MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please help with slow startup and cfgmgr52.dll
May 29, 2020, 03:45:13 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 29, 2020, 03:45:13 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please help with slow startup and cfgmgr52.dll  (Read 2298 times)
sorgje
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« on: August 09, 2005, 03:32:54 AM »

I followed the directions the admin set forth in terms of TrendMicro, Adaware, and Spybot. One issue could not be resolved with TrendMicro: TSPYSMALL.SN CANNOT ACCESS C:\ProgramFiles\leuh\Puyxtlx.exe. No other issues were noted with Adaware nor Spybot.

I also get an error upon boot-up saying that the cfgmgr52.dll module could not be found.

Any help you could provide me would be greatly appreciated. Thank you in advance.

Here is my Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:27 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ieuh\Puyxtlx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\jaropq.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jonathan Sorg\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Aaccdu] C:\Program Files\Ieuh\Puyxtlx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitezhb32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jaropq.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Yw4mRjf3U] svccurs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosuxxx.mht!http://adextension.com/ext1/ysa.chm::/ysb_website.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigitalhighway.com/upload/FujifilmUploadClient.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)



Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: August 09, 2005, 08:39:04 AM »

Hello and Welcome

I just want to warn you up front that you've multiple infections here & we have a big fight ahead. So, please be prepared for this to take a couple of rounds. There's a fair bit of work to do & I require your assistance & patience.

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

Please save the following instructions in Notepad. I have customed my instructions on the assumption that you have Notepad 'on'. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any open browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please do not run Hijackthis from it's current location.
Create a permanent directory - C:\Program Files\HiJackThis\
Re-locate all files to the new directory  

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs.  Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.  

CleanUp! - Install.

KillBox v2.0.0.175

Nailfix - Unzip tp a new folder

FindIt's.zip

ETRemover_v130.zip  - Unzip to a new folder.
    From that folder, click on ETRemover_v130.exe
    Click About >> check for updates
    After it has updated itself, close that program. We'll run it later  

Ewido Security Suite - Install &  Update it's database but do not run it yet.

WinPfind.zip - Unzip to Drive C

TrackQoo.zip

UNPLUG YOUR COMPUTER FOM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

When doing the fix, you shall be viewing these instructions from Notepad.
Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
      C:\WINDOWS\System32\jaropq.exe
    C:\WINDOWS\etb\pokapoka62.exe
    C:\WINDOWS\System32\ps1.exe
    C:\Program Files\Ieuh\Puyxtlx.exe
    C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    C:\windows\system32\elitezhb32.exe
    C:\WINDOWS\VCMnet11.exe
    C:\WINDOWS\cfgmgr52.dll
    C:\WINDOWS\System32\exp
    C:\WINDOWS\svcproc.exe
    C:\WINDOWS\zeta.exe    

Launch KillBox.exe
Go to the File menu, and choose 'Paste from Clipboard' * this feature does not work on older versons of Killbox
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
 Select/tick the following:
    Replace on Reboot
     Use Dummy
     End Explorer Shell While Killing File
     Unregister dlll Before deleting
    * if it's not grayed out

 Click the RED X button.
 Click Yes at the 'Delete on Reboot' prompt.
 Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE
Restart the computer. The computer begins processing a set of instructions known as BIOS.
 As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
 Continue to do so until the 'Windows Advanced Options' menu appears.
 Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
    Vbouncer / Virtual Bounce
    Elite toolbar
    Windows AFA Internet Enhancement      

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run ETRemover_v130.exe, then click the "Kill Elite Toolbar" button and wait until it finishes its work.

* Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Click Start->Run - type SERVICES.MSC & then click on the OK button
 Locate the service - ZESOFT  
 Double-click on it to open the Properties dialog.
 Stop the service by using the Stop button.
 Change the Startup type to Disabled & then click on the OK button

 Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
 In the popup box that appears, type in ZESOFT   & then click on the OK button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPEN WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Aaccdu] C:\Program Files\Ieuh\Puyxtlx.exe
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitezhb32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jaropq.exe reg_run
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Yw4mRjf3U] svccurs.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosuxxx.mht!http://adextension.com/ext1/ysa.chm::/ysb_website.cab  



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options>View tab.
 Enable the option for `Show hidden files and folder
Logged

 
sorgje
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« Reply #2 on: August 18, 2005, 03:13:56 AM »

I am sorry this has taken so long, but I have been out of town. Nevertheless, I completed the steps you listed above, and I had a couple of problems, including a new virus. The virus was termed "Bloodhound.exploit," and I don't really know what to do with it--Norton cannot seem to remove it. The other problem I had began after I ran WinPFind.exe. When I rebooted to normal mode, I had to reboot numerous times because the keyboard would not work. I could not click on anything either, and when I opened the task manager, I had difficulty closing it. The only way to restart was to manually shut down the computer (I could not restart from the Start menu). All in all, the computer seems to be running better now, but the startup is still pretty slow.

Here are the logs you requested:
HiJackThis log--
Logfile of HijackThis v1.99.1
Scan saved at 10:59:40 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigitalhighway.com/upload/FujifilmUploadClient.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Antispyware log--
      Started Scanning
      Internet Cookies
         Found 'data.coremetrics.com' in 'Internet Explorer Cache'
         Found 'atdmt.com' in 'Internet Explorer Cache'
         Found 'as-us.falkag.net' in 'Internet Explorer Cache'
         Found 'doubleclick.net' in 'Internet Explorer Cache'
      Programs in Memory
      Windows Registry
         Found '' in 'SOFTWARE\Magnet'
         Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}'
         Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32'
         Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID'
         Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib'
         Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION'
         Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32'
         Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
         Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
         Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG'
         Found '' in 'SOFTWARE\Classes\AdToolsX.Installer'
         Found 'iebar' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform'
         Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
         Found '' in 'SOFTWARE\Media Access'
         Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
         Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
         Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
      Internet URL Shortcuts
         Found 'WeirdOnTheWeb.url' in 'C:\Documents and Settings\Laura Dengler\Favorites\'
      Files and Directories
         Found '21.xml' in 'C:\Documents and Settings\All Users\Application Data\VBouncer\Instr'
         Found 'SWsettings.xml' in 'C:\Documents and Settings\All Users\Application Data\VBouncer'
         Found 'USER.XML' in 'C:\Documents and Settings\All Users\Application Data\VBouncer'
         Found '' in 'C:\Documents and Settings\Laura Dengler\Favorites\Finances & Business'
         Found '' in 'C:\Documents and Settings\Laura Dengler\Favorites\Health & Insurance'
         Found '' in 'C:\Documents and Settings\Laura Dengler\Favorites\Homelife & Travel'
