido may of finished and you may of not saved it to a place you can remember
It's important to post the logs, even if you think they may not be that important
Can you do the following please
==Download DelDomains.inf from HERE (http://\"http://www.mvps.org/winhelp2002/DelDomains.inf\")
Save it to your desktop
Don't run this yet
==Download The Avenger by Swandog46 (http://\"http://swandog46.geekstogo.com/avenger.zip\")
and save it to your Desktop.
Right click on it and Extract avenger.exe from the Zip file and save that to your desktop
DO NOT RUN THIS FROM WITHIN THE ZIP FILE
From the bottom of this reply box, download and save to your C:\drive
EXTRACT the contents from the download so you now have dale.txt and dale2.reg extracted
To the C:\directory so you now have C:\Dale.txt and C:\dale2.reg
Again, DO NOT RUN THESE FROM WITHIN THE ZIPPED FILE
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your Add/remove programs and remove if found
Surf Sidekick
Enter the appropriate code if asked
Please ensure you uninstall, read the uninstall instructions carefully to ensure you are removing the product
Don't get fooled into keeping in on your system
Reboot into safe mode later, regardless if Surf Sidekick was found or not
In safe mode, double click on dale2.reg and allow to add/merge to the registry
Run avenger.exe by double-clicking on it.
Ensure Load Script from File: is selected
and then click the folder Icon on the right side of that section.
Then browse to C:\Dale.txt
Left click once to Highlight it and then click Open
To Select it
Click on the "Traffic light" icon and OK the prompt
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it.
Reboot back to Normal mode please
==Right Click on DelDomains.inf>>Choose Install from the menu bar
This will delete all your Trusted and Ranges entries
1. Post back a fresh hijackthis log
2. Avenger would of also created a log
C:\avenger.txt
Please post the whole contents
Post by: Dale on March 25, 2006, 09:45:33 AM
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rcwnfdex
*******************
Script file located at: onptsoga
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
After this I went back to the previous instructions you gave me and reran Ewido in safe mode after running cleanup! also in safe mode. (This time it ran with no problems and I was able to get a report.) I also ran AdAware per your instructions.
I'll apologize now if that was the wrong thing to do.
I then went back and reran Avenger and got a new log file. (Actually, I did everything you directed me to do from the beginning, in the order you said to do it, after getting Ewido to run.) It and the log file from HJT appear below.
Thanks for all your help on this. Hope I'm following your instructions closely enough. The PC is definitely behaving better right now. I can't tell that anything is wrong with it currently! At least no pop ups have appeared!
Dale
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dtnkqbdv
*******************
Script file located at: \??\C:\Documents and Settings\tckwpxrf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\sys01800759662.exe deleted successfully.
File C:\WINDOWS\ms03075966280.exe deleted successfully.
File C:\WINDOWS\system32\svcnet.exe not found!
Deletion of file C:\WINDOWS\system32\svcnet.exe failed!
Could not process line:
C:\WINDOWS\system32\svcnet.exe
Status: 0xc0000034
File C:\Program Files\bama\tlii.exe deleted successfully.
File c:\windows\eee2.exe not found!
Deletion of file c:\windows\eee2.exe failed!
Could not process line:
c:\windows\eee2.exe
Status: 0xc0000034
File C:\WINDOWS\nem220.dll not found!
Deletion of file C:\WINDOWS\nem220.dll failed!
Could not process line:
C:\WINDOWS\nem220.dll
Status: 0xc0000034
File C:\WINDOWS\bxxs5.dll not found!
Deletion of file C:\WINDOWS\bxxs5.dll failed!
Could not process line:
C:\WINDOWS\bxxs5.dll
Status: 0xc0000034
File C:\WINDOWS\system32\wdc1n.dll not found!
Deletion of file C:\WINDOWS\system32\wdc1n.dll failed!
Could not process line:
C:\WINDOWS\system32\wdc1n.dll
Status: 0xc0000034
File C:\WINDOWS\DH.dll not found!
Deletion of file C:\WINDOWS\DH.dll failed!
Could not process line:
C:\WINDOWS\DH.dll
Status: 0xc0000034
File C:\WINDOWS\wsem303.dll not found!
Deletion of file C:\WINDOWS\wsem303.dll failed!
Could not process line:
C:\WINDOWS\wsem303.dll
Status: 0xc0000034
Could not open folder C:\Documents and Settings\Big Lou\My Documents\s?mbols for deletion
Deletion of folder C:\Documents and Settings\Big Lou\My Documents\s?mbols failed!
