I have no idea whats going on...

**Son of Pern** · 28-08-2004

Removed! : C:\WINDOWS\System32\abppa.dat
Removed! : C:\WINDOWS\System32\addyd.exe
Removed! : C:\WINDOWS\System32\addzf.exe
Removed! : C:\WINDOWS\System32\adxdb.dat
Removed! : C:\WINDOWS\System32\amaxt.dat
Removed! : C:\WINDOWS\System32\anqjv.dat
Removed! : C:\WINDOWS\System32\apijm.exe
Removed! : C:\WINDOWS\System32\apinz.exe
Removed! : C:\WINDOWS\System32\apiqy32.exe
Removed! : C:\WINDOWS\System32\apitc32.exe
Removed! : C:\WINDOWS\System32\apiuq32.exe
Removed! : C:\WINDOWS\System32\appaw.exe
Removed! : C:\WINDOWS\System32\appbc32.exe
Removed! : C:\WINDOWS\System32\applo32.exe
Removed! : C:\WINDOWS\System32\appts.exe
Removed! : C:\WINDOWS\System32\appwo32.exe
Removed! : C:\WINDOWS\System32\aqlty.dat
Removed! : C:\WINDOWS\System32\atlix.exe
Removed! : C:\WINDOWS\System32\atlwq32.exe
Removed! : C:\WINDOWS\System32\atlwu.exe
Removed! : C:\WINDOWS\System32\axpde.dat
Removed! : C:\WINDOWS\System32\ayffy.dat
Removed! : C:\WINDOWS\System32\baliu.dat
Removed! : C:\WINDOWS\System32\bcfed.dat
Removed! : C:\WINDOWS\System32\bjqni.dat
Removed! : C:\WINDOWS\System32\bkpzz.dat
Removed! : C:\WINDOWS\System32\bmeav.dat
Removed! : C:\WINDOWS\System32\brcbe.dat
Removed! : C:\WINDOWS\System32\brnsz.dat
Removed! : C:\WINDOWS\System32\bvish.dat
Removed! : C:\WINDOWS\System32\bwqnu.dat
Removed! : C:\WINDOWS\System32\byede.dat
Removed! : C:\WINDOWS\System32\ccaub.dat
Removed! : C:\WINDOWS\System32\cceem.dat
Removed! : C:\WINDOWS\System32\cgdwk.dat
Removed! : C:\WINDOWS\System32\chtyw.dat
Removed! : C:\WINDOWS\System32\ciutg.dat
Removed! : C:\WINDOWS\System32\cixyw.dat
Removed! : C:\WINDOWS\System32\cjwac.dat
Removed! : C:\WINDOWS\System32\cpoat.dat
Removed! : C:\WINDOWS\System32\cqnls.dat
Removed! : C:\WINDOWS\System32\cqpvd.dat
Removed! : C:\WINDOWS\System32\crak32.exe
Removed! : C:\WINDOWS\System32\craw.exe
Removed! : C:\WINDOWS\System32\crbm.exe
Removed! : C:\WINDOWS\System32\cwhzv.dat
Removed! : C:\WINDOWS\System32\d3hw32.exe
Removed! : C:\WINDOWS\System32\d3rw32.exe
Removed! : C:\WINDOWS\System32\d3ve.exe
Removed! : C:\WINDOWS\System32\dbtop.dat
Removed! : C:\WINDOWS\System32\dcope.dat
Removed! : C:\WINDOWS\System32\deaeh.dat
Removed! : C:\WINDOWS\System32\devkx.dat
Removed! : C:\WINDOWS\System32\dipik.dat
Removed! : C:\WINDOWS\System32\djlic.dat
Removed! : C:\WINDOWS\System32\dlnwj.dat
Removed! : C:\WINDOWS\System32\drvit.dat
Removed! : C:\WINDOWS\System32\dslmf.dat
Removed! : C:\WINDOWS\System32\dsndr.dat
Removed! : C:\WINDOWS\System32\dtmuh.dat
Removed! : C:\WINDOWS\System32\dvivl.dat
Removed! : C:\WINDOWS\System32\dzawq.dat
Removed! : C:\WINDOWS\System32\dzevc.dat
Removed! : C:\WINDOWS\System32\ecajy.dat
