|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Dell PowerEdge Servers
|
|
#1
July 26th, 2004, 11:11 PM
|
|||
|
|||
|
Hijack log - Please Help
Hello...thank you up front for any advice. We have the homepage problem and can't reset the computer even after running spyware program...here is the hijackThis log:
Logfile of HijackThis v1.97.7 Scan saved at 9:08:52 PM, on 7/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\appeg32.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\NILaunch.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\RUNDLL32.exe C:\WINDOWS\crfz32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cpoiz.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cpoiz.dll/index.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cpoiz.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cpoiz.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cpoiz.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cpoiz.dll/sp.html#96676 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13DFFD82-94B1-31CB-5C0B-300B9E37563F} - C:\WINDOWS\iegq.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [crfz32.exe] C:\WINDOWS\crfz32.exe O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKLM\..\RunOnce: [sdkkm.exe] C:\WINDOWS\system32\sdkkm.exe O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe O4 - HKLM\..\RunOnce: [atlag32.exe] C:\WINDOWS\atlag32.exe O4 - HKLM\..\RunOnce: [crlq32.exe] C:\WINDOWS\crlq32.exe O4 - HKLM\..\RunOnce: [appeg32.exe] C:\WINDOWS\appeg32.exe O4 - HKLM\..\RunOnce: [apiik32.exe] C:\WINDOWS\system32\apiik32.exe O4 - HKLM\..\RunOnce: [netal32.exe] C:\WINDOWS\netal32.exe O4 - HKLM\..\RunOnce: [crzg32.exe] C:\WINDOWS\crzg32.exe O4 - HKLM\..\RunOnce: [addxa32.exe] C:\WINDOWS\addxa32.exe O4 - HKLM\..\RunOnce: [ietr.exe] C:\WINDOWS\ietr.exe O4 - HKLM\..\RunOnce: [mfcgl32.exe] C:\WINDOWS\mfcgl32.exe O4 - HKLM\..\RunOnce: [netlm32.exe] C:\WINDOWS\system32\netlm32.exe O4 - HKLM\..\RunOnce: [msfc.exe] C:\WINDOWS\msfc.exe O4 - HKLM\..\RunOnce: [msgu32.exe] C:\WINDOWS\msgu32.exe O4 - HKLM\..\RunOnce: [crif.exe] C:\WINDOWS\crif.exe O4 - HKLM\..\RunOnce: [ipsu.exe] C:\WINDOWS\system32\ipsu.exe O4 - HKLM\..\RunOnce: [atlrs32.exe] C:\WINDOWS\system32\atlrs32.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF8E8C-DF7E-4123-8CC9-0C3569F7DB51}: NameServer = 205.158.192.8 205.158.192.9
|
|
#2
July 28th, 2004, 12:41 PM
|
|||
|
|||
|
Copy and paste the contents of the Quote box into Notepad and save it to your Desktop as "GetServices.vbs" (without the quotes). Save as type: All Files
Quote:
Go to your Desktop and double click GetServices.vbs It will take a short while to run, your Anti Virus or other script blocking software may warn you of a script trying to run. Allow it to run and a text file of all the running services on your computer will pop-up. Copy and past the contents of that file in your next post. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
August 3rd, 2004, 06:16 PM
|
|||
|
|||
|
Script Error
Hi Thanks for the advice, however when I try to run the script I get the following error:
Script: C:\documents and settings\Owner\Desktop\GetServices.vbs Line: 20 Char: 72 Error: Syntax error Code: 800A03EA Source Microsoft VBScript compliation error Thanks
|
|
#4
August 4th, 2004, 12:29 PM
|
|||
|
|||
|
Go to Start > Run > enter "services.msc" (without the quotes).
Search for each of the following services: Workstation NetLogon Service Network Security Service Remote Procedure Call (RPC) Helper If found, double click the rogue service and click Stop. Then set the startup type to: Disabled. Please post your results. Tom
|
|
#5
August 16th, 2004, 02:21 AM
|
|||
|
|||
|
Quote:
We still are getting the same error as above
|
|
#6
August 18th, 2004, 02:58 PM
|
|||
|
|||
|
I am sorry for the delay.
