Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - holyknight

Pages: [1]

Tech Clinic / Tons of adware on this computer!

« on: March 13, 2005, 04:08:38 PM »

Hmmm, nope not seeing a file like that, though I do see a a3d.dll file in there.

File version: 4.12.1.2008
Descripion: Audio3D
Copyright: © Copyright 1997-2001 Sensaura Ltd
Comments: Sensaura Audio3D API for DirectSound3D
Company: Sensaura Ltd

Tech Clinic / Tons of adware on this computer!

« on: March 13, 2005, 12:56:43 AM »

Everything is running much better, thanks again. I'll be sure to make my friend express his gratitude in one way or another.

Tech Clinic / Tons of adware on this computer!

« on: March 12, 2005, 02:41:22 AM »

AboutBuster Log:

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:06 AM, on 3/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Internet Washer - C:\PROGRA~1\SYSTEM~1\autocomp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Tech Clinic / Tons of adware on this computer!

« on: March 11, 2005, 04:49:33 AM »

Thanks for the help. I have done everything you have said and already see better functionality from the computer. I have also uninstalled the other antivirus softwares except for Norton. Oh and nope, he doesn't have Spybot.

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:18 AM, on 3/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\hiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [a3d] C:\WINDOWS\System32\a3d.exe
O4 - HKCU\..\Run: [jugsthe] C:\DOCUME~1\LASHAW~1\APPLIC~1\BROWSE~1\flaw loud.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Internet Washer - C:\PROGRA~1\SYSTEM~1\autocomp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hosts file manager log:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

AboutBuster Log file:

Scanned at: 2:28:55 AM on: 3/11/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\addkt.exe:sylyr
C:\WINDOWS\addsh32.dll:gjfcf
C:\WINDOWS\apics32.dll:mnsas
C:\WINDOWS\apijn.dll:dzrnd
C:\WINDOWS\apirg.dll:jtnrd
C:\WINDOWS\apite.dll:qheof
C:\WINDOWS\apiuc32.dll:ihxbz
C:\WINDOWS\appac.dll:peych
C:\WINDOWS\appaf32.dll:jcedd
C:\WINDOWS\apppd.dll:baepf
C:\WINDOWS\atlfh.dll:smdjn
C:\WINDOWS\atlli.dll:tffaq
C:\WINDOWS\atlmg32.dll:ehisn
C:\WINDOWS\atlpc32.dll:imsxx
C:\WINDOWS\atlwo32.dll:qdkka
C:\WINDOWS\atlze32.dll:fpzkr
C:\WINDOWS\bbchk.exe:uqgfy
C:\WINDOWS\CONTROL.INI:ednya
C:\WINDOWS\croh.dll:odyew
C:\WINDOWS\crxj32.dll:mraki
C:\WINDOWS\cryv.dll:nuhxd
C:\WINDOWS\d3lg.dll:okqiw
C:\WINDOWS\d3lq.dll:zwhip
C:\WINDOWS\d3zi.dll:jkgiz
C:\WINDOWS\DELL.BMP:atsid
C:\WINDOWS\enyqu.dat:nszbb
C:\WINDOWS\ieuninst.exe:vwwji
C:\WINDOWS\ippz32.dll:mvmdv
C:\WINDOWS\iprl.dll:nhdwp
C:\WINDOWS\iwdzx.dat:dxoch
C:\WINDOWS\javaoy.dll:xmecz
C:\WINDOWS\ktgrd.txt:zqxrv
C:\WINDOWS\mfcis32.dll:pzfnl
C:\WINDOWS\msdt.dll:pzivs
C:\WINDOWS\msfj32.dll:yupwo
C:\WINDOWS\msrv.dll:nredv
C:\WINDOWS\msua.dll:fahra
C:\WINDOWS\netpg.dll:bnvgn
C:\WINDOWS\netre.dll:wxmsc
C:\WINDOWS\netul.dll:aloat
C:\WINDOWS\netvf32.dll:seyfn
C:\WINDOWS\netvo.dll:pezrk
C:\WINDOWS\notepad.exe:kuppj
C:\WINDOWS\nqerb.dat:jsqmu
C:\WINDOWS\ntnz.dll:pdasw
C:\WINDOWS\nttr32.dll:jtmye
C:\WINDOWS\orvaa.dll:ycoov
C:\WINDOWS\Prairie Wind.bmp:egazb
C:\WINDOWS\pukgp.dat:prpwd
C:\WINDOWS\Q3332171.exe:qibcu
C:\WINDOWS\Q3590703.exe:ukddy
C:\WINDOWS\Q815021.log:xqptp
C:\WINDOWS\Q828026.log:vzvgg
C:\WINDOWS\qfdzb.log:qfwyg
C:\WINDOWS\rhvwpr.dat:aphbz
C:\WINDOWS\sdkam32.dll:rmmek
C:\WINDOWS\sdkms32.dll:kcxcn
C:\WINDOWS\setupapi.log.0.old:putka
C:\WINDOWS\SpyBlocs_IsFirstTime.txt:ijttk
C:\WINDOWS\sysau32.dll:vbqtn
C:\WINDOWS\sysmn32.dll:lglzl
C:\WINDOWS\syswy32.dll:andjn
C:\WINDOWS\UNWISE.EXE:jvayi
C:\WINDOWS\wineb32.dll:gohxr
C:\WINDOWS\winpk32.dll:wjnna
C:\WINDOWS\winqt32.dll:dlaie
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\zrufx.dat:kqynq

