Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
I finally finished running the 3 scans you listed and the results are:
E-Trust-no infections found
Panda-88 infections
Trendmicro-no infections found
From Panda Results:
Incident Status Location
Adware:Adware/Naupoint No disinfected C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras Adware:Adware/SaveNow No disinfected Windows Registry Adware:Adware/Gator No disinfected C:\DOCUME~1\Christon\LOCALS~1\Temp\bundle.inf Adware:Adware/MyWay No disinfected C:\Program Files\MyWay Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch Adware:Adware/Need2Find No disinfected Windows Registry here are some of the results they all wouldnt fit...what should i do...continue with the hijackthis instructions?
Logfile of HijackThis v1.99.1
Scan saved at 8:07:34 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I got rid of the last thing you told me, however, I still see the virus name in the history log of Norton, and it still says status: infected. Does that matter? Will it stay there or go away in time?
Last Log
Logfile of HijackThis v1.99.1
Scan saved at 9:54:03 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Online symantec says:
78427 files scanned,
26 file(s) infected on your disk drives.
Search for the name of the threat(s) listed below on the Symantec site for removal information.
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
//Dump the virus list here. var i; for (i=5; i"); document.writeln(arrDetails
); document.writeln(""); } C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B11FC7-9919-4B95-AC78-606093\32032BFE-7698-42C6-A626-B8F491 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\CBCC32B4-321F-4E2D-ADA6-64DA4C\9BD0D232-3B34-4D99-A911-C99238 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\9F79F911-39B6-4C6F-9ADF-B06F62\A0E1E643-F763-4C18-9BD3-C89E9A is infected with Adware.TopsearchC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\1405B7AF-C08E-4710-B947-476806 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\140A8E8C-C444-4E2E-BAF5-0D9939 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\21D5B1F0-E008-47C9-B036-078A46 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\2375BAE8-DA81-4F5E-A253-441482 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\4168DBDA-8DDE-4EED-AD63-043BC7 is infected with Adware.TopsearchC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\4ACED931-AB11-44D3-8C8A-5C8B10 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\66134AF2-77BD-48BC-B9DE-C74266 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\6D5B24C2-FB5A-40BB-9476-735B5F is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\71CE82BB-D49A-4267-856E-B9FFB6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\7B27EEEF-41FC-46F6-B84C-7578C6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\82D52ED2-68C5-4C7B-8E2D-6B38DD is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\C3397968-720A-4C54-9FEA-E675A5 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\C4132506-CEF4-454A-8E6A-8D461B is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\CC004BC1-6487-4DB4-8D24-8C8EF9 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\CDD954C8-33CD-4CC4-BF8E-ED88E6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\D041DC36-E6F3-443C-88DA-C9CFF9 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\7F3778BB-45B1-43B4-8406-2B449D\4ED9F6EF-490E-411C-9747-CB80BD is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\52CE72AB-639F-4783-9908-CC3CB3\81AE0FC3-DDA8-4C6C-8E15-53BD55 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\472A6A45-56F9-429E-A5D4-05C4FB\FD9DC780-2FF3-4395-A106-2F004A is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\40D828AE-E0D8-436C-B3CE-136731\CB701B47-0140-453E-9519-36EB45 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\0CFA2154-DB83-48FE-A50B-7E1D74\62C6AFCF-50DA-4E8B-B841-83DF51 is infected with Adware.TopSearch.BC:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is infected with Adware.MinibugC:\Program Files\AIM\Sysfiles\WxBug.EXE is infected with Adware.Minibug if (iFilesScannedInfected > 0 || fMemoryInfected == true) { document.all.Infected.style.display = "block"; } else { document.all.Safe.style.display = "block"; } document.all.idNoVirusFoundScanComplete.style.display = "none"; document.all.idNoVirusFoundUserCancelled.style.display = "none"; document.all.idMemoryVirusFound.style.display = "none"; document.all.idFileVirusFoundScanComplete.style.display = "none"; document.all.idFileVirusFoundUserCancelled.style.display = "none"; document.all.idNoResults.style.display = "none"; //document.all.idInfectionList.style.display = "none"; //document.all.idPostResults.style.display = "none"; if (iEntries 5) { //Assume that user has not scanned. If they scanned, they should have atleast //5 entries in the array. document.all.idNoResults.style.display = "block"; //document.all.idViewResults.style.display = "block"; } else { //Got something. Display proper page. if (fMemoryInfected) { document.all.idMemoryVirusFound.style.display = "block"; //document.all.idInfectionList.style.display = "block"; // document.all.idPostResults.style.display = "block"; } else if (fNavCancelledByUser) { if(iFilesScannedInfected > 0) { document.all.idFileVirusFoundUserCancelled.style.display = "block"; //document.all.idInfectionList.style.display = "block"; // document.all.idPostResults.style.display = "block"; } else { document.all.idNoVirusFoundUserCancelled.style.display = "block"; //document.all.idViewResults.style.display = "block"; } //document.all.idPostResults.style.display = "block"; } else { if(iFilesScannedInfected > 0) { document.all.idFileVirusFoundScanComplete.style.display = "block"; //document.all.idInfectionList.style.display = "block"; //document.all.idPostResults.style.display = "block"; } else { document.all.idNoVirusFoundScanComplete.style.display = "block"; //document.all.idPostResults.style.display = "block"; } } }
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse
Please go
here and download
AdAwareSE and delete what it finds. Then go here
here and download its
VX2 cleaner. Run it and delete what it finds.