Quote:
When you try: Go to Start > Run > enter "services.msc" You get the vbs script error? You shouldn't because services.msc is a Services Snapin which is an integral part of your operating system and not a script. Could you reboot and give it another try? Tom
|
|
#7
August 24th, 2004, 03:19 AM
|
|||
|
|||
|
Sorry..I wasn't clear...no the script error is from:
"Go to your Desktop and double click GetServices.vbs" I was able to run the services.msc We found one of the "rogue services" and did as instructed. Then I tried the "GetServices.vbs" again and still got the error. When you said to run the services.msc and then post results, I guess I was confused since once we turned it off and stopped it there was no report to post.  Kelley Quote:
|
|
#8
August 24th, 2004, 12:28 PM
|
|||
|
|||
|
No problem. We'll get through it!
Please print this page for reference as you will be off the internet while performing these fixes. Download Adaware SE Personal. Do not run it yet. http://www.majorgeeks.com/download506.html Then Download about:Buster from either of the following locations. http://www.atribune.org/downloads/AboutBuster.zip or http://tools.zerosrealm.com/AboutBuster.zip Unzip it to the desktop. Then.... Then boot into Safe Mode (restart your computer, tap F8 when computer first starts booting, select safe mode) Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button. O2 - BHO: (no name) - {13DFFD82-94B1-31CB-5C0B-300B9E37563F} - C:\WINDOWS\iegq.dll O4 - HKLM\..\Run: [crfz32.exe] C:\WINDOWS\crfz32.exe O4 - HKLM\..\RunOnce: [sdkkm.exe] C:\WINDOWS\system32\sdkkm.exe O4 - HKLM\..\RunOnce: [ntea32.exe] C:\WINDOWS\ntea32.exe O4 - HKLM\..\RunOnce: [atlag32.exe] C:\WINDOWS\atlag32.exe O4 - HKLM\..\RunOnce: [crlq32.exe] C:\WINDOWS\crlq32.exe O4 - HKLM\..\RunOnce: [appeg32.exe] C:\WINDOWS\appeg32.exe O4 - HKLM\..\RunOnce: [apiik32.exe] C:\WINDOWS\system32\apiik32.exe O4 - HKLM\..\RunOnce: [netal32.exe] C:\WINDOWS\netal32.exe O4 - HKLM\..\RunOnce: [crzg32.exe] C:\WINDOWS\crzg32.exe O4 - HKLM\..\RunOnce: [addxa32.exe] C:\WINDOWS\addxa32.exe O4 - HKLM\..\RunOnce: [ietr.exe] C:\WINDOWS\ietr.exe O4 - HKLM\..\RunOnce: [mfcgl32.exe] C:\WINDOWS\mfcgl32.exe O4 - HKLM\..\RunOnce: [netlm32.exe] C:\WINDOWS\system32\netlm32.exe O4 - HKLM\..\RunOnce: [msfc.exe] C:\WINDOWS\msfc.exe O4 - HKLM\..\RunOnce: [msgu32.exe] C:\WINDOWS\msgu32.exe O4 - HKLM\..\RunOnce: [crif.exe] C:\WINDOWS\crif.exe O4 - HKLM\..\RunOnce: [ipsu.exe] C:\WINDOWS\system32\ipsu.exe O4 - HKLM\..\RunOnce: [atlrs32.exe] C:\WINDOWS\system32\atlrs32.exe Close ALL Internet Explorer windows. This is a very important step!! Run AboutBuster.exe, click ok, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log. Run Adaware and perform a "Full system scan" Reboot normally. Go to Start->Run and type Regedit then click Ok. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and highlight Services in the left pane. In the right pane, look for any of these entries: __NS_Service __NS_Service_2 __NS_Service_3 If any are listed, right-click that entry in the right pane and choose Delete. Again in Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root and highlight Root in the Left Pane. In the right pane, look for these entries (the number at the end should correspond to the first one you deleted above): LEGACY___NS_Service LEGACY___NS_Service_2 LEGACY___NS_Service_3 If you find it, right-click it in the right-pane and choose delete. If you have trouble deleting a key. Then click once on the key name (LEGACY__NS_SERVICE_ or some other name that starts with LEGACY__NS_SERVICE) to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again. Then... Please update HijackThis, you are using an outdated version: Open HijackThis, click Config > Misc Tools > Check for Update online Or download a copy of version 1.98.2 at: http://www.majorgeeks.com/download3155.html Post a fresh log along with the two reports from about:Buster. Tom
|
|
#9
August 26th, 2004, 10:58 PM
|
|||
|
|||
|
Ok..here's the new info.