Removed! : C:\WINDOWS\System32\edgyj.dat
Removed! : C:\WINDOWS\System32\edkrm.dat
Removed! : C:\WINDOWS\System32\eemhq.dat
Removed! : C:\WINDOWS\System32\eikac.dat
Removed! : C:\WINDOWS\System32\ejffl.dat
Removed! : C:\WINDOWS\System32\ekpua.dat
Removed! : C:\WINDOWS\System32\epujv.dat
Removed! : C:\WINDOWS\System32\eqjgc.dat
Removed! : C:\WINDOWS\System32\erfqt.dat
Removed! : C:\WINDOWS\System32\eufnj.dat
Removed! : C:\WINDOWS\System32\exmzh.dat
Removed! : C:\WINDOWS\System32\fayce.dat
Removed! : C:\WINDOWS\System32\fbdia.dat
Removed! : C:\WINDOWS\System32\fbrng.dat
Removed! : C:\WINDOWS\System32\fclvr.dat
Removed! : C:\WINDOWS\System32\ffigw.dat
Removed! : C:\WINDOWS\System32\ffyma.dat
Removed! : C:\WINDOWS\System32\fhtbs.dat
Removed! : C:\WINDOWS\System32\fkuia.dat
Removed! : C:\WINDOWS\System32\fmbst.dat
Removed! : C:\WINDOWS\System32\fmpap.dat
Removed! : C:\WINDOWS\System32\fnsht.dat
Removed! : C:\WINDOWS\System32\fomch.dat
Removed! : C:\WINDOWS\System32\fqkkf.dat
Removed! : C:\WINDOWS\System32\fqwdl.dat
Removed! : C:\WINDOWS\System32\ftexy.dat
Removed! : C:\WINDOWS\System32\fvcmz.dat
Removed! : C:\WINDOWS\System32\fwzrn.dat
Removed! : C:\WINDOWS\System32\fxkdd.dat
Removed! : C:\WINDOWS\System32\fyklq.dat
Removed! : C:\WINDOWS\System32\gaawu.dat
Removed! : C:\WINDOWS\System32\***dc.dat
Removed! : C:\WINDOWS\System32\gbaxo.dat
Removed! : C:\WINDOWS\System32\gckzg.dat
Removed! : C:\WINDOWS\System32\gfheu.dat
Removed! : C:\WINDOWS\System32\ggcyw.dat
Removed! : C:\WINDOWS\System32\ginuj.dat
Removed! : C:\WINDOWS\System32\gjors.dat
Removed! : C:\WINDOWS\System32\gmmci.dat
Removed! : C:\WINDOWS\System32\gqixi.dat
Removed! : C:\WINDOWS\System32\gqpnt.dat
Removed! : C:\WINDOWS\System32\gxhmw.dat
Removed! : C:\WINDOWS\System32\hatki.dat
Removed! : C:\WINDOWS\System32\hdcmn.dat
Removed! : C:\WINDOWS\System32\hfstu.dat
Removed! : C:\WINDOWS\System32\hmnvr.dat
Removed! : C:\WINDOWS\System32\hqgby.dat
Removed! : C:\WINDOWS\System32\hufkq.dat
Removed! : C:\WINDOWS\System32\huibg.dat
Removed! : C:\WINDOWS\System32\hxzbz.dat
Removed! : C:\WINDOWS\System32\hydon.dat
Removed! : C:\WINDOWS\System32\hyjlo.dat
Removed! : C:\WINDOWS\System32\hynyw.dat
Removed! : C:\WINDOWS\System32\ibwht.dat
Removed! : C:\WINDOWS\System32\ieas32.exe
Removed! : C:\WINDOWS\System32\ienb32.exe
Removed! : C:\WINDOWS\System32\iepv.exe
Removed! : C:\WINDOWS\System32\ierqb.dat
Removed! : C:\WINDOWS\System32\ieuk.exe
Removed! : C:\WINDOWS\System32\igrej.dat
Removed! : C:\WINDOWS\System32\igsen.dat
Removed! : C:\WINDOWS\System32\ihbit.dat
Removed! : C:\WINDOWS\System32\ikbwc.dat
Removed! : C:\WINDOWS\System32\ikqfw.dat
Removed! : C:\WINDOWS\System32\ipbl32.exe
Removed! : C:\WINDOWS\System32\ipel.exe
Removed! : C:\WINDOWS\System32\ipfe32.exe
