Jump to content


Photo

Backdoor Agent.B Virus(trojan)


  • Please log in to reply
21 replies to this topic

#1 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 29 July 2004 - 03:57 PM

Hi all..
Hope your day is going well. I have the Backdoor Agent.B virus and cannot remove it with Nortons. I am running Win XP home. The infected file location is: C:\WINDOWS\system32\kbdg.dll Nortons cannot delete..also says access denied. I am not very wise about these things..so any help..please make it step by step..ok?(grin) I also have the Spybot S&D and Spyware Blaster proprams. Everything seems ok as far as they are concerned. Below is my HJT log.

Oh yeah..I also notice that HJT cannot get rid of the popup manager listing in it's scan. I no longer even have that program. I check it off and fix but it is right back almost immediately.I am not sure that spybot listing belongs there either. I do appreciate your help so very much..thank you for your time.

Van


Logfile of HijackThis v1.81.1
Scan saved at 1:27:08 PM, on 7/29/2004
Platform: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console
O9 - Extra button: Yahoo! Login
O9 - Extra 'Tools' menuitem: Yahoo! Login
O9 - Extra button: Messenger
O9 - Extra 'Tools' menuitem: Yahoo! Messenger
O9 - Extra button: ICQ Pro
O9 - Extra 'Tools' menuitem: ICQ
O9 - Extra button: Free Surfer
O9 - Extra 'Tools' menuitem: Free Surfer
O9 - Extra button: Related
O9 - Extra 'Tools' menuitem: Show &Related Links
O9 - Extra button: Messenger
O9 - Extra 'Tools' menuitem: Messenger
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yaho...rod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7904.7258449074
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...alls/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#2 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 29 July 2004 - 04:01 PM

Hello VanL, and welcome to the forums.

Your version of Hijack This is outdated. Please download the latest version, Version 1.98.0, available here:
http://www.downloads.../hijackthis.zip

Replace your current version and post a new Hijack This log.

#3 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 29 July 2004 - 04:12 PM

Ok..thanks alot :-) Here is the new HJT log. Sorry about the old version before. Thank you much.

Van

Logfile of HijackThis v1.98.0
Scan saved at 2:08:38 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Van Kester"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Van Kester"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#4 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 29 July 2004 - 04:40 PM

VanL,

You don't have much wrong with your computer. Only a few things to fix.

Open Hijack This and check the boxes next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

Make sure all browsers and windows (including this one) are closed and hit "Fix Checked."

Reboot your computer into Safe Mode and delete the following files/folders. Be sure to show hidden files/folders.

Delete the following (some may be gone):

C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\lbbho.dll
C:\WINDOWS\system32\kbdg.dll

Reboot your computer and post a new Hijack This log.

#5 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 29 July 2004 - 07:01 PM

Ok Gravy Lover..
Thank you for your help. I do really appreciate it. I followed your instructions checked off the files you mentioned for HJT to fix. But of the files you wanted me to delete:
C:\WINDOWS\system\blank.htm
C:\WINDOWS\lbbho.dll
C:\WINDOWS\system32\kbdg.dll

I could not find first one..blank. I deleted second..but it refused to let me delete the kbdg.dll file. Said access denied. Below is the new HJT log.

Logfile of HijackThis v1.98.0
Scan saved at 4:50:03 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#6 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 29 July 2004 - 08:30 PM

Just bumping..so Gravy Lover doesn't lose track of this thread. :-)

VanL

#7 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 29 July 2004 - 09:00 PM

VanL,

Try renaming kbdg.dll to something else multiple times, for example:

kbdg.dll <-----> kbdg.txt
kbdg.txt <-----> file.666
file.666 <-----> bad.wmv

You may be able to delete it then. Try that and post a new Hijack This log.

#8 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 29 July 2004 - 10:58 PM

gravylover..
Well tried to rename the kbdg.dll file..and it simply will not let me have access to do anything. Is it Nortons that is blocking my access or what? It is getting a little discouraging now,gravy. Now what? Oh, and thank you SO MUCH for your effort. It is really appreciated I can tell you. Have a good one.

Van

#9 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 09:14 AM

Bump up

#10 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 30 July 2004 - 09:27 AM

VanL,

If it won't let you rename it, try it in Safe Mode. If that doesn't work, try an Online Virus scan at http://housecall.trendmicro.com

Be sure to have the Auto Clean box checked off. Anything that cannot be cleaned, delete it.

Post a new Hijack This log after you try those.

#11 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 11:27 AM

I was trying to delete the file in SAFE mode. Didn't work.