Could not process line:
C:\Documents and Settings\Big Lou\My Documents\s?mbols
Status: 0xc0000033
Folder C:\Program Files\bama deleted successfully.
Folder C:\Program Files\SurfSideKick 3 not found!
Deletion of folder C:\Program Files\SurfSideKick 3 failed!
Could not process line:
C:\Program Files\SurfSideKick 3
Status: 0xc0000034
Folder C:\Program Files\webHancer not found!
Deletion of folder C:\Program Files\webHancer failed!
Could not process line:
C:\Program Files\webHancer
Status: 0xc0000034
Folder C:\Program Files\Toolbar888 not found!
Deletion of folder C:\Program Files\Toolbar888 failed!
Could not process line:
C:\Program Files\Toolbar888
Status: 0xc0000034
Folder C:\Program Files\TheSearchAccelerator not found!
Deletion of folder C:\Program Files\TheSearchAccelerator failed!
Could not process line:
C:\Program Files\TheSearchAccelerator
Status: 0xc0000034
Folder C:\Program Files\Internet Optimizer not found!
Deletion of folder C:\Program Files\Internet Optimizer failed!
Could not process line:
C:\Program Files\Internet Optimizer
Status: 0xc0000034
Folder C:\Program Files\Network Monitor not found!
Deletion of folder C:\Program Files\Network Monitor failed!
Could not process line:
C:\Program Files\Network Monitor
Status: 0xc0000034
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|sys01800759662 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ms03075966280 deleted successfully.
Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Shellapi32
Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Shellapi32 failed!
Status: 0xc0000034
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|wahm deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 8:26:16 AM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
And here's the log file from Ewido - which was the reason I tried running it again!
Remember, I ran this inbetween runs of Avenger and prior to creating the log file I posted with HJT.
Dale
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:56:08 AM, 3/25/2006
+ Report-Checksum: CC6955
+ Scan result:
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2785472910-173239731-3353589407-1008\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2785472910-173239731-3353589407-1008\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Big Lou\My Documents\sуmbols\rυndll.exe -> Adware.PurityScan : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\RECYCLER\S-1-5-21-2785472910-173239731-3353589407-1009\Dc15.exe -> Adware.Trymedia : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\1040.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\F ma.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Jglnmdvu.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\qfyhcmhn.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSTEM32\2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\504B5051555255.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\SYSTEM32\CGYPTDLL.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DHTMSFT.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DKDRAMP.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\HKL.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\MEXML3.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqcpxl32.dLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\321 Studios GamesXCopy 1.0.8 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\3D Slot Car Racing Game 1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\3D Studio Max 6 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ABBYY FineReader Pro 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\acdsee 7.0.61 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ACDSee PowerPack 7.0.43 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ACDSee v7.0 Powerpack 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ad-aware Pro Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ad-aware Professional.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ad-aware.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Acrobat Reader crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Acrobat Reader.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe After Effects PRO v6.5 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Golive v6.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Illustrator v10.0 Time Limit Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe ImageReady v1.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe PageMaker v7.0 Keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Photoshop 7 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Photoshop all.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Photoshop CS 8 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Photoshop CS crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adobe Serial Generator v2.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Adult Tetris 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Age of Empires II The Age of Kings NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Age Of Mythology - The Titans no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Age Of Mythology no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Agnitum Outpost Firewall 2.5.369 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ahead Nero Burning 6.6.0.3 Ultra Edition keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AlbumWrap Extractor v1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AlbumWrap.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Alcohol 120% v1.9.2 build 1705 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Alias Acclaim crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\All Macromedia Products Keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\All-in-One Secretmaker.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Anti-Trojan 4.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AnyDVD 3.9.2.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AnyDVD 4.0.4.1 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AOL Instant Messenger (AIM).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\AquaZone Desktop Garden 1.0.1.1 full crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ares Galaxy.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ares Lite.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ashampoo WinOptimizer Platinum Suite 2 2.01.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Avant Browser.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Babylon Pro 5.0.0 (r78) crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Babylon Pro 5.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\babylon-pro 5.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Backyard Baseball 2003 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Battlefield 1942 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Battlefield Vietnam EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Battlefield Vietnam Multiplayer Online Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Besieger DreamCatcher Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\BitComet.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\BitSpirit 1.2.0 RC3.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Blindwrite Suite 4.5.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Blinx 2 - Masters of Time & Space Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Blitzkrieg - Burning Horizon CDV Software GmbH crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Call of Duty Activision crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Call Of Duty no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CCALG - Credit Card Generator.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CD to MP3 Freeware 1.5.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Chicken Invaders 2 2.60.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\City of Heroes NCsoft crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Civilization III crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Classic NES Series - The Legend of Zelda GBA Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Clone DVD 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneCD 2.x Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneCD 3.x Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneCD 5.0.2.2 crackcrack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneCD 5.0.4.5 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneCD All Version KeyGen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD 2.1.0.2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD 2.5.4.