Removed! : C:\WINDOWS\System32\ipkv32.exe
Removed! : C:\WINDOWS\System32\ipzo.exe
Removed! : C:\WINDOWS\System32\isiwb.dat
Removed! : C:\WINDOWS\System32\iwmva.dat
Removed! : C:\WINDOWS\System32\jaodu.dat
Removed! : C:\WINDOWS\System32\javaaq.exe
Removed! : C:\WINDOWS\System32\javafg32.exe
Removed! : C:\WINDOWS\System32\javajh32.exe
Removed! : C:\WINDOWS\System32\javalf.exe
Removed! : C:\WINDOWS\System32\javamz.exe
Removed! : C:\WINDOWS\System32\javanf.exe
Removed! : C:\WINDOWS\System32\javasy.exe
Removed! : C:\WINDOWS\System32\jcllc.dat
Removed! : C:\WINDOWS\System32\jeecr.dat
Removed! : C:\WINDOWS\System32\jfthh.dat
Removed! : C:\WINDOWS\System32\jjboo.dat
Removed! : C:\WINDOWS\System32\jkgiv.dat
Removed! : C:\WINDOWS\System32\jmore.dat
Removed! : C:\WINDOWS\System32\jnjqq.dat
Removed! : C:\WINDOWS\System32\jpdio.dat
Removed! : C:\WINDOWS\System32\jpgre.dat
Removed! : C:\WINDOWS\System32\jpijh.dat
Removed! : C:\WINDOWS\System32\jpjzk.dat
Removed! : C:\WINDOWS\System32\jvnzc.dat
Removed! : C:\WINDOWS\System32\jvuuy.dat
Removed! : C:\WINDOWS\System32\jwxkw.dat
Removed! : C:\WINDOWS\System32\kdfly.dat
Removed! : C:\WINDOWS\System32\kdrxt.dat
Removed! : C:\WINDOWS\System32\kggey.dat
Removed! : C:\WINDOWS\System32\kjuxr.dat
Removed! : C:\WINDOWS\System32\kmhyr.dat
Removed! : C:\WINDOWS\System32\kmiab.dat
Removed! : C:\WINDOWS\System32\knlfi.dat
Removed! : C:\WINDOWS\System32\knsnd.dat
Removed! : C:\WINDOWS\System32\kojgq.dat
Removed! : C:\WINDOWS\System32\kpgjs.dat
Removed! : C:\WINDOWS\System32\krsky.dat
Removed! : C:\WINDOWS\System32\kvelo.dat
Removed! : C:\WINDOWS\System32\kvjjg.dat
Removed! : C:\WINDOWS\System32\kyneu.dll
Removed! : C:\WINDOWS\System32\kzjjv.dat
Removed! : C:\WINDOWS\System32\lajap.dat
Removed! : C:\WINDOWS\System32\lcknv.dat
Removed! : C:\WINDOWS\System32\lcwqz.dat
Removed! : C:\WINDOWS\System32\lhshc.dat
Removed! : C:\WINDOWS\System32\liniw.dat
Removed! : C:\WINDOWS\System32\llgae.dat
Removed! : C:\WINDOWS\System32\llvmd.dat
Removed! : C:\WINDOWS\System32\llvop.dat
Removed! : C:\WINDOWS\System32\lnpnb.dat
Removed! : C:\WINDOWS\System32\lowkd.dat
Removed! : C:\WINDOWS\System32\lpqzo.dat
Removed! : C:\WINDOWS\System32\lpysb.dat
Removed! : C:\WINDOWS\System32\lqssv.dat
Removed! : C:\WINDOWS\System32\lrofy.dat
Removed! : C:\WINDOWS\System32\lsoeg.dat
Removed! : C:\WINDOWS\System32\lurcd.dat
Removed! : C:\WINDOWS\System32\mfcbi.exe
Removed! : C:\WINDOWS\System32\mfcdq.exe
Removed! : C:\WINDOWS\System32\mfcjt32.exe
Removed! : C:\WINDOWS\System32\mfcme.exe
Removed! : C:\WINDOWS\System32\mfcrv32.exe
Removed! : C:\WINDOWS\System32\mfoxp.dat
Removed! : C:\WINDOWS\System32\mfsno.dat
Removed! : C:\WINDOWS\System32\mfvxb.dat
Removed! : C:\WINDOWS\System32\mhady.dat