         Found '' in 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\AdDestroyer'
         Found '' in 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU'
         Found '' in 'C:\Program Files\CxtPls'
         Found 'ide21201.vxd' in 'C:\WINDOWS\system32'
         Found 'kill internet popups5.ico' in 'C:\WINDOWS\system32'
         Found 'kippaorlxh.dat' in 'C:\WINDOWS\UPD'
      Finished Scanning
      Started Backup
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
      Finished Backup
      Started Cleaning
      [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
      [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
      [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
      [SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\Instr\21.xml' in shortcut areas.
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\Instr\21.xml' in startup areas.
         Cleaning 'C:\Documents and Settings\All Users\Application Data\VBouncer\Instr\21.xml'
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\SWsettings.xml' in shortcut areas.
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\SWsettings.xml' in startup areas.
         Cleaning 'C:\Documents and Settings\All Users\Application Data\VBouncer\SWsettings.xml'
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\USER.XML' in shortcut areas.
         Checking for 'C:\Documents and Settings\All Users\Application Data\VBouncer\USER.XML' in startup areas.
         Cleaning 'C:\Documents and Settings\All Users\Application Data\VBouncer\USER.XML'
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Finances & Business' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Finances & Business' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Favorites\Finances & Business'
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Health & Insurance' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Health & Insurance' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Favorites\Health & Insurance'
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Homelife & Travel' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Favorites\Homelife & Travel' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Favorites\Homelife & Travel'
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\AdDestroyer' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\AdDestroyer' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\AdDestroyer'
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU'
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About Save!.url' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About Save!.url' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About Save!.url'
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About SaveNow.url' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About SaveNow.url' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\Learn More About SaveNow.url'
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\WhenU.com Website.url' in shortcut areas.
         Checking for 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\WhenU.com Website.url' in startup areas.
         Cleaning 'C:\Documents and Settings\Laura Dengler\Start Menu\Programs\WhenU\WhenU.com Website.url'
         Checking for 'C:\Program Files\CxtPls' in shortcut areas.
         Checking for 'C:\Program Files\CxtPls' in startup areas.
         Cleaning 'C:\Program Files\CxtPls'
         Checking for 'C:\Program Files\CxtPls\pstub0\proxystub.dll' in shortcut areas.
         Checking for 'C:\Program Files\CxtPls\pstub0\proxystub.dll' in startup areas.
         Cleaning 'C:\Program Files\CxtPls\pstub0\proxystub.dll'
         Checking for 'C:\WINDOWS\system32\ide21201.vxd' in shortcut areas.
         Checking for 'C:\WINDOWS\system32\ide21201.vxd' in startup areas.
         Cleaning 'C:\WINDOWS\system32\ide21201.vxd'
         Checking for 'C:\WINDOWS\system32\kill internet popups5.ico' in shortcut areas.
         Checking for 'C:\WINDOWS\system32\kill internet popups5.ico' in startup areas.
         Cleaning 'C:\WINDOWS\system32\kill internet popups5.ico'
         Checking for 'C:\WINDOWS\UPD\kippaorlxh.dat' in shortcut areas.
         Checking for 'C:\WINDOWS\UPD\kippaorlxh.dat' in startup areas.
         Cleaning 'C:\WINDOWS\UPD\kippaorlxh.dat'
      Finished Cleaning