Logfile of HijackThis v1.98.2
Scan saved at 8:53:16 PM, on 8/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\NILaunch.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\SpyBlocs\SpyBlocs.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe c:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ytynh.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cpoiz.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jmuvv.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jmuvv.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jmuvv.dll/sp.html#96676 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFF8E8C-DF7E-4123-8CC9-0C3569F7DB51}: NameServer = 205.158.192.8 205.158.192.9 O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
|
|
#10
August 26th, 2004, 11:02 PM
|
|||
|
|||
|
about buster 1
***And here is the about:Buster info.***
Scanned at: 8:06:08 PM on: 8/26/2004 -- Scan 1 --------------------------- about:Buster Version 3.0 Reference List : 15 No ADS found on system Removed 2 Random Key Entries Deleted 1 Service Keys Successfully! Removed! : C:\WINDOWS\addxa32.exe Removed! : C:\WINDOWS\adlqy.dat Removed! : C:\WINDOWS\aetzpr.dat Removed! : C:\WINDOWS\amygd.dat Removed! : C:\WINDOWS\apaxa.dat Removed! : C:\WINDOWS\appeg32.exe Removed! : C:\WINDOWS\aryfi.dat Removed! : C:\WINDOWS\atlag32.exe Removed! : C:\WINDOWS\bhphu.dat Removed! : C:\WINDOWS\cdosgp.dat Removed! : C:\WINDOWS\chmvkx.dat Removed! : C:\WINDOWS\cmhem.dat Removed! : C:\WINDOWS\cmotn.dat Removed! : C:\WINDOWS\cpczto.dat Removed! : C:\WINDOWS\crbi.dll Removed! : C:\WINDOWS\crcm32.exe Removed! : C:\WINDOWS\crfz32.exe Removed! : C:\WINDOWS\crif.exe Removed! : C:\WINDOWS\crlq32.exe Removed! : C:\WINDOWS\crzg32.exe Removed! : C:\WINDOWS\csltn.dll Removed! : C:\WINDOWS\d3yt32.exe Removed! : C:\WINDOWS\d3zg32.exe Removed! : C:\WINDOWS\diqza.dat Removed! : C:\WINDOWS\dklxw.dat Removed! : C:\WINDOWS\dogobv.dat Removed! : C:\WINDOWS\dyvye.dat Removed! : C:\WINDOWS\efybbo.dat Removed! : C:\WINDOWS\esvvov.dat Removed! : C:\WINDOWS\fbfmw.dll Removed! : C:\WINDOWS\fyuanb.dat Removed! : C:\WINDOWS\gbnwih.dat Removed! : C:\WINDOWS\gbwrzx.dat Removed! : C:\WINDOWS\gjcig.dat Removed! : C:\WINDOWS\grwde.dat Removed! : C:\WINDOWS\hgban.dat Removed! : C:\WINDOWS\hgzih.dll Removed! : C:\WINDOWS\hlddm.dat Removed! : C:\WINDOWS\hmjjo.dat Removed! : C:\WINDOWS\hnrrc.dat Removed! : C:\WINDOWS\iegq.dll Removed! : C:\WINDOWS\ietr.exe Removed! : C:\WINDOWS\iezcd.dat Removed! : C:\WINDOWS\igwxy.dat Removed! : C:\WINDOWS\iznah.dat Removed! : C:\WINDOWS\jbwqe.dat Removed! : C:\WINDOWS\jprzif.dat Removed! : C:\WINDOWS\jshdne.dat Removed! : C:\WINDOWS\jtxgc.dat Removed! : C:\WINDOWS\kjftx.dat Removed! : C:\WINDOWS\kjozu.dll Removed! : C:\WINDOWS\klsdw.dat Removed! : C:\WINDOWS\klsrtb.dat Removed! : C:\WINDOWS\lghex.dat Removed! : C:\WINDOWS\lscvk(2).dll Removed! : C:\WINDOWS\lscvk(3).dll Removed! : C:\WINDOWS\lscvk(4).dll