Removed 2 Random Key Entries
Removed! : C:\WINDOWS\apidh.exe
Removed! : C:\WINDOWS\bvpnx.dat
Removed! : C:\WINDOWS\crmz.exe
Removed! : C:\WINDOWS\cxrnu.dat
Removed! : C:\WINDOWS\dlhrt.dat
Removed! : C:\WINDOWS\dvsdd.dat
Removed! : C:\WINDOWS\enyqu.dat
Removed! : C:\WINDOWS\eoxcw.dat
Removed! : C:\WINDOWS\exxwf.dat
Removed! : C:\WINDOWS\fqybg.dat
Removed! : C:\WINDOWS\ijuys.dat
Removed! : C:\WINDOWS\iwdzx.dat
Removed! : C:\WINDOWS\jzsig.dat
Removed! : C:\WINDOWS\mavzh.dat
Removed! : C:\WINDOWS\mevsv.dat
Removed! : C:\WINDOWS\mkpme.dat
Removed! : C:\WINDOWS\nqerb.dat
Removed! : C:\WINDOWS\psmru.dat
Removed! : C:\WINDOWS\pukgp.dat
Removed! : C:\WINDOWS\qshyj.dat
Removed! : C:\WINDOWS\sdkwp.exe
Removed! : C:\WINDOWS\tglwa.dat
Removed! : C:\WINDOWS\vtcad.dat
Removed! : C:\WINDOWS\wuchm.dat
Removed! : C:\WINDOWS\xlfzx.dat
Removed! : C:\WINDOWS\zrufx.dat
Removed! : C:\WINDOWS\System32\apiwc32.exe
Removed! : C:\WINDOWS\System32\avagv.dat
Removed! : C:\WINDOWS\System32\chslv.dat
Removed! : C:\WINDOWS\System32\d3cv32.exe
Removed! : C:\WINDOWS\System32\dygph.dat
Removed! : C:\WINDOWS\System32\ebyjs.dat
Removed! : C:\WINDOWS\System32\feebr.dat
Removed! : C:\WINDOWS\System32\jdmxt.dat
Removed! : C:\WINDOWS\System32\kfrjv.dat
Removed! : C:\WINDOWS\System32\kljho.dat
Removed! : C:\WINDOWS\System32\ldfkn.dat
Removed! : C:\WINDOWS\System32\lycrr.dat
Removed! : C:\WINDOWS\System32\mvztv.dat
Removed! : C:\WINDOWS\System32\oflxj.dat
Removed! : C:\WINDOWS\System32\pbylq.dat
Removed! : C:\WINDOWS\System32\qvdet.dat
Removed! : C:\WINDOWS\System32\sdksi.exe
Removed! : C:\WINDOWS\System32\tdpei.dat
Removed! : C:\WINDOWS\System32\trwkd.dat
Removed! : C:\WINDOWS\System32\winll.exe
Removed! : C:\WINDOWS\System32\wwhqo.dat
Removed! : C:\WINDOWS\System32\yiwsl.dat
Removed! : C:\WINDOWS\System32\zolao.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\addkt.exe:sylyr
C:\WINDOWS\addsh32.dll:gjfcf
C:\WINDOWS\apics32.dll:mnsas
C:\WINDOWS\apijn.dll:dzrnd
C:\WINDOWS\apirg.dll:jtnrd
C:\WINDOWS\apite.dll:qheof
C:\WINDOWS\apiuc32.dll:ihxbz
C:\WINDOWS\appac.dll:peych
C:\WINDOWS\appaf32.dll:jcedd
C:\WINDOWS\apppd.dll:baepf
C:\WINDOWS\atlfh.dll:smdjn
C:\WINDOWS\atlli.dll:tffaq
C:\WINDOWS\atlmg32.dll:ehisn
C:\WINDOWS\atlpc32.dll:imsxx
C:\WINDOWS\atlwo32.dll:qdkka
C:\WINDOWS\atlze32.dll:fpzkr
C:\WINDOWS\bbchk.exe:uqgfy
C:\WINDOWS\CONTROL.INI:ednya
C:\WINDOWS\croh.dll:odyew
C:\WINDOWS\crxj32.dll:mraki
C:\WINDOWS\cryv.dll:nuhxd
C:\WINDOWS\d3lg.dll:okqiw
C:\WINDOWS\d3lq.dll:zwhip
C:\WINDOWS\d3zi.dll:jkgiz
C:\WINDOWS\DELL.BMP:atsid
C:\WINDOWS\enyqu.dat:nszbb
C:\WINDOWS\ieuninst.exe:vwwji
C:\WINDOWS\ippz32.dll:mvmdv
C:\WINDOWS\iprl.dll:nhdwp
C:\WINDOWS\iwdzx.dat:dxoch
C:\WINDOWS\javaoy.dll:xmecz
C:\WINDOWS\ktgrd.txt:zqxrv
C:\WINDOWS\mfcis32.dll:pzfnl
C:\WINDOWS\msdt.dll:pzivs
C:\WINDOWS\msfj32.dll:yupwo
C:\WINDOWS\msrv.dll:nredv
C:\WINDOWS\msua.dll:fahra
C:\WINDOWS\netpg.dll:bnvgn
C:\WINDOWS\netre.dll:wxmsc
C:\WINDOWS\netul.dll:aloat
C:\WINDOWS\netvf32.dll:seyfn
C:\WINDOWS\netvo.dll:pezrk
C:\WINDOWS\notepad.exe:kuppj
C:\WINDOWS\nqerb.dat:jsqmu
C:\WINDOWS\ntnz.dll:pdasw
C:\WINDOWS\nttr32.dll:jtmye
C:\WINDOWS\orvaa.dll:ycoov
C:\WINDOWS\Prairie Wind.bmp:egazb
C:\WINDOWS\pukgp.dat:prpwd
C:\WINDOWS\Q3332171.exe:qibcu
C:\WINDOWS\Q3590703.exe:ukddy
C:\WINDOWS\Q815021.log:xqptp
C:\WINDOWS\Q828026.log:vzvgg
C:\WINDOWS\qfdzb.log:qfwyg
C:\WINDOWS\rhvwpr.dat:aphbz
C:\WINDOWS\sdkam32.dll:rmmek
C:\WINDOWS\sdkms32.dll:kcxcn
C:\WINDOWS\setupapi.log.0.old:putka
C:\WINDOWS\SpyBlocs_IsFirstTime.txt:ijttk
C:\WINDOWS\sysau32.dll:vbqtn
C:\WINDOWS\sysmn32.dll:lglzl
C:\WINDOWS\syswy32.dll:andjn
C:\WINDOWS\UNWISE.EXE:jvayi
C:\WINDOWS\wineb32.dll:gohxr
C:\WINDOWS\winpk32.dll:wjnna
C:\WINDOWS\winqt32.dll:dlaie
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\zrufx.dat:kqynq

Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 2:30:04 AM on: 3/11/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\addkt.exe:sylyr
C:\WINDOWS\addsh32.dll:gjfcf
C:\WINDOWS\apics32.dll:mnsas
C:\WINDOWS\apijn.dll:dzrnd
C:\WINDOWS\apirg.dll:jtnrd
C:\WINDOWS\apite.dll:qheof
C:\WINDOWS\apiuc32.dll:ihxbz
C:\WINDOWS\appac.dll:peych
C:\WINDOWS\appaf32.dll:jcedd
C:\WINDOWS\apppd.dll:baepf
C:\WINDOWS\atlfh.dll:smdjn
C:\WINDOWS\atlli.dll:tffaq
C:\WINDOWS\atlmg32.dll:ehisn
C:\WINDOWS\atlpc32.dll:imsxx
C:\WINDOWS\atlwo32.dll:qdkka
C:\WINDOWS\atlze32.dll:fpzkr
C:\WINDOWS\bbchk.exe:uqgfy
C:\WINDOWS\CONTROL.INI:ednya
C:\WINDOWS\croh.dll:odyew
C:\WINDOWS\crxj32.dll:mraki
C:\WINDOWS\cryv.dll:nuhxd
C:\WINDOWS\d3lg.dll:okqiw
C:\WINDOWS\d3lq.dll:zwhip
C:\WINDOWS\d3zi.dll:jkgiz
C:\WINDOWS\DELL.BMP:atsid
C:\WINDOWS\enyqu.dat:nszbb
C:\WINDOWS\ieuninst.exe:vwwji
C:\WINDOWS\ippz32.dll:mvmdv
C:\WINDOWS\iprl.dll:nhdwp
C:\WINDOWS\iwdzx.dat:dxoch
C:\WINDOWS\javaoy.dll:xmecz
C:\WINDOWS\ktgrd.txt:zqxrv
C:\WINDOWS\mfcis32.dll:pzfnl
C:\WINDOWS\msdt.dll:pzivs
C:\WINDOWS\msfj32.dll:yupwo
C:\WINDOWS\msrv.dll:nredv
C:\WINDOWS\msua.dll:fahra
C:\WINDOWS\netpg.dll:bnvgn
C:\WINDOWS\netre.dll:wxmsc
C:\WINDOWS\netul.dll:aloat
C:\WINDOWS\netvf32.dll:seyfn
C:\WINDOWS\netvo.dll:pezrk
C:\WINDOWS\notepad.exe:kuppj
C:\WINDOWS\nqerb.dat:jsqmu
C:\WINDOWS\ntnz.dll:pdasw
C:\WINDOWS\nttr32.dll:jtmye
C:\WINDOWS\orvaa.dll:ycoov
C:\WINDOWS\Prairie Wind.bmp:egazb
C:\WINDOWS\pukgp.dat:prpwd
C:\WINDOWS\Q3332171.exe:qibcu
C:\WINDOWS\Q3590703.exe:ukddy
C:\WINDOWS\Q815021.log:xqptp
C:\WINDOWS\Q828026.log:vzvgg
C:\WINDOWS\qfdzb.log:qfwyg
C:\WINDOWS\rhvwpr.dat:aphbz
C:\WINDOWS\sdkam32.dll:rmmek
C:\WINDOWS\sdkms32.dll:kcxcn
C:\WINDOWS\setupapi.log.0.old:putka
C:\WINDOWS\SpyBlocs_IsFirstTime.txt:ijttk
C:\WINDOWS\sysau32.dll:vbqtn
C:\WINDOWS\sysmn32.dll:lglzl
C:\WINDOWS\syswy32.dll:andjn
C:\WINDOWS\UNWISE.EXE:jvayi
C:\WINDOWS\wineb32.dll:gohxr
C:\WINDOWS\winpk32.dll:wjnna
C:\WINDOWS\winqt32.dll:dlaie
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\zrufx.dat:kqynq