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD v1.x crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD v3.0.25 Retail crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD2 v2.4.3.5 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD2 v2.4.5.4 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CloneDVD2 v2.5.3.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Command & Conquer - Generals no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Command & Conquer - Generals Zero Hour EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Command & Conquer - Generals Zero Hour no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Cool Edit 2000 1.1.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CopyToDVD 3.0.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Corel Draw Graphics Suite 12.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Counter-Strike Condition Zero Keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Crusader Kings Paradox Entertainment crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Cubase Audio XT 3.X crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CWShredder 2.12.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\CyberLink PowerDVD v6.0 Deluxe7 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dark Matter - The Baryon Proj crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\dBpowerAmp Music Converter.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DC++ 0.668.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Deus Ex Invisible War NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DFX Audio Enhancement 2.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Diablo 2 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dialupass 2.43 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DivX Player (with DivX Codec).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DivX Player Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\dMSN mercury messenger 1.7.0.6.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Doom 3 Activision crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Doom 3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Doom 3 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Doom 3 SDK keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dope Wars Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Download Accelerator Plus 7.3.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Download Accelerator Plus V7.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Download Accelerator Plus v7.2 Premium crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Download Accelerator Plus.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dr Divx Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dr.Divx 1.0.6 Build 105 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dragon Ball Z - Budokai 3 Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dragon Ball Z - Supersonic Warriors GBA Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dragon Warrior VIII Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DRIV3R Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Drug Wars - Underworld 1.3.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dungeon Lords DreamCatcher Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Dungeon Siege no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DVD Decrypter 3.5.1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DVD Region-Free 5.5 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DVD Shrink 3.2.0.15.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\DVDXCopy Platinum 4.0.3.8 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Easy CD-DA Extractor 7.1.3.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Easy CD-DA Extractor 7.13.2 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\eIMAGE Recovery 3.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\eMule 0.44b.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\eMule.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Enter the Matrix Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ESPN NFL 2K5 Sega crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Exe Icon Changer 3.753.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\F.E.A.R. VU Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Fable Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Far Cry Ubisoft crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Fifa 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Final Fantasy VII - Advent Children PSP Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Final Fantasy XI - Square Enix USA no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Final Fantasy XII Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Fire Emblem - Seima no Kouseki GBA Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP 2 RC2 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP All Version KeyGen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP v1.4.1 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP v1.4.3 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP v2.0 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP v2.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashFXP v2.2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FlashGet.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Forgotten Realms - Demon Stone Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Forgotten Realms - Demon Stone crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Free Internet TV 3.2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Freedom Force no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Front Mission 4 Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FrontPage XP 2002 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\FTP Server Serv-U 5.1 Coporate Edition crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Full Spectrum Warrior THQ crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Geist GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\GetRight 5.2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Goblin Commander - Unleash the Horde Jaleco Entertainment crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Gran Turismo 4 SCEA crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grand Theft Auto - San Andreas Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grand Theft Auto 3 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grand Theft Auto III no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grand Theft Auto San Andreas NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grand Theft Auto Vice City NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Grokster.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\GTA crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Gunbound Trainer.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\GX Transcoder 2.10.2350 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Half-Life 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Half-Life 2 Keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Half-Life 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Half-Life 2 VU Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Halo - Combat Evolved - Microsoft no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Halo 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Harry Potter and the Prisoner of Azkaban Adventure EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Harry Potter and the Sorcerers Stone no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\HeadStrong WebClicker 2.56.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Heroes of Might and Magic IV no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Hidden and Dangerous 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\HijackThis.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Icewind Dale 2 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ICQ 4.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ICQ Pro 2003b.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ImageSlurp 2.43.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\iMesh.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Internet Download Manager 4.03.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Internet Download Manager v4.02 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\IsoBuster Professional v1.7.0.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Jedi Academy NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\JetAudio Basic.