Activescan--

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/wupd            No disinfected                C:\WINDOWS\SYSTEM32\ide21201.vxd                                                                                                                                                                                                                                
Adware:adware/sqwire          No disinfected                C:\WINDOWS\SYSTEM32\tsuninst.exe                                                                                                                                                                                                                                
Adware:adware/afaenhance      No disinfected                C:\WINDOWS\SYSTEM\QBUninstaller.exe                                                                                                                                                                                                                            
Adware:adware/weirdontheweb   No disinfected                C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\FAVORITES\WeirdOnTheWeb.url                                                                                                                                                                                            
Spyware:spyware/surfsidekick  No disinfected                C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\APPLICATION DATA\Sskknwrd.dll                                                                                                                                                                                          
Adware:adware/bookedspace     No disinfected                C:\WINDOWS\cfgmgr52.ini                                                                                                                                                                                                                                        
Adware:adware/apropos         No disinfected                C:\PROGRAM FILES\CxtPls                                                                                                                                                                                                                                        
Adware:adware/fizzle          No disinfected                C:\PROGRAM FILES\FwBarTemp                                                                                                                                                                                                                                      
Adware:adware program         No disinfected                C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs                                                                                                                                                                                                                          
Adware:adware/dealhelper      No disinfected                C:\WINDOWS\SYSTEM32\Newmsrdk                                                                                                                                                                                                                                    
Adware:adware/addestroyer     No disinfected                C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\START MENU\PROGRAMS\AdDestroyer                                                                                                                                                                                        
Adware:adware/whenusearch     No disinfected                C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\START MENU\PROGRAMS\WhenU                                                                                                                                                                                              
Adware:adware/elitebar        No disinfected                C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\FAVORITES\Casino & Carrers                                                                                                                                                                                              
Adware:adware/virtualbouncer  No disinfected                C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer                                                                                                                                                                                                  
Adware:adware/delfinmedia     No disinfected                C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl                                                                                                                                                                                                    
Spyware:spyware/dyfuca        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/Apropos         No disinfected                C:\Program Files\CxtPls\pstub0\proxystub.dll                                                                                                                                                                                                                    
Adware:Adware/Thecoolbar      No disinfected                C:\Program Files\FwBarTemp\cohelper.exe                                                                                                                                                                                                                        
Hacktool:Hacktool/Processor   No disinfected                C:\Program Files\nailfix\Process.exe                                                                                                                                                                                                                            
Spyware:Spyware/BetterInet    No disinfected                C:\WINDOWS\system\QBUninstaller.exe                                                                                                                                                                            
Ewido log--
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         6:13:07 AM, 8/17/2005
 + Report-Checksum:      A1518D3A