Removed 2 Random Key Entries
Removed! : C:\WINDOWS\apidh.exe
Removed! : C:\WINDOWS\bvpnx.dat
Removed! : C:\WINDOWS\crmz.exe
Removed! : C:\WINDOWS\cxrnu.dat
Removed! : C:\WINDOWS\dlhrt.dat
Removed! : C:\WINDOWS\dvsdd.dat
Removed! : C:\WINDOWS\enyqu.dat
Removed! : C:\WINDOWS\eoxcw.dat
Removed! : C:\WINDOWS\exxwf.dat
Removed! : C:\WINDOWS\fqybg.dat
Removed! : C:\WINDOWS\ijuys.dat
Removed! : C:\WINDOWS\iwdzx.dat
Removed! : C:\WINDOWS\jzsig.dat
Removed! : C:\WINDOWS\mavzh.dat
Removed! : C:\WINDOWS\mevsv.dat
Removed! : C:\WINDOWS\mkpme.dat
Removed! : C:\WINDOWS\nqerb.dat
Removed! : C:\WINDOWS\psmru.dat
Removed! : C:\WINDOWS\pukgp.dat
Removed! : C:\WINDOWS\qshyj.dat
Removed! : C:\WINDOWS\sdkwp.exe
Removed! : C:\WINDOWS\tglwa.dat
Removed! : C:\WINDOWS\vtcad.dat
Removed! : C:\WINDOWS\wuchm.dat
Removed! : C:\WINDOWS\xlfzx.dat
Removed! : C:\WINDOWS\zrufx.dat
Removed! : C:\WINDOWS\System32\apiwc32.exe
Removed! : C:\WINDOWS\System32\avagv.dat
Removed! : C:\WINDOWS\System32\chslv.dat
Removed! : C:\WINDOWS\System32\d3cv32.exe
Removed! : C:\WINDOWS\System32\dygph.dat
Removed! : C:\WINDOWS\System32\ebyjs.dat
Removed! : C:\WINDOWS\System32\feebr.dat
Removed! : C:\WINDOWS\System32\jdmxt.dat
Removed! : C:\WINDOWS\System32\kfrjv.dat
Removed! : C:\WINDOWS\System32\kljho.dat
Removed! : C:\WINDOWS\System32\ldfkn.dat
Removed! : C:\WINDOWS\System32\lycrr.dat
Removed! : C:\WINDOWS\System32\mvztv.dat
Removed! : C:\WINDOWS\System32\oflxj.dat
Removed! : C:\WINDOWS\System32\pbylq.dat
Removed! : C:\WINDOWS\System32\qvdet.dat
Removed! : C:\WINDOWS\System32\sdksi.exe
Removed! : C:\WINDOWS\System32\tdpei.dat
Removed! : C:\WINDOWS\System32\trwkd.dat
Removed! : C:\WINDOWS\System32\winll.exe
Removed! : C:\WINDOWS\System32\wwhqo.dat
Removed! : C:\WINDOWS\System32\yiwsl.dat
Removed! : C:\WINDOWS\System32\zolao.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\addkt.exe:sylyr
C:\WINDOWS\addsh32.dll:gjfcf
