Tech Support Forum - View Single Post - got some weird program that won't go away

Snake_2990 · 03-03-2006, 02:38 PM

i use firefox and it would download files to my downloads folder and when i moved it it wouldn't work so i used internet explorer and had it downloaded straight to the desktop and it worked perfectly fine. I don't know why it didn't work before. anyway here's the fix log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mteccpni

*******************

Script file located at: \??\C:\Documents and Settings\fkpftwyy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\l074.exe deleted successfully.
File C:\winsysban12.exe deleted successfully.
File C:\WINDOWS\system32\dgfgql.exe deleted successfully.
File C:\WINDOWS\SYSC00.exe deleted successfully.
File C:\windows\eee2.exe deleted successfully.
File C:\WINDOWS\system32\klsx9e.exe deleted successfully.
File C:\winsysupd12.exe deleted successfully.

File C:\WINDOWS\win3207322129673.exe not found!
Deletion of file C:\WINDOWS\win3207322129673.exe failed!

Could not process line:
C:\WINDOWS\win3207322129673.exe
Status: 0xc0000034

File C:\WINDOWS\system32\loadadv64 deleted successfully.
File C:\gimmygames12.exe deleted successfully.

File C:\WINDOWS\system32\wdc1n.dll not found!
Deletion of file C:\WINDOWS\system32\wdc1n.dll failed!

Could not process line:
C:\WINDOWS\system32\wdc1n.dll
Status: 0xc0000034

File C:\WINDOWS\system32\eab.dll not found!
Deletion of file C:\WINDOWS\system32\eab.dll failed!

Could not process line:
C:\WINDOWS\system32\eab.dll
Status: 0xc0000034

File C:\WINDOWS\system32\repairs303169536.dll not found!
Deletion of file C:\WINDOWS\system32\repairs303169536.dll failed!

Could not process line:
C:\WINDOWS\system32\repairs303169536.dll
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll not found!
Deletion of file C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll failed!

Could not process line:
C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Cookies\pre-install@hotstarscoop[1].txt deleted successfully.

Could not open file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006 for deletion
Deletion of file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006 failed!

Could not process line:
C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006
Status: 0xc0000033

Could not open file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006 for deletion
Deletion of file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006 failed!

Could not process line:
C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006
Status: 0xc0000033

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\rmtag3[2].js deleted successfully.
File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\o[1].css deleted successfully.

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\isearch[1].htm deleted successfully.

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3 not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3 failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm not found!
Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm failed!

Could not process line:
C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm
Status: 0xc0000034

File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\WDYB85Q3\Ali_Landry[1].htm deleted successfully.
File C:\WINDOWS\ms046733221292006.exe deleted successfully.

Folder C:\Program Files\webHancer not found!
Deletion of folder C:\Program Files\webHancer failed!

Could not process line:
C:\Program Files\webHancer
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Classes\Fseytdc.Ariaqudok deleted successfully.
Registry key HKLM\SOFTWARE\Classes\Fseytdc.Ariaqudok.1 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:37:05 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\mousepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\pre-install\My Documents\Jeff's Stuff\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\PRE-IN~1\MYDOCU~1\JEFF'S~1\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB003" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [strtas] l074.exe
O4 - HKLM\..\RunServices: [strtas] l074.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [strtas] l074.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MBNCTF - Unknown owner - C:\DOCUME~1\PRE-IN~1\LOCALS~1\Temp\MBNCTF.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

^certain things are coming back.

03-03-2006, 02:38 PM	#16 (permalink)
Snake_2990 Registered User Join Date: Jul 2004 Posts: 53 OS: XP	i use firefox and it would download files to my downloads folder and when i moved it it wouldn't work so i used internet explorer and had it downloaded straight to the desktop and it worked perfectly fine. I don't know why it didn't work before. anyway here's the fix log Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mteccpni ***************** Script file located at: \??\C:\Documents and Settings\fkpftwyy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\l074.exe deleted successfully. File C:\winsysban12.exe deleted successfully. File C:\WINDOWS\system32\dgfgql.exe deleted successfully. File C:\WINDOWS\SYSC00.exe deleted successfully. File C:\windows\eee2.exe deleted successfully. File C:\WINDOWS\system32\klsx9e.exe deleted successfully. File C:\winsysupd12.exe deleted successfully. File C:\WINDOWS\win3207322129673.exe not found! Deletion of file C:\WINDOWS\win3207322129673.exe failed! Could not process line: C:\WINDOWS\win3207322129673.exe Status: 0xc0000034 File C:\WINDOWS\system32\loadadv64 deleted successfully. File C:\gimmygames12.exe deleted successfully. File C:\WINDOWS\system32\wdc1n.dll not found! Deletion of file C:\WINDOWS\system32\wdc1n.dll failed! Could not process line: C:\WINDOWS\system32\wdc1n.dll Status: 0xc0000034 File C:\WINDOWS\system32\eab.dll not found! Deletion of file C:\WINDOWS\system32\eab.dll failed! Could not process line: C:\WINDOWS\system32\eab.dll Status: 0xc0000034 File C:\WINDOWS\system32\repairs303169536.dll not found! Deletion of file C:\WINDOWS\system32\repairs303169536.dll failed! Could not process line: C:\WINDOWS\system32\repairs303169536.dll Status: 0xc0000034 File C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll not found! Deletion of file C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll failed! Could not process line: C:\Documents and Settings\pre-install\Application Data\Sskuknwrd.dll Status: 0xc0000034 File C:\Documents and Settings\pre-install\Cookies\pre-install@hotstarscoop[1].txt deleted successfully. Could not open file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006 for deletion Deletion of file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006 failed! Could not process line: C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[1].txt 3/1/2006 Status: 0xc0000033 Could not open file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006 for deletion Deletion of file C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006 failed! Could not process line: C:\Documents and Settings\pre-install\Cookies\pre-install@mbop[2].txt 3/1/2006 Status: 0xc0000033 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\isearch[1].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\016BODQJ\rmtag3[2].js deleted successfully. File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\o[1].css deleted successfully. File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[1].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\C5QRO5YR\search[2].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\isearch[1].htm deleted successfully. File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[1].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3 not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3 failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[2].htm 3 Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[3].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm not found! Deletion of file C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm failed! Could not process line: C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\GDQJSDI7\search[4].htm Status: 0xc0000034 File C:\Documents and Settings\pre-install\Local Settings\Temporary Internet Files\Content.IE5\WDYB85Q3\Ali_Landry[1].htm deleted successfully. File C:\WINDOWS\ms046733221292006.exe deleted successfully. Folder C:\Program Files\webHancer not found! Deletion of folder C:\Program Files\webHancer failed! Could not process line: C:\Program Files\webHancer Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Fseytdc.Ariaqudok deleted successfully. Registry key HKLM\SOFTWARE\Classes\Fseytdc.Ariaqudok.1 deleted successfully. Completed script processing. ***************** Finished! Terminate. hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 2:37:05 PM, on 3/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\mousepad.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\pre-install\My Documents\Jeff's Stuff\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\PRE-IN~1\MYDOCU~1\JEFF'S~1\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB003" /M "Stylus Photo R800" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe O4 - HKLM\..\Run: [strtas] l074.exe O4 - HKLM\..\RunServices: [strtas] l074.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [strtas] l074.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: MBNCTF - Unknown owner - C:\DOCUME~1\PRE-IN~1\LOCALS~1\Temp\MBNCTF.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ^certain things are coming back.