Removed! : C:\WINDOWS\lscvk(5).dll Removed! : C:\WINDOWS\mfcdk.exe Removed! : C:\WINDOWS\mfcfu.exe Removed! : C:\WINDOWS\mfcgl32.exe Removed! : C:\WINDOWS\mfcst.dll Removed! : C:\WINDOWS\mfcuf32.dll Removed! : C:\WINDOWS\mithf.dat Removed! : C:\WINDOWS\mmyyr.dat Removed! : C:\WINDOWS\msfc.exe Removed! : C:\WINDOWS\msgu32.exe Removed! : C:\WINDOWS\msme.exe Removed! : C:\WINDOWS\msqo32.dll Removed! : C:\WINDOWS\msyq.dll Removed! : C:\WINDOWS\mwuud.dat Removed! : C:\WINDOWS\nctil.dat Removed! : C:\WINDOWS\netal32.exe Removed! : C:\WINDOWS\ntea32.exe Removed! : C:\WINDOWS\ntex.dll Removed! : C:\WINDOWS\nxiyh.dat Removed! : C:\WINDOWS\n_aetzpr.dat Removed! : C:\WINDOWS\n_bfvjqi.dat Removed! : C:\WINDOWS\n_bhebgo.dat Removed! : C:\WINDOWS\n_cgkmyx.dat Removed! : C:\WINDOWS\n_dxzbqg.dat Removed! : C:\WINDOWS\n_eddhqr.dat Removed! : C:\WINDOWS\n_fqhksv.dat Removed! : C:\WINDOWS\n_fyuanb.dat Removed! : C:\WINDOWS\n_huynve.dat Removed! : C:\WINDOWS\n_hxrnhb.dat Removed! : C:\WINDOWS\n_irotun.dat Removed! : C:\WINDOWS\n_ldvkmm.dat Removed! : C:\WINDOWS\n_lrakvf.dat Removed! : C:\WINDOWS\n_mjkxjp.dat Removed! : C:\WINDOWS\n_ncmjnm.dat Removed! : C:\WINDOWS\n_nnktty.dat Removed! : C:\WINDOWS\n_qnwcph.dat Removed! : C:\WINDOWS\n_qpxhax.dat Removed! : C:\WINDOWS\n_qqutwr.dat Removed! : C:\WINDOWS\n_raskjl.dat Removed! : C:\WINDOWS\n_sntnpw.dat Removed! : C:\WINDOWS\n_tcdcfp.dat Removed! : C:\WINDOWS\n_uatqhv.dat Removed! : C:\WINDOWS\n_uetwya.dat Removed! : C:\WINDOWS\n_usytda.dat Removed! : C:\WINDOWS\n_xshfqy.dat Removed! : C:\WINDOWS\n_yajwud.dat Removed! : C:\WINDOWS\n_yizjin.dat Removed! : C:\WINDOWS\osrmb.dat Removed! : C:\WINDOWS\pljbeh.dat Removed! : C:\WINDOWS\qlgtq.dat Removed! : C:\WINDOWS\qmgdvy.dat Removed! : C:\WINDOWS\qnwcph.dat Removed! : C:\WINDOWS\qpxhax.dat Removed! : C:\WINDOWS\rawti.dat Removed! : C:\WINDOWS\rcsrw.dat Removed! : C:\WINDOWS\rqpycn.dat Removed! : C:\WINDOWS\rwatca.dat Removed! : C:\WINDOWS\satpxg.dat Removed! : C:\WINDOWS\sddmhp.dat Removed! : C:\WINDOWS\sdlyj.dat Removed! : C:\WINDOWS\semyc.dat Removed! : C:\WINDOWS\suaxza.dat Removed! : C:\WINDOWS\swjxq.dat Removed! : C:\WINDOWS\tagiru.dat Removed! : C:\WINDOWS\tftmth.dat Removed! : C:\WINDOWS\tktran.dat Removed! : C:\WINDOWS\tlaho.dat Removed! : C:\WINDOWS\udyeda.dat Removed! : C:\WINDOWS\uhxup.dll Removed! : C:\WINDOWS\viyfrb.dat Removed! : C:\WINDOWS\vlpkxl.dat Removed! : C:\WINDOWS\vzbdez.dat Removed! : C:\WINDOWS\whpgdy.dat Removed! : C:\WINDOWS\wliwv.dll Removed! : C:\WINDOWS\wwzgsr.dat Removed! : C:\WINDOWS\xkivxe.dat Removed! : C:\WINDOWS\yivwm.dat Removed! : C:\WINDOWS\yofsl.dat Removed! : C:\WINDOWS\ypjfu.dat Removed! : C:\WINDOWS\ytynh.dll Removed! : C:\WINDOWS\System32\addtw32.dll Removed! : C:\WINDOWS\System32\apiik32.exe Removed! : C:\WINDOWS\System32\apioy.dll Removed! : C:\WINDOWS\System32\appcu.dll Removed! : C:\WINDOWS\System32\apprp32.exe Removed! : C:\WINDOWS\System32\atljl32.exe