Alright,
I think everything has been taken care of. That Ewido Security softeware is great. It started detecting everything as soon as I installed it. And it had no problems taking care of the infected files!
The only thing that I can tell right now is that my trendmicro isn't working properly. It won't update. It's not detecting the adw_searchaid.a anymore.
So the questions are... Is the Ewido Security conflicting with trendmicro? Should I uninstall Ewido now or is Ewido better than trend micro? The answer better be no because I just bought and installed trendmicro. But as far as I can tell it must be better because of the miracles it just preformed.
Here are a couple of things that happend while using your instructions:
When typing in the "weird" letters in the pop up box in the NSS box a message came up saying "Service weird letters was not found in the registry. Make sure you entered the shortname service., vbExclamation.
Then, I only had 6 of the 15 paths you asked me to delete using the HiJack this program.
When running Cleanup! the "Delete Prefetch files" option was greyed out and unavailable to select.
So, including the part from my last thread regarding the NSS messages does any of this make any difference?
Here are my report logs. The only one I don't have is the "online scan" because I was unsure which scan you were referring to. There are 2 Ewido reports because I accidently skipped cleaning 2 infected files and went back and cleaned them.
******************************************
Logfile of HijackThis v1.99.1
Scan saved at 6:50:08 PM, on 7/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F0B1D569-2C0E-BD75-282F-715116D9131A} - C:\WINNT\iezi32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SSC_UserPrompt] - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
************************************************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:42:35 PM, 7/17/2005
+ Report-Checksum: C84E2254
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{0E561666-F4B5-BA9C-AC2C-2188C8BABE0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Ignored
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD0FD544-5710-E7D8-7CDF-35F3B6A22A9A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F61C6A80-6232-DD79-A5DA-0C16D4A99041} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
C:\Program Files\backups\backup-20050717-175207-163.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\addfx32.exe -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\apiug32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\appyd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\appzi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\atlco32.exe -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\atles32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\ciprs.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\crcc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\crts.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\d3eh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\d3xr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\hobvh.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\iezi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\ipvh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\javajo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\javaqt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\netxr32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\ntmf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\rinuj.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\syser.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32:nuaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINNT\system32\d3bw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\ekves.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\system32\lrkto.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\system32\msos32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\netih32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\netwr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\ntpr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\oleadm.dll -> Trojan.Agent.eq : Cleaned with backup
C:\WINNT\system32\qamnx.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\system32\sdkim32.exe -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\system32\sdkkw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\sdkza.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\windy32.exe -> Trojan.Agent.em : Cleaned with backup
C:\WINNT\system32\wzbge.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\uninstIU.exe -> Trojan.Agent.eo : Cleaned with backup
C:\WINNT\winbh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_delis32.ini:ahfszs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_delis32.ini:dcnmw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_delis32.ini:gkymao -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_delis32.ini:kffvey -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_delis32.ini:wtnzju -> TrojanDownloader.Agent.bq : Cleaned with backup
::Report End
***************************************************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:43:32 PM, 7/17/2005
+ Report-Checksum: 6F95EE00
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{0E561666-F4B5-BA9C-AC2C-2188C8BABE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
::Report End
**************************************************
AboutBuster 5.0 reference file 30
Scan started on [7/17/2005] at [5:54:10 PM]
------------------------------------------------
Removed Stream! C:\WINNT\Blue Lace 16.bmp:oqmczu
Removed Stream! C:\WINNT\dahotfix.log:rsqvvo
Removed Stream! C:\WINNT\folder.htt:vvmmem
Removed Stream! C:\WINNT\imsins.BAK:gopfbz
Removed Stream! C:\WINNT\KB329115.log:fnodiy
Removed Stream! C:\WINNT\KB823182.log:xohjcj
Removed Stream! C:\WINNT\KB839643.log:mswnnr
Removed Stream! C:\WINNT\KB840987.log:fthbqu
Removed Stream! C:\WINNT\KB841533.log:hrvgxk
Removed Stream! C:\WINNT\KB871250.log:asnmru
Removed Stream! C:\WINNT\KB885836.log:ahsad
Removed Stream! C:\WINNT\KB890175.log:nvenlh
Removed Stream! C:\WINNT\msmqprop.log:nyjoir
Removed Stream! C:\WINNT\OEWABLog.txt:wlttab
Removed Stream! C:\WINNT\win.ini:jjfiyc
Removed Stream! C:\WINNT\WMSysPr9.prx:mdibup
Removed Stream! C:\WINNT\_delis32.ini:emzmlp
Removed Stream! C:\WINNT\_delis32.ini:erjejm
Removed Stream! C:\WINNT\_delis32.ini:gilzxx
Removed Stream! C:\WINNT\_delis32.ini:igvmfi
Removed Stream! C:\WINNT\_delis32.ini:lskomh
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:54:12 PM
AboutBuster 5.0 reference file 30
Scan started on [7/17/2005] at [5:54:54 PM]
------------------------------------------------
Removed Stream! C:\WINNT\_delis32.ini:mlohrn
Removed Stream! C:\WINNT\_delis32.ini:oknyyl
Removed Stream! C:\WINNT\_delis32.ini:semqcn
Removed Stream! C:\WINNT\_delis32.ini:tpflnz
Removed Stream! C:\WINNT\_delis32.ini:xfsgsx
Removed Stream! C:\WINNT\_delis32.ini:yjeeri
Removed Stream! C:\WINNT\_delis32.ini:yvvmsl
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:54:55 PM
AboutBuster 5.0 reference file 30
Scan started on [7/17/2005] at [6:07:07 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:07:09 PM
*******************************************************
So, that's all I've got for now. I'm off on business and if I find a computer and internet, I'll check in to see what you've got to say!
Thanks again for all of your help and I definetly will donate!!
YOUR THE BEST!!