After that go
here and download
SpyBot and run it. When Spybot is complete, it will be showing
RED entries,
BLACK entries, and
GREEN entries in the window.
Put a check mark beside the
RED entries ONLY.
Choose
Fix Selected Problems
and allow Spybot to fix the
RED only entries.
thank you so much for all of your help...i did what you said in the last post....but i think those files keep coming back as when i run those scans it clears and try again and there is the same thing there. 4 that will not delete, and norton still says status: infected in the history list.....is there anything else I can try Steve?
Okay, I re-read the post you wrote, and figured out how to delete the quarantine files, so I did that for all the spyware programs I have, and I also tried to empty recycle bin, however there were no files there to empty but I got rid of one file, and empty that just to make sure. I then rebooted and ran the Norton Scan ( I have the Corporate Edition), it still says there are no viruses, but in the history of virus list that virus Trojan.Alwayup, is still located there and the status says infected still.
I have been using the following programs: microsoft antispyware, zerospyware,spyware doctor, spywareblaster, ad-aware se personal, nero start smart, spybot, spyhunter, and aswclnr. Whenever I run scans using those programs they usually find something and get rid of that and like you said I deleted those quarantine files. However, one program the spybot I think, always find something, but can not get rid of 4 files/things. It then says "some problems couldnt be fixed; the reason could be that the associated files are still in use (in memory). this could be fixed with a restart, then when I restart and that program runs again and trys that it still says the same thing. I tried that at least 3times.
These are the files/things it says it can not remove.
I put the pc in safe mode and ran the scan and tried to get rid of those files but the same message as before occured, so I restarted again in safe mode in tried once more, but same message once again it wouldnt delete.
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 30th, 2005 20:00
Here are 3 online scans for you to run and see if it catches it. If they find anything else please let me know>
eTrust AntiVirus Web Scanner
Panda ActiveScan Trend Micro
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O15 - Trusted Zone: *.moove.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
Now, with all windows closed except HiJackThis, click " Fix checked".
Reboot and post back a new log, and let me know how everything goes.
Steve
leebaby56
36 Posts
0
May 30th, 2005 22:00
Hi, and thank you so much for replying
I finally finished running the 3 scans you listed and the results are:
E-Trust-no infections found
Panda-88 infections
Trendmicro-no infections found
From Panda Results:
Incident Status Location
Adware:Adware/Naupoint No disinfected C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\DOCUME~1\Christon\LOCALS~1\Temp\bundle.inf
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch
Adware:Adware/Need2Find No disinfected Windows Registry
here are some of the results they all wouldnt fit...what should i do...continue with the hijackthis instructions?
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 30th, 2005 22:00
As long as they all were disinfected that's OK.
Steve
Message Edited by zbestwun2001 on 05-30-2005 04:57 PM
leebaby56
36 Posts
0
May 30th, 2005 23:00
Scan saved at 8:07:34 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\ZeroSpyware LE.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ZSLEScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware Limited Edition\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware Limited Edition\
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4499/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 31st, 2005 00:00
One last thing to take care of:
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
Now, with all windows closed except HiJackThis, click " Fix checked".
Reboot and post back a new log, and let me know how everything goes.
Steve
leebaby56
36 Posts
0
May 31st, 2005 00:00
Scan saved at 9:54:03 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\ZeroSpyware LE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NavNT\VPC32.EXE
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ZSLEScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware Limited Edition\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware Limited Edition\
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4499/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{09F6FC00-F6FF-4D43-8373-E831805DF858}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
leebaby56
36 Posts
0
May 31st, 2005 05:00
Search for the name of the threat(s) listed below on the Symantec site for removal information.