Removed! : C:\WINDOWS\System32\atlrs32.exe Removed! : C:\WINDOWS\System32\btpew.dat Removed! : C:\WINDOWS\System32\cmuut.dat Removed! : C:\WINDOWS\System32\crqf.exe Removed! : C:\WINDOWS\System32\eshsq.dat Removed! : C:\WINDOWS\System32\eznyv.dat Removed! : C:\WINDOWS\System32\fizuk.dat Removed! : C:\WINDOWS\System32\fkjrw.dat Removed! : C:\WINDOWS\System32\gbwrz.dat Removed! : C:\WINDOWS\System32\hpvzs.dat Removed! : C:\WINDOWS\System32\ieyd.exe Removed! : C:\WINDOWS\System32\ifgwb.dat Removed! : C:\WINDOWS\System32\ijmuv.dat Removed! : C:\WINDOWS\System32\ijuwi.dll Removed! : C:\WINDOWS\System32\ipsu.exe Removed! : C:\WINDOWS\System32\javapn32.exe Removed! : C:\WINDOWS\System32\jklyp.dat Removed! : C:\WINDOWS\System32\jsurk.dat Removed! : C:\WINDOWS\System32\jyvfj.dat Removed! : C:\WINDOWS\System32\kanbo.dat Removed! : C:\WINDOWS\System32\kkjsl.dat Removed! : C:\WINDOWS\System32\kwaqi.dat Removed! : C:\WINDOWS\System32\lqfma.dat Removed! : C:\WINDOWS\System32\lsppm.dat Removed! : C:\WINDOWS\System32\luzpy.dat Removed! : C:\WINDOWS\System32\lxqoq.dat Removed! : C:\WINDOWS\System32\mavvw.dat Removed! : C:\WINDOWS\System32\mhark.dll Removed! : C:\WINDOWS\System32\mkcdz.dat Removed! : C:\WINDOWS\System32\mpvxa.dat Removed! : C:\WINDOWS\System32\mqvcd.dat Removed! : C:\WINDOWS\System32\msyhf.dat Removed! : C:\WINDOWS\System32\netlm32.exe Removed! : C:\WINDOWS\System32\nwmka.dat Removed! : C:\WINDOWS\System32\nximf.dat Removed! : C:\WINDOWS\System32\nxiud.dll Removed! : C:\WINDOWS\System32\obtew.dll Removed! : C:\WINDOWS\System32\omsxw.dat Removed! : C:\WINDOWS\System32\pegni.dat Removed! : C:\WINDOWS\System32\pflwk.dat Removed! : C:\WINDOWS\System32\pfpko.dat Removed! : C:\WINDOWS\System32\pfuov.dat Removed! : C:\WINDOWS\System32\pphgs.dat Removed! : C:\WINDOWS\System32\pvpyo.dat Removed! : C:\WINDOWS\System32\qbvaa.dat Removed! : C:\WINDOWS\System32\qszcn.dll Removed! : C:\WINDOWS\System32\qvkon.dat Removed! : C:\WINDOWS\System32\sdkjy32.exe Removed! : C:\WINDOWS\System32\sdkkm.exe Removed! : C:\WINDOWS\System32\sdkmo.exe Removed! : C:\WINDOWS\System32\stfkh.dll Removed! : C:\WINDOWS\System32\sxmnz.dat Removed! : C:\WINDOWS\System32\syspk.dll Removed! : C:\WINDOWS\System32\tiyti.dat Removed! : C:\WINDOWS\System32\tyteh.dat Removed! : C:\WINDOWS\System32\uvtzi.dat Removed! : C:\WINDOWS\System32\vabzd.dat Removed! : C:\WINDOWS\System32\vbgnv.dat Removed! : C:\WINDOWS\System32\vsorj.dat Removed! : C:\WINDOWS\System32\vurdm.dat Removed! : C:\WINDOWS\System32\wincc32.dll Removed! : C:\WINDOWS\System32\winms32.exe Removed! : C:\WINDOWS\System32\wjmud.dat Removed! : C:\WINDOWS\System32\xbxet.dat Removed! : C:\WINDOWS\System32\xpifc.dat Removed! : C:\WINDOWS\System32\xsnzc.dat Removed! : C:\WINDOWS\System32\xydwo.dat Removed! : C:\WINDOWS\System32\yfsjp.dat Removed! : C:\WINDOWS\System32\zekih.dat Removed! : C:\WINDOWS\System32\zubvm.dll Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done!