Ok..I did the Housecall online scan. I got to tell you though..I don't really have much confidence in the online virus programs. I payed good money for Nortons..and from all I've heard IT is the best program. I also had to re-enable my active X settings(I had them disabled for security). Seems like that could be risky, you know. But away we go(grin)

Here is the Housecall results.
JAVA BYTEVER.A in my C:\documents-settings folder.uncleanable
JAVA BYTEVER.A (cannot access)
TROJ.AGENT.BK C:\WINDOWS\system32\corelsys.dll
TROJ.AGENT.BK C:\WINDOWS\system\corelsys.dll
TROJ.STRIPAGE C:\WINDOWS\system32\dbing.dll.tcf
TROJ.STRIPAGE C:\WINDOWS\system32\ephngp.dll.tcf
TROJ.STRIPAGE C:\WINDOWS\system32\fhkif.dll.tcf
TROJ.STRIPAGE C:\WINDOWS\system32\kiei.dll.tcf

I did not delete any of them..didn't wan't to really monk something up, you know. It is not now looking like I don't have much wrong with my comp, huh? Have a good one.

Van

#12 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 30 July 2004 - 11:44 AM

VanL,

Go ahead and delete all of those files that housecall came up with. They are all baddies, and deleting them will only be a good thing.

#13 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 12:34 PM

Gravylover..
I deleted all of those files except the two JAVA BYTEVER.A It seems they point to some rather important programs of mine. Here is what Housecall log shows. Sorry but it IS very long, but still thought I'd better let you see it. :-)

Van

HouseCall Scan Report


HouseCall cannot access the files listed below. Please note that there is the potential of virus infection in files HouseCall cannot scan. Contact your System Administrator for further assistance. Please note that there potential of virus infection .


--------------------------------------------------------------------------------


Report time : 2004/07/30 08:15:11

File Name Type Message
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdFlow.zip *van kester@ad-flow[2].txt* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdFlow1.zip *van kester@ad-flow[2].txt* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip *van kester@advertising.paltalk[1].txt* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip *related.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy.zip *FREE BonziBUDDY.url* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonExtensionhijack1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip *fsg_4104.exe* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk39.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk40.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk41.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchk9.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchmshp8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor.zip *sbRecovery.ini* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor10.zip *B_338_0_0_520700.gif* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor11.zip *cache338\B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor12.zip *B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor13.zip *cache338\B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor14.zip *B_338_2_1_559500.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor15.zip *cache338\B_338_0_1_501300.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor16.zip *B_338_0_1_501300.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor2.zip *cd_clint.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor5.zip *cache338\B_338_0_1_587200.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor6.zip *B_338_0_1_587200.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor7.zip *cache338\B_338_0_1_557300.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor8.zip *B_338_0_1_557300.htm* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Cydoor9.zip *cache338\B_338_0_0_520700.gif* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind.zip *BHO.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eUniverseIncrediFind2.zip *BHO.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip *legend.lgn* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip *upgrade.vrn* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText2.zip *rwds.rst* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText3.zip *param.ez* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText39.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText4.zip *genun.ez* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText40.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText41.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText42.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText43.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText44.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText45.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText46.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText47.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText48.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText49.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText5.zip *UNWISE.EXE* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText50.zip *eZinstall.exe* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText51.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText52.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText53.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText54.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText55.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText56.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText57.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText58.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText59.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText60.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText61.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText62.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText63.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText64.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText65.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText66.zip *basis.dst* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText67.zip *Feedback.url* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText68.zip *ezstub.exe* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText69.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText70.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText71.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText72.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText73.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText74.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText75.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText76.zip *CHCON.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText9.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINDashBar.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GAINGator.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip *GStartup.lnk* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator10.zip *mepgh.dat* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator11.zip *Gator.log* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator13.zip *Data\User1.gud* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator15.zip *CMEIIAPI.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator16.zip *GatorPdpSetup.log* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator17.zip *Gator.log* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator18.zip *EGGCEngine.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator19.zip *CMEIIAPI.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip *meprca.dat* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator3.zip *mepcmeft.dat* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator4.zip *mepcme.dat* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator5.zip *Helper.wav* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator6.zip *FillIn.wav* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator7.zip *CMEDiagnostics.log* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator8.zip *GMT.exe.manifest* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator9.zip *GatorSupportInfo.txt* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar.zip *Hotbar.log* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar2.zip *sbRecovery.ini* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hotbar4.zip *reports.txt* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\KeenValuePerfectNav4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip *PARTNER6.DAT* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar1.zip *PARTNER5.DAT* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar10.zip *MYBAR.DLL* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar2.zip *PARTNER4.DAT* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar23.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar24.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar25.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar26.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar27.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar28.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar29.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar3.zip *PARTNER3.DAT* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar30.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar31.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar32.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar33.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar34.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar35.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar36.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar37.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar38.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar4.zip *PARTNER2.DAT* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar5.zip *MY2NS.EXE* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar6.zip *MYWAYPLUGINPROXY.CLASS* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar7.zip *PARTNER.BMP* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar8.zip *UNINSTALL.INF* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar9.zip *NPMYWAY.DLL* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet6.zip *newdotnet6_22.dll* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet8.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Newnet9.zip *NDNuninstall4_85.exe* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix.zip *fsg_4104.exe* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spex2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater1.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater10.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater11.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater12.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater13.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater14.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater15.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater16.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater17.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater18.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater19.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater2.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater20.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater21.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater22.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater3.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater4.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater5.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater6.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater7.zip *sbRecovery.reg* File Fail to scan file (-92,The compressed file is password protected)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\