C:\WINDOWS\apics32.dll:mnsas
C:\WINDOWS\apijn.dll:dzrnd
C:\WINDOWS\apirg.dll:jtnrd
C:\WINDOWS\apite.dll:qheof
C:\WINDOWS\apiuc32.dll:ihxbz
C:\WINDOWS\appac.dll:peych
C:\WINDOWS\appaf32.dll:jcedd
C:\WINDOWS\apppd.dll:baepf
C:\WINDOWS\atlfh.dll:smdjn
C:\WINDOWS\atlli.dll:tffaq
C:\WINDOWS\atlmg32.dll:ehisn
C:\WINDOWS\atlpc32.dll:imsxx
C:\WINDOWS\atlwo32.dll:qdkka
C:\WINDOWS\atlze32.dll:fpzkr
C:\WINDOWS\bbchk.exe:uqgfy
C:\WINDOWS\CONTROL.INI:ednya
C:\WINDOWS\croh.dll:odyew
C:\WINDOWS\crxj32.dll:mraki
C:\WINDOWS\cryv.dll:nuhxd
C:\WINDOWS\d3lg.dll:okqiw
C:\WINDOWS\d3lq.dll:zwhip
C:\WINDOWS\d3zi.dll:jkgiz
C:\WINDOWS\DELL.BMP:atsid
C:\WINDOWS\enyqu.dat:nszbb
C:\WINDOWS\ieuninst.exe:vwwji
C:\WINDOWS\ippz32.dll:mvmdv
C:\WINDOWS\iprl.dll:nhdwp
C:\WINDOWS\iwdzx.dat:dxoch
C:\WINDOWS\javaoy.dll:xmecz
C:\WINDOWS\ktgrd.txt:zqxrv
C:\WINDOWS\mfcis32.dll:pzfnl
C:\WINDOWS\msdt.dll:pzivs
C:\WINDOWS\msfj32.dll:yupwo
C:\WINDOWS\msrv.dll:nredv
C:\WINDOWS\msua.dll:fahra
C:\WINDOWS\netpg.dll:bnvgn
C:\WINDOWS\netre.dll:wxmsc
C:\WINDOWS\netul.dll:aloat
C:\WINDOWS\netvf32.dll:seyfn
C:\WINDOWS\netvo.dll:pezrk
C:\WINDOWS\notepad.exe:kuppj
C:\WINDOWS\nqerb.dat:jsqmu
C:\WINDOWS\ntnz.dll:pdasw
C:\WINDOWS\nttr32.dll:jtmye
C:\WINDOWS\orvaa.dll:ycoov
C:\WINDOWS\Prairie Wind.bmp:egazb
C:\WINDOWS\pukgp.dat:prpwd
C:\WINDOWS\Q3332171.exe:qibcu
C:\WINDOWS\Q3590703.exe:ukddy
C:\WINDOWS\Q815021.log:xqptp
C:\WINDOWS\Q828026.log:vzvgg
C:\WINDOWS\qfdzb.log:qfwyg
C:\WINDOWS\rhvwpr.dat:aphbz
C:\WINDOWS\sdkam32.dll:rmmek
C:\WINDOWS\sdkms32.dll:kcxcn
C:\WINDOWS\setupapi.log.0.old:putka
C:\WINDOWS\SpyBlocs_IsFirstTime.txt:ijttk
C:\WINDOWS\sysau32.dll:vbqtn
C:\WINDOWS\sysmn32.dll:lglzl
C:\WINDOWS\syswy32.dll:andjn
C:\WINDOWS\UNWISE.EXE:jvayi
C:\WINDOWS\wineb32.dll:gohxr
C:\WINDOWS\winpk32.dll:wjnna
C:\WINDOWS\winqt32.dll:dlaie
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\yqqjf.txt:gmewa
C:\WINDOWS\zrufx.dat:kqynq

Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 3 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Tech Clinic / Tons of adware on this computer!

« on: March 10, 2005, 11:58:35 PM »

My friend was having problems with his computer and since he isn't a computer savvy user, he ended up with a lot of spyware. After the removal of several pieces of spyware and viruses, Nortan AntiVirus still shows several spyware components in which it cannot remove. Upon further investigation, HijackThis seemed to be my only hope, so I come here in hopes to see if someone would be able to help me in the removal of these dangerous pieces of spyware with a HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:02 PM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sysml.exe
C:\WINDOWS\system32\mszt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wypkxicrjuvkuuzocjhx.net/l7vKhd...naq9IMSXYDC.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gtfal.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AF174026-CDFA-DA2F-7743-A872A5AA0D6C} - C:\WINDOWS\system32\mfcto32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mszt.exe] C:\WINDOWS\system32\mszt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunOnce: [sysml.exe] C:\WINDOWS\system32\sysml.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [a3d] C:\WINDOWS\System32\a3d.exe
O4 - HKCU\..\Run: [jugsthe] C:\DOCUME~1\LASHAW~1\APPLIC~1\BROWSE~1\flaw loud.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Internet Washer - C:\PROGRA~1\SYSTEM~1\autocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Network Security Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\nttz.exe (file missing)

Any and all help is deeply appreciated, Thank you!

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - holyknight

Tech Clinic / Tons of adware on this computer!

Tech Clinic / Tons of adware on this computer!

Tech Clinic / Tons of adware on this computer!

Tech Clinic / Tons of adware on this computer!

Tech Clinic / Tons of adware on this computer!