 + Scan result:

   C:\Documents and Settings\Laura Dengler\Cookies\laura dengler@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup


::Report End

FindIt log--

Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 08/16/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #3 on: August 18, 2005, 05:04:39 AM »

Download LQFix  & unzip the contents to a new folder.

UNPLUG YOUR COMPUTER FOM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

Please save the following instructions in Notepad.  

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Open Notepad & copy & paste the following text into it:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SurfSideKick 3"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=-
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"gwkwrkfg.exe"=-

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ftnqmsxy]

[-HKEY_CLASSES_ROOT\CLSID\{8ba16b43-f3fa-4578-85ee-4354d232fb00}]


Save it to Desktop as "regdel.reg" (inclusive of "quotes")
Double click on regdel.reg  & answer Yes when prompted to merge into the Registry

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPEN WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"  



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
      C:\WINDOWS\SYSTEM32\Bawpdck1.xml
    C:\WINDOWS\SYSTEM32\Qrsxlbk1.xml
    C:\WINDOWS\SYSTEM32\Xllkysk1.xml
    C:\WINDOWS\System32\jonbe.dll
    C:\WINDOWS\system\gwkwrkfg.exe
    C:\WINDOWS\SYSTEM32\ide21201.vxd
    C:\WINDOWS\SYSTEM32\tsuninst.exe
    C:\WINDOWS\SYSTEM\QBUninstaller.exe
    C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\FAVORITES\WeirdOnTheWeb.url
    C:\DOCUMENTS AND SETTINGS\LAURA DENGLER\APPLICATION DATA\Sskknwrd.dll
    C:\WINDOWS\cfgmgr52.ini
    C:\WINDOWS\SYSTEM32\Newmsrdk
    C:\WINDOWS\system\QBUninstaller.exe
    C:\WINDOWS\system32\pinkkas.ico
    C:\Documents and Settings\Laura Dengler\Application Data\Sskknwrd.dll    

Launch KillBox.exe
Go to the File menu, and choose 'Paste from Clipboard' * this feature does not work on older versons of Killbox
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
 Select/tick the following:
    Replace on Reboot
     Use Dummy
     End Explorer Shell While Killing File
     Unregister dlll Before deleting
    * if it's not grayed out

 Click the RED X button.
 Click Yes at the 'Delete on Reboot' prompt.
 Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE
Restart the computer. The computer begins processing a set of instructions known as BIOS.
 As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
 Continue to do so until the 'Windows Advanced Options' menu appears.
 Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
    Surf SideKick
    ADDestroyer
    FWBar Temp  

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run LQFix.bat

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options>View tab.
 Enable the option for `Show hidden files and folder
Logged

 
sorgje
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« Reply #4 on: October 10, 2005, 08:48:35 PM »

The problems have begun again--very slow startup (>5 minutes) and lots of popups. When I run Ewido, I get an error message that it cannot remove C:\Program Files\Common Files\System32.dll/gui.exe. Then, it prompts me to delete all of C:\Program Files\Common Files\System 32.dll. I have opted not to delete this without some guidance. Also, during startup, I get a message about a fatal error involving the following: C:\WINDOWS\Minidump\Mini100705-01.dmp
C:\DOCUME~1\LAURAD~1\LOCALS~1\Temp\WER11.tmp.dir00\sysdata.xml. Any immediate help would be greatly appreciated.

