• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
VanL

Backdoor Agent.B Virus(trojan)

22 posts in this topic

Hi all..

Hope your day is going well. I have the Backdoor Agent.B virus and cannot remove it with Nortons. I am running Win XP home. The infected file location is: C:\WINDOWS\system32\kbdg.dll Nortons cannot delete..also says access denied. I am not very wise about these things..so any help..please make it step by step..ok?(grin) I also have the Spybot S&D and Spyware Blaster proprams. Everything seems ok as far as they are concerned. Below is my HJT log.

 

Oh yeah..I also notice that HJT cannot get rid of the popup manager listing in it's scan. I no longer even have that program. I check it off and fix but it is right back almost immediately.I am not sure that spybot listing belongs there either. I do appreciate your help so very much..thank you for your time.

 

Van

 

 

Logfile of HijackThis v1.81.1

Scan saved at 1:27:08 PM, on 7/29/2004

Platform: Windows NT 5.01.2600

MSIE version: 6.0.2800.1106

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console

O9 - Extra button: Yahoo! Login

O9 - Extra 'Tools' menuitem: Yahoo! Login

O9 - Extra button: Messenger

O9 - Extra 'Tools' menuitem: Yahoo! Messenger

O9 - Extra button: ICQ Pro

O9 - Extra 'Tools' menuitem: ICQ

O9 - Extra button: Free Surfer

O9 - Extra 'Tools' menuitem: Free Surfer

O9 - Extra button: Related

O9 - Extra 'Tools' menuitem: Show &Related Links

O9 - Extra button: Messenger

O9 - Extra 'Tools' menuitem: Messenger

O15 - Trusted Zone: http://free.aol.com

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13cbe890b89ff2061c01/...ip/RdxIE601.cab

O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7904.7258449074

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

Ok..thanks alot :-) Here is the new HJT log. Sorry about the old version before. Thank you much.

 

Van

 

Logfile of HijackThis v1.98.0

Scan saved at 2:08:38 PM, on 7/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Van Kester"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Van Kester"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13cbe890b89ff2061c01/...ip/RdxIE601.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

VanL,

 

You don't have much wrong with your computer. Only a few things to fix.

 

Open Hijack This and check the boxes next to the following:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13cbe890b89ff2061c01/...ip/RdxIE601.cab

 

Make sure all browsers and windows (including this one) are closed and hit "Fix Checked."

 

Reboot your computer into Safe Mode and delete the following files/folders. Be sure to show hidden files/folders.

 

Delete the following (some may be gone):

 

C:\WINDOWS\SYSTEM\blank.htm

C:\WINDOWS\lbbho.dll

C:\WINDOWS\system32\kbdg.dll

 

Reboot your computer and post a new Hijack This log.

Share this post


Link to post
Share on other sites

Ok Gravy Lover..

Thank you for your help. I do really appreciate it. I followed your instructions checked off the files you mentioned for HJT to fix. But of the files you wanted me to delete:

C:\WINDOWS\system\blank.htm

C:\WINDOWS\lbbho.dll

C:\WINDOWS\system32\kbdg.dll

 

I could not find first one..blank. I deleted second..but it refused to let me delete the kbdg.dll file. Said access denied. Below is the new HJT log.

 

Logfile of HijackThis v1.98.0

Scan saved at 4:50:03 PM, on 7/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

VanL,

 

Try renaming kbdg.dll to something else multiple times, for example:

 

kbdg.dll <-----> kbdg.txt

kbdg.txt <-----> file.666

file.666 <-----> bad.wmv

 

You may be able to delete it then. Try that and post a new Hijack This log.

Share this post


Link to post
Share on other sites

gravylover..

Well tried to rename the kbdg.dll file..and it simply will not let me have access to do anything. Is it Nortons that is blocking my access or what? It is getting a little discouraging now,gravy. Now what? Oh, and thank you SO MUCH for your effort. It is really appreciated I can tell you. Have a good one.

 

Van

Share this post


Link to post
Share on other sites

VanL,

 

If it won't let you rename it, try it in Safe Mode. If that doesn't work, try an Online Virus scan at http://housecall.trendmicro.com

 

Be sure to have the Auto Clean box checked off. Anything that cannot be cleaned, delete it.