Removed! : C:\WINDOWS\System32\mkbwy.dat
Removed! : C:\WINDOWS\System32\mkehj.dat
Removed! : C:\WINDOWS\System32\mleep.dat
Removed! : C:\WINDOWS\System32\mnewo.dat
Removed! : C:\WINDOWS\System32\mogiq.dat
Removed! : C:\WINDOWS\System32\msdbv.dat
Removed! : C:\WINDOWS\System32\msgg32.exe
Removed! : C:\WINDOWS\System32\mslj.exe
Removed! : C:\WINDOWS\System32\msms32.exe
Removed! : C:\WINDOWS\System32\mtkgi.dat
Removed! : C:\WINDOWS\System32\mugfi.dat
Removed! : C:\WINDOWS\System32\mvmbr.dat
Removed! : C:\WINDOWS\System32\mxacx.dat
Removed! : C:\WINDOWS\System32\myzcw.dat
Removed! : C:\WINDOWS\System32\mzghr.dat
Removed! : C:\WINDOWS\System32\ncpvs.dat
Removed! : C:\WINDOWS\System32\netfi.exe
Removed! : C:\WINDOWS\System32\netgn.exe
Removed! : C:\WINDOWS\System32\netix.exe
Removed! : C:\WINDOWS\System32\netln.exe
Removed! : C:\WINDOWS\System32\netph.exe
Removed! : C:\WINDOWS\System32\netpk.exe
Removed! : C:\WINDOWS\System32\netsy.exe
Removed! : C:\WINDOWS\System32\netuv.exe
Removed! : C:\WINDOWS\System32\netvw.exe
Removed! : C:\WINDOWS\System32\netzq.exe
Removed! : C:\WINDOWS\System32\nfgeo.dat
Removed! : C:\WINDOWS\System32\ngtca.dat
Removed! : C:\WINDOWS\System32\ngujp.dat
Removed! : C:\WINDOWS\System32\nioxr.dat
Removed! : C:\WINDOWS\System32\nkquo.dat
Removed! : C:\WINDOWS\System32\nlgoa.dat
Removed! : C:\WINDOWS\System32\nluhh.dat
Removed! : C:\WINDOWS\System32\nmlht.dat
Removed! : C:\WINDOWS\System32\noxem.dat
Removed! : C:\WINDOWS\System32\ntbr32.exe
Removed! : C:\WINDOWS\System32\ntgu.exe
Removed! : C:\WINDOWS\System32\ntla.exe
Removed! : C:\WINDOWS\System32\ntrl32.exe
Removed! : C:\WINDOWS\System32\nttm32.exe
Removed! : C:\WINDOWS\System32\ojgbo.dat
Removed! : C:\WINDOWS\System32\okaoz.dat
Removed! : C:\WINDOWS\System32\okiqa.dat
Removed! : C:\WINDOWS\System32\okwry.dat
Removed! : C:\WINDOWS\System32\omkui.dat
Removed! : C:\WINDOWS\System32\opgzn.dat
Removed! : C:\WINDOWS\System32\oqfyu.dat
Removed! : C:\WINDOWS\System32\orybz.dat
Removed! : C:\WINDOWS\System32\osfum.dat
Removed! : C:\WINDOWS\System32\osgug.dat
Removed! : C:\WINDOWS\System32\otkgg.dat
Removed! : C:\WINDOWS\System32\otysu.dat
Removed! : C:\WINDOWS\System32\owwxp.dat
Removed! : C:\WINDOWS\System32\oyugw.dat
Removed! : C:\WINDOWS\System32\paeul.dat
Removed! : C:\WINDOWS\System32\pcldr.dat
Removed! : C:\WINDOWS\System32\pcqxf.dat
Removed! : C:\WINDOWS\System32\pdkwp.dat
Removed! : C:\WINDOWS\System32\pdqbv.dat
Removed! : C:\WINDOWS\System32\pflzc.dat
Removed! : C:\WINDOWS\System32\pgnvf.dat
Removed! : C:\WINDOWS\System32\pgotl.dat
Removed! : C:\WINDOWS\System32\pleub.dat
Removed! : C:\WINDOWS\System32\pnirj.dat
Removed! : C:\WINDOWS\System32\puitv.dat
Removed! : C:\WINDOWS\System32\pumbn.dat