Here are logs from HiJackThis, PandaScan, Ewido, and WinPFind:
Logfile of HijackThis v1.99.1
Scan saved at 4:36:22 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Sm9uYXRoYW4gU29yZwAA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\ruxh\cwoyrtl.exe
C:\WINDOWS\System32\hbfbm\qgksqvdr.exe
C:\WINDOWS\System32\mvnvdxiu\jafxovd.exe
C:\WINDOWS\System32\tccei\pmaklmcp.exe
C:\WINDOWS\System32\tewxyvp\ovwfcdu.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\waunr.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5F04AE8F-6895-EB7A-F4CC-26CF50B9BA4D} - C:\WINDOWS\System32\xojfacic\ukhhynjo.dll
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\System32\AdCom.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [xmwnxp] C:\WINDOWS\System32\uqnvy\xmwnxp.exe
O4 - HKLM\..\Run: [ktxdui] C:\WINDOWS\System32\bysxroy\ktxdui.exe
O4 - HKLM\..\Run: [rbwrtpko] C:\WINDOWS\System32\rflgrgi\rbwrtpko.exe
O4 - HKLM\..\Run: [cmjvdagh] C:\WINDOWS\System32\fudoro\cmjvdagh.exe
O4 - HKLM\..\Run: [cwoyrtl] C:\WINDOWS\System32\ruxh\cwoyrtl.exe
O4 - HKLM\..\Run: [qgksqvdr] C:\WINDOWS\System32\hbfbm\qgksqvdr.exe
O4 - HKLM\..\Run: [jafxovd] C:\WINDOWS\System32\mvnvdxiu\jafxovd.exe
O4 - HKLM\..\Run: [pmaklmcp] C:\WINDOWS\System32\tccei\pmaklmcp.exe
O4 - HKLM\..\Run: [ovwfcdu] C:\WINDOWS\System32\tewxyvp\ovwfcdu.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\waunr.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigitalhighway.com/upload/FujifilmUploadClient.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uYXRoYW4gU29yZwAA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ftivpwkreekat - Unknown owner - C:\WINDOWS\System32\eekat\ftivpwkr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: oiehngjvjxvr - Unknown owner - C:\WINDOWS\System32\ngjvjxvr\oieh.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\VIDCTRL\VIDCTRL.EXE                                                                                                                                                                                                                        
Adware:Adware/DealHelper      No disinfected                C:\WINDOWS\SYSTEM32\WAUNR.EXE                                                                                                                                                                                                                                  
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\NSVSVC\NSVSVC.EXE                                                                                                                                                                                                                          
Virus:Trj/Downloader.FHW      Disinfected                   Operating system                                                                                                                                                                                                                                                
Spyware:Spyware/Ukiee         No disinfected                C:\WINDOWS\SYSTEM32\TEWXYVP\OVWFCDU.EXE                                                                                                                                                                                                                        
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\SYSTEM32\RUXH\CWOYRTL.EXE                                                                                                                                                                                                                            
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\SYSTEM32\UQNVY\XMWNXP.EXE                                                                                                                                                                                                                            
Virus:Trj/Downloader.FHW      Disinfected                   Operating system                                                                                                                                                                                                                                                
Adware:adware/maxifiles       No disinfected                C:\PROGRAM FILES\COMMON FILES\system32.dll                                                                                                                                                                                                                      
Adware:adware/ezula           No disinfected                C:\WINDOWS\SYSTEM32\ezstub.exe                                                                                                                                                                                                                                  
Adware:adware/sqwire          No disinfected                C:\WINDOWS\SYSTEM32\tsuninst.exe                                                                                                                                                                                                                                
Adware:adware/delfinmedia     No disinfected                C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe                                                                                                                                                                                    
Spyware:spyware/surfsidekick  No disinfected                C:\Documents and Settings\Laura Dengler\Application Data\Sskknwrd.dll                                                                                                                                                                                          
Adware:adware/bookedspace     No disinfected                C:\WINDOWS\cfgmgr52.ini                                                                                                                                                                                                                                        
Adware:adware/dealhelper      No disinfected                C:\WINDOWS\SYSTEM32\Newmsrdk                                                                                                                                                                                                                                    
Adware:adware/sahagent        No disinfected                C:\WINDOWS\SYSTEM32\SahImages                                                                                                                                                                                                                                  
Adware:adware/savenow         No disinfected                C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv                                                                                                                                                                                                        
Adware:adware/ist.sidefind    No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/DealHelper      No disinfected                C:\Documents and Settings\Laura Dengler\Local Settings\Temp\waunr.exe                                                                                                                                                                                          
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\InetGet\mc-58-12-0000119.exe                                                                                                                                                                                                      
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\InetGet2\mc-58-12-0000119.exe                                                                                                                                                                                                    
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\mc-58-12-0000119.exe                                                                                                                                                                                                              
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\system32.dll[gui.exe]                                                                                                                                                                                                            
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\system32.dll[cwebpage.dll]                                                                                                                                                                                                        
Adware:Adware/DelFinMedia     No disinfected                C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe                                                                                                                                                                                    
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe                                                                                                                                                                                                      
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\DNS\cwebpage.dll                                                                                                                                                                                                                              
Virus:Trj/Downloader.FHW      Disinfected                   C:\WINDOWS\system32\dbdmvhsa\lxhpoihh.exe                                                                                                                                                                                                                      
Adware:Adware/eZula           No disinfected                C:\WINDOWS\system32\ezstub.exe                                                                                                                                                                                                                                  
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsv.ocx                                                                                                                                                                                                                              
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsvs.dll                                                                                                                                                                                                                            
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsvsvc.exe                                                                                                                                                                                                                          
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\system32\ruxh\cwoyrtl.exe                                                                                                                                                                                                                            
Spyware:Spyware/Ukiee         No disinfected                C:\WINDOWS\system32\tewxyvp\ovwfcdu.exe                                                                                                                                                                                                                        
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\system32\uqnvy\xmwnxp.exe                                                                                                                                                                                                                            
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\vidctrl\vidctrl.exe                                                                                                                                                                                                                        
Adware:Adware/DealHelper      No disinfected                C:\WINDOWS\system32\waunr.exe                                                                                                                                                                                                                                  