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Joint Operations - Typhoon Rising NovaLogic crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Juiced Acclaim crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\K-Lite Codec Pack v2.31 Full crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\K-Lite Mega Codec Pack 1.13 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Kaspersky Anti-Hacker v1.7 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Kazaa Download Accelerator Pro.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Kazaa Download Manager 3.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\KaZaA Lite Plus 1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Kingdom Hearts II Square Enix crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Knights Apprentice Memoricks Adventures Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LimeWire (International).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LimeWire Download Manager 4.2.6.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LimeWire server scanner.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LimeWire.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Longhorn Transformation Pack 8.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LostGoggles.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\LOTR NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia ColdFusion MX crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Contribute v2.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Director 8 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Dreamweaver 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Dreamweaver MX 2004 7.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Dreamweaver MX v6.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Dreamweaver UltraDev 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Fireworks 4.0 Patch.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Flash 5 Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Flash All Versions keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Flash MX v6.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia Flash SWF-Unprotect v2.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Macromedia FreeHand v10 Loader.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Madden NFL 2003 no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Madden NFL 2005 EA crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mafia no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MagicScore maestro 3.5 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Malice Mud Duck Productions crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mario Pinball Land GBA Puzzle Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mario Tennis GC Nintendo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Matrix Screensaver.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Max Payne 2 Fall Of Max Payne no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Max Payne 2 NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Max Payne 2 The Fall of Max Payne NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MaxPayne 2 The Fall Of Max Payne Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\McAfee VirusScan 9.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\McFarlanes Evil Prophecy Konami crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Medal Of Honor - Allied Assault no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Medal of Honor Pacific Assault EA Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Medal of Honor- Allied Assault no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Medieval - Total War no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mega Man Anniversary Collection GC Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Metal Gear Acid PSP Konami crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Metal Gear Solid 3 - Snake Eater Konami crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office 2000 Regmaker.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office XP Activation Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office XP Activation Killer.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office XP Professional Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office XP Professional Serial.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Office XP Universal Activator v1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Windows Media Player.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Windows Xp Profesional Sp 2 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Microsoft Windows XP Professional ( Corp key ) keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Midnight Club 3 - DUB Edition Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\mirc 6.1x reg entries.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\mIRC 6.X crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Monopoly 3 ISO crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Monopoly 3 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Morpheus.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mortal Kombat 4 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Mozilla Firefox.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MP3 Doctor 5.11.15 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\mp3DirectCut 1.38 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MS Office XP Activation Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MS Zoo Tycoon no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MSN advert remover.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MSN Messenger (Windows XP).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MSN Toolbar advert remover.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MSN Toolbar.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MusicMatch Jukebox Plus 9.00 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MVP Baseball 2004 EA crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\MyIE2.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NBA Live 2003 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NBA Live 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NCAA Football 2005 EA crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need For Speed 5 - no cd.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Hot Pursuit 2 CD KeyGenerator.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for speed underground - nocd.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Underground 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Underground 2 Electronic Arts crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Underground 2 NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Underground Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed Underground NO CD crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Need for Speed4 - NOCD.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NeedforspeedUnderground-nocd.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero 6 Ultra Edition 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero 6 Ultra Edition Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero 6 Ultra Edition KeyGen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero 6 Ultra Edition.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NERO 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero 6.6.0.3 Ultra crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero Burning Rom 6.6.0.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero Burning Rom Reloaded 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero Burning ROM v6.x crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero Reloaded 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Nero Ultra Edition 6.6.0.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NetPumper Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NetPumper.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Ninja Gaiden Tecmo crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\NOD32 Antivirus 2.12.1 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norman Virus Control 5.70 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\norton 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norton AntiSpam 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norton AntiVirus 2004 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norton AntiVirus 2004 Professional activation keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norton AntiVirus 2004 Professional Edition keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\norton antivirus 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\norton internet security 2005 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Norton Personal Firewall 2005 retail crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\nVidia nTune 2005 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Office 2003 Pro crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Onimusha 3 - Demon Siege Adventure Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Paris Hilton Sex-E Screensaver 1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Partition Magic 8.