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
//Dump the virus list here. var i; for (i=5; i"); document.writeln(arrDetails ); document.writeln(""); } C:\Program Files\Microsoft AntiSpyware\Quarantine\E0B11FC7-9919-4B95-AC78-606093\32032BFE-7698-42C6-A626-B8F491 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\CBCC32B4-321F-4E2D-ADA6-64DA4C\9BD0D232-3B34-4D99-A911-C99238 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\9F79F911-39B6-4C6F-9ADF-B06F62\A0E1E643-F763-4C18-9BD3-C89E9A is infected with Adware.TopsearchC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\1405B7AF-C08E-4710-B947-476806 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\140A8E8C-C444-4E2E-BAF5-0D9939 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\21D5B1F0-E008-47C9-B036-078A46 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\2375BAE8-DA81-4F5E-A253-441482 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\4168DBDA-8DDE-4EED-AD63-043BC7 is infected with Adware.TopsearchC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\4ACED931-AB11-44D3-8C8A-5C8B10 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\66134AF2-77BD-48BC-B9DE-C74266 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\6D5B24C2-FB5A-40BB-9476-735B5F is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\71CE82BB-D49A-4267-856E-B9FFB6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\7B27EEEF-41FC-46F6-B84C-7578C6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\82D52ED2-68C5-4C7B-8E2D-6B38DD is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\C3397968-720A-4C54-9FEA-E675A5 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\C4132506-CEF4-454A-8E6A-8D461B is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\CC004BC1-6487-4DB4-8D24-8C8EF9 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\CDD954C8-33CD-4CC4-BF8E-ED88E6 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\8BACAC73-4633-4DFB-9DE4-39E91B\D041DC36-E6F3-443C-88DA-C9CFF9 is infected with Adware.BDEC:\Program Files\Microsoft AntiSpyware\Quarantine\7F3778BB-45B1-43B4-8406-2B449D\4ED9F6EF-490E-411C-9747-CB80BD is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\52CE72AB-639F-4783-9908-CC3CB3\81AE0FC3-DDA8-4C6C-8E15-53BD55 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\472A6A45-56F9-429E-A5D4-05C4FB\FD9DC780-2FF3-4395-A106-2F004A is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\40D828AE-E0D8-436C-B3CE-136731\CB701B47-0140-453E-9519-36EB45 is infected with Adware.TopSearch.BC:\Program Files\Microsoft AntiSpyware\Quarantine\0CFA2154-DB83-48FE-A50B-7E1D74\62C6AFCF-50DA-4E8B-B841-83DF51 is infected with Adware.TopSearch.BC:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is infected with Adware.MinibugC:\Program Files\AIM\Sysfiles\WxBug.EXE is infected with Adware.Minibugif (iFilesScannedInfected > 0 || fMemoryInfected == true) { document.all.Infected.style.display = "block"; } else { document.all.Safe.style.display = "block"; } document.all.idNoVirusFoundScanComplete.style.display = "none"; document.all.idNoVirusFoundUserCancelled.style.display = "none"; document.all.idMemoryVirusFound.style.display = "none"; document.all.idFileVirusFoundScanComplete.style.display = "none"; document.all.idFileVirusFoundUserCancelled.style.display = "none"; document.all.idNoResults.style.display = "none"; //document.all.idInfectionList.style.display = "none"; //document.all.idPostResults.style.display = "none"; if (iEntries 5) { //Assume that user has not scanned. If they scanned, they should have atleast //5 entries in the array. document.all.idNoResults.style.display = "block"; //document.all.idViewResults.style.display = "block"; } else { //Got something. Display proper page. if (fMemoryInfected) { document.all.idMemoryVirusFound.style.display = "block"; //document.all.idInfectionList.style.display = "block"; // document.all.idPostResults.style.display = "block"; } else if (fNavCancelledByUser) { if(iFilesScannedInfected > 0) { document.all.idFileVirusFoundUserCancelled.style.display = "block"; //document.all.idInfectionList.style.display = "block"; // document.all.idPostResults.style.display = "block"; } else { document.all.idNoVirusFoundUserCancelled.style.display = "block"; //document.all.idViewResults.style.display = "block"; } //document.all.idPostResults.style.display = "block"; } else { if(iFilesScannedInfected > 0) { document.all.idFileVirusFoundScanComplete.style.display = "block"; //document.all.idInfectionList.style.display = "block"; //document.all.idPostResults.style.display = "block"; } else { document.all.idNoVirusFoundScanComplete.style.display = "block"; //document.all.idPostResults.style.display = "block"; } } }
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 31st, 2005 12:00
After that go here and download SpyBot and run it. When Spybot is complete, it will be showing RED entries, BLACK entries, and GREEN entries in the window. Put a check mark beside the RED entries ONLY. Choose Fix Selected Problems and allow Spybot to fix the RED only entries.
Steve
zbestwun2001
3 Apprentice
•
8.8K Posts
0
May 31st, 2005 16:00
Then empty the recycle bin.
Reboot and rescan with Norton. Hopefully those were the files that Norton was picking up.
Steve
leebaby56
36 Posts
0
May 31st, 2005 16:00
leebaby56
36 Posts
0
June 1st, 2005 03:00
leebaby56
36 Posts
0
June 1st, 2005 08:00
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 1st, 2005 14:00
Steve
leebaby56
36 Posts
0
June 1st, 2005 15:00
leebaby56
36 Posts
0
June 1st, 2005 16:00