Removed! : C:\WINDOWS\System32\pxcld.dat
Removed! : C:\WINDOWS\System32\pxvor.dat
Removed! : C:\WINDOWS\System32\qbbhj.dat
Removed! : C:\WINDOWS\System32\qcpnf.dat
Removed! : C:\WINDOWS\System32\qdaww.dat
Removed! : C:\WINDOWS\System32\qekyg.dat
Removed! : C:\WINDOWS\System32\qfhnb.dat
Removed! : C:\WINDOWS\System32\qiikg.dat
Removed! : C:\WINDOWS\System32\qjxeg.dat
Removed! : C:\WINDOWS\System32\qmcti.dat
Removed! : C:\WINDOWS\System32\qmdws.dat
Removed! : C:\WINDOWS\System32\qnamn.dat
Removed! : C:\WINDOWS\System32\qqjau.dat
Removed! : C:\WINDOWS\System32\qrqix.dat
Removed! : C:\WINDOWS\System32\qruwf.dat
Removed! : C:\WINDOWS\System32\qsnpl.dat
Removed! : C:\WINDOWS\System32\qycul.dat
Removed! : C:\WINDOWS\System32\ravhq.dat
Removed! : C:\WINDOWS\System32\rbbyz.dat
Removed! : C:\WINDOWS\System32\rlteu.dat
Removed! : C:\WINDOWS\System32\rmurf.dat
Removed! : C:\WINDOWS\System32\rofqg.dat
Removed! : C:\WINDOWS\System32\rohzt.dat
Removed! : C:\WINDOWS\System32\rrzoq.dat
Removed! : C:\WINDOWS\System32\ruhuf.dat
Removed! : C:\WINDOWS\System32\rujek.dat
Removed! : C:\WINDOWS\System32\rxsba.dat
Removed! : C:\WINDOWS\System32\ryqbd.dat
Removed! : C:\WINDOWS\System32\sdkal.exe
Removed! : C:\WINDOWS\System32\sdkbm32.exe
Removed! : C:\WINDOWS\System32\sdkin32.exe
Removed! : C:\WINDOWS\System32\sdklk.exe
Removed! : C:\WINDOWS\System32\sdkme.exe
Removed! : C:\WINDOWS\System32\sdkqk32.exe
Removed! : C:\WINDOWS\System32\sdkth.dat
Removed! : C:\WINDOWS\System32\sdqru.dat
Removed! : C:\WINDOWS\System32\sgmfa.dat
Removed! : C:\WINDOWS\System32\skyne.dat
Removed! : C:\WINDOWS\System32\sogrm.dat
Removed! : C:\WINDOWS\System32\srggq.dat
Removed! : C:\WINDOWS\System32\sysca32.exe
Removed! : C:\WINDOWS\System32\sysgb.exe
Removed! : C:\WINDOWS\System32\sysne.exe
Removed! : C:\WINDOWS\System32\sysnt32.exe
Removed! : C:\WINDOWS\System32\sysug32.exe
Removed! : C:\WINDOWS\System32\sysva.exe
Removed! : C:\WINDOWS\System32\tafni.dat
Removed! : C:\WINDOWS\System32\tccoq.dat
Removed! : C:\WINDOWS\System32\tcnei.dat
Removed! : C:\WINDOWS\System32\tcneo.dat
Removed! : C:\WINDOWS\System32\teygv.dat
Removed! : C:\WINDOWS\System32\tfarg.dat
Removed! : C:\WINDOWS\System32\tfjcg.dat
Removed! : C:\WINDOWS\System32\tpkto.dat
Removed! : C:\WINDOWS\System32\trgsa.dat
Removed! : C:\WINDOWS\System32\tsqzx.dat
Removed! : C:\WINDOWS\System32\tzpre.dat
Removed! : C:\WINDOWS\System32\tzsfv.dat
Removed! : C:\WINDOWS\System32\ulbrj.dat
Removed! : C:\WINDOWS\System32\umaev.dat
Removed! : C:\WINDOWS\System32\umgpg.dat
Removed! : C:\WINDOWS\System32\umwwv.dat
Removed! : C:\WINDOWS\System32\urmle.dat
Removed! : C:\WINDOWS\System32\uufwq.dat
Removed! : C:\WINDOWS\System32\uwtfb.dat
Removed! : C:\WINDOWS\System32\uyowj.dat