#14 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 30 July 2004 - 12:48 PM

VanL,

Those files that it couldn't access are fine. They're just backups of things that Spybot S&D fixed. Don't worry about them.

Post a new Hijack This log for analysis so we can see what's going on.

#15 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 12:52 PM

Ok gravylover..
Here is the new HJT log:

Logfile of HijackThis v1.98.0
Scan saved at 10:50:33 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#16 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 30 July 2004 - 12:57 PM

VanL,

You seem to be clean right now, but About: Blank may come back. Set your computer clock ahead a few days, reboot and run Hijack This. Get a Hijack This log after that, then set your clock to the correct time, reboot, and post the "Log From the Future."

#17 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 01:10 PM

Ok Gravylover..
Here is the HJT log "from the future". And again..thank you so much for all your help.

Van

Logfile of HijackThis v1.98.0
Scan saved at 11:07:41 AM, on 8/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Downloads\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#18 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 01:16 PM

I have noticed that the kbdg.dll file is still there..and Nortons still gives me the backdoor.agent.B virus alert. I'm gonna have to get rid of that file, aren't I? Thanks alot. Have a good one.

Van

#19 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 01:26 PM

Update here:
Ok..I tried once again on the kbdg.dll file I disabled Nortons auto protect and went into the system32 folder and this time I was able to delete that file!! ALRIGHT!! I also didn't see any virus alert from Nortons while I was poking around in there. It usually pops up in there. Dare I hope? :-)

Van

#20 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 30 July 2004 - 01:35 PM

VanL,

Looks like your virus troubles are over! :D Just a few things left to do.

You have PowerReg Scheduler in your log. This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer, so I suggest fixing it...

Fix the following in Hijack This:

O4 - Startup: PowerReg Scheduler V3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Reboot your computer and post a new Hijack This log.

#21 VanL

VanL

    Member

  • Full Member
  • Pip
  • 44 posts

Posted 30 July 2004 - 05:03 PM

Ok Gravylover..
I guess this is it..looks good, huh? Here is what I suppose will be my final HJT log. Thank you soooo very much(grin) You are an absolute saint. Thanks for sticking with me on this; I WAS getting a bit discouraged there toward the end. I hope the other person who had this SAME problem and posted here, is reading our thread. I told them to follow this thread...and we both could maybe find a solution. :-) Again..I thank you for your time and knowledge in all this. Have a good one, Gravy.

Van

Logfile of HijackThis v1.98.0
Scan saved at 2:53:20 PM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Downloads\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\WinCDG Pro 2\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://chatsite.secu...va/cs4ms090.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#22 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 31 July 2004 - 11:09 AM

VanL,

:) Congratulations, you're clean.

To prevent re-infection, I suggest the program Spywareblaster, available here:
http://www.javacools...areblaster.html
And to stop yourself from being redirected to any sites that download spyware, I suggest IE-Spyad, which is available here:
https://netfiles.uiu...ww/resource.htm
That adds many websites to your restricted sites list.
Also, TonyKlein offers some good answers in his post:
So How Did I Get Infected in the First Place?

Happy surfing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button