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\PhotoShop CS 8.0 & ImageReady CS 8.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\PhotoShop CS v8.0 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\PINNACLE STUDIO PLUS V9.3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Plus! Media Center Edition crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Pocket Tanks 1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\PornSnatcher 2.31.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\PowerDVD v5.9 Deluxe crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Psi-Ops - The Mindgate Conspiracy Midway crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Purge Jihad Freeform Interactive LLC crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Quake 3 - The Arena NO CD Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\QuickTime.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RealPlayer crack (keygen).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RealPlayer Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RealPlayer.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Red Dead Revolver Rockstar Games crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RegClean 4.1a.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RegCleaner 4.30.780.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Registry Mechanic 3.0 keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Registry Mechanic Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Registry Mechanic.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Resident Evil 4 GC Adventure Capcom crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Rise of Nations - Thrones & Patriots Microsoft crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Risk II 1.0.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RM to MP3 Converter 1.21.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RoboForm crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RoboForm.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Roller Coaster Tycoon no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Rollercoaster Tycoon 3 3 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RollerCoaster Tycoon NO CD Crack (Including Attractions Pack).exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\RYL crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Second Life Linden Lab crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Serials 2000 v7.1 Plus (build 06.16.04) keygen.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\SeXstazy 3.0.2.11.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Shadow Ops - Red Mercury Atari crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\ShellShock - Nam 67 Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Shockwave Player.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Silent Storm - Sentinels _No Company crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Sim City 4 - Rush Hour no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Sim City 4 Deluxe no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Sim Theme Park World no cd crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Sims 2 crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Singles - Flirt Up Your Life Eidos Interactive crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Sniff-em 1.12.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Snood Crack.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\msview\Snood.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS&#
Post by: guestolo on March 25, 2006, 12:15:07 PM
Can you do the following
With all other windows closed, have hijackthis fix checked this entry please
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
Reboot the computer
Back in Windows
Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content
Spybot 1.4 just had a recent update
Can you open Spybot>>Search for and install updates if any
Can you click the Immunize button on the left after updating
Then click OK>>Immunize at the top green cross
Run another scan and clean any RED's please
Quote
I even had trouble getting hijack this installed on their system. Everytime I unzipped it, Mcaffee would intercept the action saying the file contained a virus (whose name I've forgotten), and then delete the file before I could run it. I finally went in to services and disabled everything related to McAffee and was then able to move the unzipped file in to the HJT folder I'd previously created.This is known to happen with McAfee and Hijackthis
I thought the issues were fixed if the user had the latest updated definitions
Are you still able to update McAfee's?
Are your virus definitions right up to date?
Here's a quote from Merijn
The creator of Hijackthis
Quote
McAfee is at is again, unfortunately. Yes, I am aware of the fact that McAfee detects HijackThis 1.99.1 as a generic worm. For the fourth time. Yes, I am aware of the fact that McAfee detects the StartupList standalone as an mhtml exploit webpage. This makes respectively the fifth and sixth time McAfee has mistakenly detected one of my programs as some brand of virus. And I'm getting pretty tired of this. Am I supposed to email each and every new version of a program I publish to McAfee so they can verify that UPX compression does not automatically equal a scary virus??The above quote is about 10 months old however.....
Go back and enable all Services related to McAfee's please
Make sure that you update the virus definitions to the latest
Run a complete scan
Reboot the computer one more time after running the scan
Post back one last hijackthis log
Could you also post the bottom part of the Ewido log please
You can leave out any entries that look like the following
C:\WINDOWS\SYSTEM32\msview\ but post the remainder please
Post by: Dale on March 25, 2006, 04:31:35 PM
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:56:08 AM, 3/25/2006
+ Report-Checksum: CC6955
+ Scan result:
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2785472910-173239731-3353589407-1008\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2785472910-173239731-3353589407-1008\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Big Lou\My Documents\sуmbols\rυndll.exe -> Adware.PurityScan : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\RECYCLER\S-1-5-21-2785472910-173239731-3353589407-1009\Dc15.exe -> Adware.Trymedia : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\1040.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\F ma.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Jglnmdvu.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\qfyhcmhn.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSTEM32\2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\504B5051555255.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\SYSTEM32\CGYPTDLL.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DHTMSFT.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DKDRAMP.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\HKL.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\MEXML3.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mmxp2passion.exe -> Downloader.VB.uc : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqcpxl32.dLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\poijcnmm.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\SYSTEM32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\svcnet.exe -> Worm.Tibick.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\TMEXT.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
::Report End
Post by: guestolo on March 25, 2006, 04:36:01 PM
Is McAfee's running and fully updated?
Post by: Dale on March 25, 2006, 05:04:40 PM
Glad you're there! I will get the logs posted ASAP.
I'd uninstalled McAfee completely. There's no going back.
In it's place I've installed the protection software that SBC Yahoo provides as part of their service at no extra charge. It's a CA package with Virus and Spyware protection. McAfee was probably deleting HJT because it had an old virus list. I had/have no way to update that list so I removed McAfee. I can't see the CA software being much worse than McAfee was anyway. I just read earlier this week how they put out a virus definition list that caused people to lose valuable data. Like all their excel spreadsheets.