Removed! : C:\WINDOWS\System32\uzjzx.dat
Removed! : C:\WINDOWS\System32\vawes.dat
Removed! : C:\WINDOWS\System32\vcjyt.dat
Removed! : C:\WINDOWS\System32\vcpzz.dat
Removed! : C:\WINDOWS\System32\vdtix.dat
Removed! : C:\WINDOWS\System32\vehtl.dat
Removed! : C:\WINDOWS\System32\vkoch.dat
Removed! : C:\WINDOWS\System32\vonpg.dat
Removed! : C:\WINDOWS\System32\vpbdd.dat
Removed! : C:\WINDOWS\System32\vpdgi.dat
Removed! : C:\WINDOWS\System32\vrctq.dat
Removed! : C:\WINDOWS\System32\vsbmy.dat
Removed! : C:\WINDOWS\System32\vvdec.dat
Removed! : C:\WINDOWS\System32\vwdbi.dat
Removed! : C:\WINDOWS\System32\wbajt.dat
Removed! : C:\WINDOWS\System32\wbztd.dat
Removed! : C:\WINDOWS\System32\weted.dat
Removed! : C:\WINDOWS\System32\wfdgo.dat
Removed! : C:\WINDOWS\System32\wgobp.dat
Removed! : C:\WINDOWS\System32\wgutw.dat
Removed! : C:\WINDOWS\System32\wimhj.dat
Removed! : C:\WINDOWS\System32\winas.exe
Removed! : C:\WINDOWS\System32\wincu32.exe
Removed! : C:\WINDOWS\System32\winhk32.exe
Removed! : C:\WINDOWS\System32\winht32.exe
Removed! : C:\WINDOWS\System32\winme32.exe
Removed! : C:\WINDOWS\System32\winmf.exe
Removed! : C:\WINDOWS\System32\winvu32.exe
Removed! : C:\WINDOWS\System32\winzs32.exe
Removed! : C:\WINDOWS\System32\wlizv.dat
Removed! : C:\WINDOWS\System32\wmhwp.dat
Removed! : C:\WINDOWS\System32\wrfrs.dat
Removed! : C:\WINDOWS\System32\wtfbq.dll
Removed! : C:\WINDOWS\System32\wvqes.dat
Removed! : C:\WINDOWS\System32\wxytv.dat
Removed! : C:\WINDOWS\System32\xbzim.dat
Removed! : C:\WINDOWS\System32\xdlpn.dat
Removed! : C:\WINDOWS\System32\xdnzh.dat
Removed! : C:\WINDOWS\System32\xqbva.dat
Removed! : C:\WINDOWS\System32\xrxmt.dat
Removed! : C:\WINDOWS\System32\xvzqu.dat
Removed! : C:\WINDOWS\System32\xvzwi.dat
Removed! : C:\WINDOWS\System32\xyamp.dat
Removed! : C:\WINDOWS\System32\xztbu.dat
Removed! : C:\WINDOWS\System32\ybkjb.dat
Removed! : C:\WINDOWS\System32\ybwds.dat
Removed! : C:\WINDOWS\System32\ylnpo.dat
Removed! : C:\WINDOWS\System32\ymaph.dat
Removed! : C:\WINDOWS\System32\yuqil.dat
Removed! : C:\WINDOWS\System32\yxqxh.dat
Removed! : C:\WINDOWS\System32\zbybr.dat
Removed! : C:\WINDOWS\System32\zccok.dat
Removed! : C:\WINDOWS\System32\zdkxi.dat
Removed! : C:\WINDOWS\System32\zfxzj.dat
Removed! : C:\WINDOWS\System32\zkyxd.dat
Removed! : C:\WINDOWS\System32\zmvcn.dat
Removed! : C:\WINDOWS\System32\zoddz.dat
Removed! : C:\WINDOWS\System32\ztuvr.dat
Removed! : C:\WINDOWS\System32\zultv.dat
Removed! : C:\WINDOWS\System32\zuths.dat
Removed! : C:\WINDOWS\System32\zwcwv.dat
Removed! : C:\WINDOWS\System32\zxpvu.dat
Removed! : C:\WINDOWS\System32\zyksv.dat
Removed! : C:\WINDOWS\System32\zzjnk.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 10:24:20 AM on: 8/19/2004