 

Post a new Hijack This log after you try those.

Share this post


Link to post
Share on other sites

I was trying to delete the file in SAFE mode. Didn't work.

 

Ok..I did the Housecall online scan. I got to tell you though..I don't really have much confidence in the online virus programs. I payed good money for Nortons..and from all I've heard IT is the best program. I also had to re-enable my active X settings(I had them disabled for security). Seems like that could be risky, you know. But away we go(grin)

 

Here is the Housecall results.

JAVA BYTEVER.A in my C:\documents-settings folder.uncleanable

JAVA BYTEVER.A (cannot access)

TROJ.AGENT.BK C:\WINDOWS\system32\corelsys.dll

TROJ.AGENT.BK C:\WINDOWS\system\corelsys.dll

TROJ.STRIPAGE C:\WINDOWS\system32\dbing.dll.tcf

TROJ.STRIPAGE C:\WINDOWS\system32\ephngp.dll.tcf

TROJ.STRIPAGE C:\WINDOWS\system32\fhkif.dll.tcf

TROJ.STRIPAGE C:\WINDOWS\system32\kiei.dll.tcf

 

I did not delete any of them..didn't wan't to really monk something up, you know. It is not now looking like I don't have much wrong with my comp, huh? Have a good one.

 

Van

Share this post


Link to post
Share on other sites

VanL,

 

Go ahead and delete all of those files that housecall came up with. They are all baddies, and deleting them will only be a good thing.

Share this post


Link to post
Share on other sites

Gravylover..

I deleted all of those files except the two JAVA BYTEVER.A It seems they point to some rather important programs of mine. Here is what Housecall log shows. Sorry but it IS very long, but still thought I'd better let you see it. :-)

 

Van

 

HouseCall Scan Report

 

 

HouseCall cannot access the files listed below. Please note that there is the potential of virus infection in files HouseCall cannot scan. Contact your System Administrator for further assistance. Please note that there potential of virus infection .

 

 

--------------------------------------------------------------------------------

 

 

Report time : 2004/07/30 08:15:11

 

File Name Type Message

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdFlow.zip *van kester@ad-flow[2].txt* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdFlow1.zip *van kester@ad-flow[2].txt* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip *van kester@advertising.paltalk[1].txt* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip *related.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy.zip *FREE BonziBUDDY.url* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip *fsg_4104.exe* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk39.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk40.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk41.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk9.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip *sbRecovery.ini* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor10.zip *B_338_0_0_520700.gif* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor11.zip *cache338\B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor12.zip *B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor13.zip *cache338\B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor14.zip *B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor15.zip *cache338\B_338_0_1_501300.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor16.zip *B_338_0_1_501300.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor2.zip *cd_clint.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor5.zip *cache338\B_338_0_1_587200.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor6.zip *B_338_0_1_587200.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor7.zip *cache338\B_338_0_1_557300.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor8.zip *B_338_0_1_557300.htm* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor9.zip *cache338\B_338_0_0_520700.gif* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind.zip *BHO.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind2.zip *BHO.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip *legend.lgn* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip *upgrade.vrn* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText2.zip *rwds.rst* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText3.zip *param.ez* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText39.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText4.zip *genun.ez* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText40.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText41.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText42.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText43.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText44.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText45.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText46.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText47.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText48.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText49.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText5.zip *UNWISE.EXE* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText50.zip *eZinstall.exe* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText51.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText52.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText53.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText54.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText55.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText56.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText57.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText58.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText59.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText60.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText61.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText62.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText63.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText64.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText65.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText66.zip *basis.dst* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText67.zip *Feedback.url* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText68.zip *ezstub.exe* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText69.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText70.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText71.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText72.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText73.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText74.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText75.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText76.zip *CHCON.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText9.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINDashBar.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip *GStartup.lnk* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator10.zip *mepgh.dat* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator11.zip *Gator.log* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator13.zip *Data\User1.gud* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator15.zip *CMEIIAPI.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator16.zip *GatorPdpSetup.log* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator17.zip *Gator.log* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator18.zip *EGGCEngine.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator19.zip *CMEIIAPI.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip *meprca.dat* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator3.zip *mepcmeft.dat* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator4.zip *mepcme.dat* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator5.zip *Helper.wav* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator6.zip *FillIn.wav* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator7.zip *CMEDiagnostics.log* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator8.zip *GMT.exe.manifest* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator9.zip *GatorSupportInfo.txt* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip *Hotbar.log* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip *sbRecovery.ini* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar4.zip *reports.txt* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip *PARTNER6.DAT* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip *PARTNER5.DAT* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar10.zip *MYBAR.DLL* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip *PARTNER4.DAT* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip *PARTNER3.DAT* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar4.zip *PARTNER2.DAT* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar5.zip *MY2NS.EXE* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar6.zip *MYWAYPLUGINPROXY.CLASS* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar7.zip *PARTNER.BMP* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar8.zip *UNINSTALL.INF* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar9.zip *NPMYWAY.DLL* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet6.zip *newdotnet6_22.dll* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet9.zip *NDNuninstall4_85.exe* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix.zip *fsg_4104.exe* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\