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\VIDCTRL\VIDCTRL.EXE                                                                                                                                                                                                                        
Adware:Adware/DealHelper      No disinfected                C:\WINDOWS\SYSTEM32\WAUNR.EXE                                                                                                                                                                                                                                  
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\NSVSVC\NSVSVC.EXE                                                                                                                                                                                                                          
Virus:Trj/Downloader.FHW      Disinfected                   Operating system                                                                                                                                                                                                                                                
Spyware:Spyware/Ukiee         No disinfected                C:\WINDOWS\SYSTEM32\TEWXYVP\OVWFCDU.EXE                                                                                                                                                                                                                        
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\SYSTEM32\RUXH\CWOYRTL.EXE                                                                                                                                                                                                                            
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\SYSTEM32\UQNVY\XMWNXP.EXE                                                                                                                                                                                                                            
Virus:Trj/Downloader.FHW      Disinfected                   Operating system                                                                                                                                                                                                                                                
Adware:adware/maxifiles       No disinfected                C:\PROGRAM FILES\COMMON FILES\system32.dll                                                                                                                                                                                                                      
Adware:adware/ezula           No disinfected                C:\WINDOWS\SYSTEM32\ezstub.exe                                                                                                                                                                                                                                  
Adware:adware/sqwire          No disinfected                C:\WINDOWS\SYSTEM32\tsuninst.exe                                                                                                                                                                                                                                
Adware:adware/delfinmedia     No disinfected                C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe                                                                                                                                                                                    
Spyware:spyware/surfsidekick  No disinfected                C:\Documents and Settings\Laura Dengler\Application Data\Sskknwrd.dll                                                                                                                                                                                          
Adware:adware/bookedspace     No disinfected                C:\WINDOWS\cfgmgr52.ini                                                                                                                                                                                                                                        
Adware:adware/dealhelper      No disinfected                C:\WINDOWS\SYSTEM32\Newmsrdk                                                                                                                                                                                                                                    
Adware:adware/sahagent        No disinfected                C:\WINDOWS\SYSTEM32\SahImages                                                                                                                                                                                                                                  
Adware:adware/savenow         No disinfected                C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv                                                                                                                                                                                                        
Adware:adware/ist.sidefind    No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/DealHelper      No disinfected                C:\Documents and Settings\Laura Dengler\Local Settings\Temp\waunr.exe                                                                                                                                                                                          
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\InetGet\mc-58-12-0000119.exe                                                                                                                                                                                                      
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\InetGet2\mc-58-12-0000119.exe                                                                                                                                                                                                    
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\mc-58-12-0000119.exe                                                                                                                                                                                                              
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\system32.dll[gui.exe]                                                                                                                                                                                                            
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\system32.dll[cwebpage.dll]                                                                                                                                                                                                        
Adware:Adware/DelFinMedia     No disinfected                C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe                                                                                                                                                                                    
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe                                                                                                                                                                                                      
Adware:Adware/Maxifiles       No disinfected                C:\Program Files\DNS\cwebpage.dll                                                                                                                                                                                                                              
Virus:Trj/Downloader.FHW      Disinfected                   C:\WINDOWS\system32\dbdmvhsa\lxhpoihh.exe                                                                                                                                                                                                                      
Adware:Adware/eZula           No disinfected                C:\WINDOWS\system32\ezstub.exe                                                                                                                                                                                                                                  
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsv.ocx                                                                                                                                                                                                                              
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsvs.dll                                                                                                                                                                                                                            
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\nsvsvc\nsvsvc.exe                                                                                                                                                                                                                          
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\system32\ruxh\cwoyrtl.exe                                                                                                                                                                                                                            
Spyware:Spyware/Ukiee         No disinfected                C:\WINDOWS\system32\tewxyvp\ovwfcdu.exe                                                                                                                                                                                                                        
Adware:Adware/Exact.BargainBuddyNo disinfected                C:\WINDOWS\system32\uqnvy\xmwnxp.exe                                                                                                                                                                                                                            
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\system32\vidctrl\vidctrl.exe                                                                                                                                                                                                                        
Adware:Adware/DealHelper      No disinfected                C:\WINDOWS\system32\waunr.exe                                                                                                                                                                                                                                  
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         12:21:11 AM, 10/10/2005
 + Report-Checksum:      E0411EBE

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839}\TypeLib\\ -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610}\TypeLib\\ -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783}\TypeLib\\ -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1\CLSID\\ -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Cleaned with backup
   HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware.DealHelper : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
   HKU\S-1-5-21-2052111302-1060284298-1604941331-1004\Software\Mvu -> Spyware.Delfin : Cleaned with backup
   C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
   C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
   C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
   C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
   C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
   C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
   C:\WINDOWS\system32\xdnuepqy.exe -> Spyware.DealHelper : Cleaned with backup


::Report End

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 04, 2016, 02:35:28 AM