|
|
#11
August 26th, 2004, 11:04 PM
|
|||
|
|||
|
about buster2
Scanned at: 8:09:03 PM on: 8/26/2004 -- Scan 1 --------------------------- about:Buster Version 3.0 Reference List : 15 No ADS found on system Removed 2 Random Key Entries Deleted 1 Service Keys Successfully! Removed! : C:\WINDOWS\addxa32.exe Removed! : C:\WINDOWS\adlqy.dat Removed! : C:\WINDOWS\aetzpr.dat Removed! : C:\WINDOWS\amygd.dat Removed! : C:\WINDOWS\apaxa.dat Removed! : C:\WINDOWS\appeg32.exe Removed! : C:\WINDOWS\aryfi.dat Removed! : C:\WINDOWS\atlag32.exe Removed! : C:\WINDOWS\bhphu.dat Removed! : C:\WINDOWS\cdosgp.dat Removed! : C:\WINDOWS\chmvkx.dat Removed! : C:\WINDOWS\cmhem.dat Removed! : C:\WINDOWS\cmotn.dat Removed! : C:\WINDOWS\cpczto.dat Removed! : C:\WINDOWS\crbi.dll Removed! : C:\WINDOWS\crcm32.exe Removed! : C:\WINDOWS\crfz32.exe Removed! : C:\WINDOWS\crif.exe Removed! : C:\WINDOWS\crlq32.exe Removed! : C:\WINDOWS\crzg32.exe Removed! : C:\WINDOWS\csltn.dll Removed! : C:\WINDOWS\d3yt32.exe Removed! : C:\WINDOWS\d3zg32.exe Removed! : C:\WINDOWS\diqza.dat Removed! : C:\WINDOWS\dklxw.dat Removed! : C:\WINDOWS\dogobv.dat Removed! : C:\WINDOWS\dyvye.dat Removed! : C:\WINDOWS\efybbo.dat Removed! : C:\WINDOWS\esvvov.dat Removed! : C:\WINDOWS\fbfmw.dll Removed! : C:\WINDOWS\fyuanb.dat Removed! : C:\WINDOWS\gbnwih.dat Removed! : C:\WINDOWS\gbwrzx.dat Removed! : C:\WINDOWS\gjcig.dat Removed! : C:\WINDOWS\grwde.dat Removed! : C:\WINDOWS\hgban.dat Removed! : C:\WINDOWS\hgzih.dll Removed! : C:\WINDOWS\hlddm.dat Removed! : C:\WINDOWS\hmjjo.dat Removed! : C:\WINDOWS\hnrrc.dat Removed! : C:\WINDOWS\iegq.dll Removed! : C:\WINDOWS\ietr.exe Removed! : C:\WINDOWS\iezcd.dat Removed! : C:\WINDOWS\igwxy.dat Removed! : C:\WINDOWS\iznah.dat Removed! : C:\WINDOWS\jbwqe.dat Removed! : C:\WINDOWS\jprzif.dat Removed! : C:\WINDOWS\jshdne.dat Removed! : C:\WINDOWS\jtxgc.dat Removed! : C:\WINDOWS\kjftx.dat Removed! : C:\WINDOWS\kjozu.dll Removed! : C:\WINDOWS\klsdw.dat Removed! : C:\WINDOWS\klsrtb.dat Removed! : C:\WINDOWS\lghex.dat Removed! : C:\WINDOWS\lscvk(2).dll Removed! : C:\WINDOWS\lscvk(3).dll Removed! : C:\WINDOWS\lscvk(4).dll Removed! : C:\WINDOWS\lscvk(5).dll Removed! : C:\WINDOWS\mfcdk.exe Removed! : C:\WINDOWS\mfcfu.exe Removed! : C:\WINDOWS\mfcgl32.exe Removed! : C:\WINDOWS\mfcst.dll Removed! : C:\WINDOWS\mfcuf32.dll Removed! : C:\WINDOWS\mithf.dat Removed! : C:\WINDOWS\mmyyr.dat Removed! : C:\WINDOWS\msfc.exe Removed! : C:\WINDOWS\msgu32.exe Removed! : C:\WINDOWS\msme.exe Removed! : C:\WINDOWS\msqo32.dll Removed! : C:\WINDOWS\msyq.dll Removed! : C:\WINDOWS\mwuud.dat Removed! : C:\WINDOWS\nctil.dat Removed! : C:\WINDOWS\netal32.exe Removed! : C:\WINDOWS\ |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