Share this post


Link to post
Share on other sites

VanL,

 

Those files that it couldn't access are fine. They're just backups of things that Spybot S&D fixed. Don't worry about them.

 

Post a new Hijack This log for analysis so we can see what's going on.

Share this post


Link to post
Share on other sites

Ok gravylover..

Here is the new HJT log:

 

Logfile of HijackThis v1.98.0

Scan saved at 10:50:33 AM, on 7/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

VanL,

 

You seem to be clean right now, but About: Blank may come back. Set your computer clock ahead a few days, reboot and run Hijack This. Get a Hijack This log after that, then set your clock to the correct time, reboot, and post the "Log From the Future."

Share this post


Link to post
Share on other sites

Ok Gravylover..

Here is the HJT log "from the future". And again..thank you so much for all your help.

 

Van

 

Logfile of HijackThis v1.98.0

Scan saved at 11:07:41 AM, on 8/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\Program Files\Common Files\Real\Update_OB\rndal.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Downloads\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

I have noticed that the kbdg.dll file is still there..and Nortons still gives me the backdoor.agent.B virus alert. I'm gonna have to get rid of that file, aren't I? Thanks alot. Have a good one.

 

Van

Share this post


Link to post
Share on other sites

Update here:

Ok..I tried once again on the kbdg.dll file I disabled Nortons auto protect and went into the system32 folder and this time I was able to delete that file!! ALRIGHT!! I also didn't see any virus alert from Nortons while I was poking around in there. It usually pops up in there. Dare I hope? :-)

 

Van

Share this post


Link to post
Share on other sites

VanL,

 

Looks like your virus troubles are over! :D Just a few things left to do.

 

You have PowerReg Scheduler in your log. This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer, so I suggest fixing it...

 

Fix the following in Hijack This:

 

O4 - Startup: PowerReg Scheduler V3.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

Reboot your computer and post a new Hijack This log.

Share this post


Link to post
Share on other sites

Ok Gravylover..

I guess this is it..looks good, huh? Here is what I suppose will be my final HJT log. Thank you soooo very much(grin) You are an absolute saint. Thanks for sticking with me on this; I WAS getting a bit discouraged there toward the end. I hope the other person who had this SAME problem and posted here, is reading our thread. I told them to follow this thread...and we both could maybe find a solution. :-) Again..I thank you for your time and knowledge in all this. Have a good one, Gravy.

 

Van

 

Logfile of HijackThis v1.98.0

Scan saved at 2:53:20 PM, on 7/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

C:\Downloads\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [iPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.securewebs.com:8163/Java/cs4ms090.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

VanL,

 

:) Congratulations, you're clean.

 

To prevent re-infection, I suggest the program Spywareblaster, available here:

http://www.javacoolsoftware.com/spywareblaster.html

And to stop yourself from being redirected to any sites that download spyware, I suggest IE-Spyad, which is available here:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

That adds many websites to your restricted sites list.

Also, TonyKlein offers some good answers in his post:

So How Did I Get Infected in the First Place?

 

Happy surfing!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0