-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 4 Random Key Entries
Deleted 1 Service Keys Successfully!
Removed! : C:\WINDOWS\kqmfr.dat
Removed! : C:\WINDOWS\qmfrf.dll
Removed! : C:\WINDOWS\qswgw.dat
Removed! : C:\WINDOWS\swgwv.dll
Removed! : C:\WINDOWS\System32\grmtu.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 10:50:37 PM on: 8/27/2004

-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 9 Random Key Entries
Removed! : C:\WINDOWS\dokjg.dat
Removed! : C:\WINDOWS\esugb.dat
Removed! : C:\WINDOWS\System32\fkiad.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 4 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 8 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

**owen** · 02-09-2004

Sorry about the response time as I have said to everyone else. Could you post a fresh Hijack This log and we'll take things from there. Its no good having long gaps between the fixes, entirely my fault.

**Son of Pern** · 03-09-2004

welcome back! ive been MIA myself, so i hardly noticed!

Logfile of HijackThis v1.98.2
Scan saved at 5:03:38 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\n_ssbulx.dat:utvyo
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp5\winampa.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\mfcuw32.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - C:\WINDOWS\atlcp32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll (file missing)
O4 - HKLM\..\Run: [winul32.exe] C:\WINDOWS\system32\winul32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [sdkyq32.exe] C:\WINDOWS\system32\sdkyq32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [mfcuw32.exe] C:\WINDOWS\system32\mfcuw32.exe
O4 - HKLM\..\Run: [javaim32.exe] C:\WINDOWS\system32\javaim32.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [appff.exe] C:\WINDOWS\system32\appff.exe
O4 - HKLM\..\Run: [appeo32.exe] C:\WINDOWS\system32\appeo32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [apizs32.exe] C:\WINDOWS\system32\apizs32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ipcg.exe] C:\WINDOWS\system32\ipcg.exe
O4 - HKLM\..\Run: [ipwa32.exe] C:\WINDOWS\system32\ipwa32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/D.../Client_IE.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

**owen** · 04-09-2004

We'll have another shot at this:

1. Download AboutBuster http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to your desktop but don't run it yet.

2. Download Ad-aware from here. Open the Ad-aware program and near the bottom click the Check For Updates link. This will open the update manager. Follow the prompts to update your Ad-aware Reference File. Close Ad-aware for now, we will use it later.

3. You may want to print out these instructions for further reference when completing the following steps.

4. Make sure your PC is configured to show hidden files

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

5. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

6. Then reboot your PC into Safe Mode. If you don't know how to do this, see here for further instructions.

7. Restart Hijack This and put a checkmark next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gnswy.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {825BF029-3C62-6A52-430D-BA42846F1741} - C:\WINDOWS\atlcp32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll (file missing)
O4 - HKLM\..\Run: [winul32.exe] C:\WINDOWS\system32\winul32.exe
O4 - HKLM\..\Run: [sdkyq32.exe] C:\WINDOWS\system32\sdkyq32.exe
O4 - HKLM\..\Run: [appff.exe] C:\WINDOWS\system32\appff.exe
O4 - HKLM\..\Run: [appeo32.exe] C:\WINDOWS\system32\appeo32.exe
O4 - HKLM\..\Run: [apizs32.exe] C:\WINDOWS\system32\apizs32.exe
O4 - HKLM\..\Run: [ipcg.exe] C:\WINDOWS\system32\ipcg.exe
O4 - HKLM\..\Run: [ipwa32.exe] C:\WINDOWS\system32\ipwa32.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

Click Fix Checked

Then delete the following files and folders:
C:\WINDOWS\system32\winul32.exe
C:\WINDOWS\system32\sdkyq32.exe
C:\WINDOWS\system32\appff.exe
C:\WINDOWS\system32\appeo32.exe
C:\WINDOWS\system32\apizs32.exe
C:\WINDOWS\system32\ipcg.exe
C:\WINDOWS\system32\ipwa32.exe

8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

9. Scan with Adaware and let it remove any bad files found.

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure that Temporary Files, Temporary Internet Files and Recycle Bin

11. Reboot to normal mode

12. Finally, pay a visit to Housecall. Scan for and remove any infected files found on your system.

Post a fresh HijackThis log and the AboutBuster report back here please.

**owen** · 04-09-2004

If the About:Buster log is too big, try attaching it.

**Son of Pern** · 05-09-2004

there was no service present with the exact name or description "Network Security Service".

**owen** · 05-09-2004

Could you posts the logs then so that I can take a look. I think we may have to use a new removal method.

**Son of Pern** · 30-09-2004

Well, we all know how great and wonderful the almight Dell is, right?

I recently had to take advantage of my warranty with them when my power supply for my notewbook died, and the one they sent me as a replacement died after only a weeks use, and being an ex-sales rep for big blue, I know for a fact that this will cause my credibility to drop through the floor, especially considering my former employment status. Now Im using my parents computer, also a Dell...yipee, love those celerons

...and finding it has worse problems than my own system ever did, but thanks to the help I have recieved here, I now have access to resources I was previously unaware of, including this site, so I can at least start to tackle some of the basic problems with more efficiency than before. Thank you for all of your help, and I hope to have my system back up and running soon.

**owen** · 30-09-2004

We've found new removal methods for the About:Blank terror. Personally I've never had a Dell. My whole system is a mix of all sorts, Dell Monitor, Compaq PC, etc. I personally don't like these companies that dundle a load of their stuff with all their PCs. My PC hasn't got anything related to Compaq at all. I wish you luck with your computer and remember if you have any probs, post back here (start a new thread now if its a different system).

I have no idea whats going on...

Re: I have no idea whats going on...

Similar Threads

No idea whats wrong but....

new mod idea

Whats SLI?

no idea what i'm doing...

whats your DJ name