I've also installed the latest copy of Firefox and checked for updates from Microsoft (there were none).
I'm in the process of trying to update Spybot. When I get it done - right now, I'm unable to update the virus detection signatures, I keep being told there's a checksum error, I'll run it, and then post another HJT log.
Hopefully you'll still be there when I get the logs posted. It would be cool if I could return this system tonight!
I appreciate all the help you've provided so far.
Dale
Post by: guestolo on March 25, 2006, 05:11:16 PM
If you search for updates, and there are some
I have the best luck choosing
Safer Networking#1 (Europe) location
I was going to ask you to update Firefox as final cleanup
But you got it done already, good move
I had other free AV and firewall software you could of used
But since it's only a good idea to use one of each, I'll hold off on posting links to them
Post back the new hijackthis log when you get the chance
Just some final cleanup and we're done here
Post by: Dale on March 25, 2006, 05:50:56 PM
As far as I know, I've got everything updated that needs it on this system.
I ran HJT, hopefully for the last time :-), and am including the log for your review.
Let me know how things are. If things are cool, I'm going to back up the C drive and return the PC to it's owner!
Thanks a bunch,
Dale
Logfile of HijackThis v1.99.1
Scan saved at 4:47:11 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB001" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (http://\"http://files.member.yahoo.com/dl/installs/sbc/yinst.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Post by: guestolo on March 25, 2006, 06:19:27 PM
Some have experienced browsing slowdowns when the red.clientapps entries are in a log
You can have hijackthis fix them, if you find you need them, we can restore them if you experience problems
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
The next ones don't need to run on startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
*Take note of the recommendation at the bottom
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
Quote
Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required -O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
Quote
Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required. This one constantly phones home and wastes resources.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Quote
Application Scheduler installed along with RealOne_PlayerO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Once installed it runs independently of RealOne Player. See here To disable tkbell.exe in the new version (1) Start RealOne Player (2) Tools - Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
Quote
Speeds up the time it takes to load the Adobe_Reader
Your choice but not required for Adobe Reader to function properly
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Quote
Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.
You can fix any of the above with hijackthis
*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
Then go back to Internet Options in Control panel and Reset Web Settings again
Now would be a good time to do a Disk Defragment on the system if it hasn't been done in awhile
May be best done in safe mode
Could take awhile if your friend hasn't done it in some time
[indent][color=\"#CC0000\"]Protect this computer against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")[/url]
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Check for updates with your anti-spyware programs and run a scan on a regular basis
Please use the Immunize feature in Spybot after every update
+You may also choose to hold onto Ewido and CleanUp!
Ewido will become a Limited version in a couple weeks
It's still a very good scanner to update and run once a month
*Keep up to date on Windows updates
This is the most important step in keeping your system secure
In addition: Make sure your friend keeps up on Microsoft Office updates
You will find a link at Windows Updates named "Office Family"
This will include security updates for the Office products
*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
+Have them be careful what they download with their filesharing programs
They should make sure the files are clean before they open them
This is an easy way to get infected
+ *I noticed they have older versions of Java installed
You should access the following link
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
I find the
Windows (Offline Installation) the most reliable although it's a bigger download
Save the offline installer to desktop
Don't install it yet
Instead
Go into the Windows Control panel>>Open the Java Icon
Under the Cache tab>>Clear the Cache
Access the add/remove programs via control panel and remove
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Then go ahead and install the latest version, which will include security updates
If everything is running good
Go ahead and delete the following
FxNetOpt.exe
Winsock XP fix.exe
DelDomains.inf
The Avenger
C:\avenger.txt <-this file
C:\avenger <-this folder
C:\dale.txt <-this file
Hold onto CleanUp!>>Ad-Aware>>Spybot>>Ewido>>SpywareBlaster
But you can delete the installers
Once your happy with everything, you can also remove Hijackthis from add/remove programs and then delete the hijackthis folder
C:\HJT <-this folder
I hope that helps>>Your friend may think it's a new PC
If your old enough, tell him/her they owe us a cold beer
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Dale on March 25, 2006, 07:14:08 PM
Thanks a bunch. This is the second time you've helped me help someone. I sure appreciate it.
I know they want to compensate me. I won't take money but I'll take that beer. :-)
For you, I'll recommend they visit your link for the fight against malware.
Till next time ....
Dale
Post by: guestolo on March 25, 2006, 07:18:47 PM
Till the next time
Take care Dale
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />