jbrandow

Members
  • Content count

    3
  • Joined

  • Last visited

About jbrandow

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Please remove this post, I've properly posted my problem with a hjt report under malware removal. Thank you
  2. I've tried running the AboutBuster in safe mode and receive the message "runtime error '6' overflow". I've also run CWshredder in safe mode. This is a copy of my hjt file. suggenstions on how to continue in my attempt to remove multiple virus. Thanks. Logfile of HijackThis v1.99.1 Scan saved at 10:06:52 PM, on 3/6/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\System32\nvdsvc32.exe C:\WINDOWS\d3wm.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\wintask.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Wcil\Dxiww.exe C:\Program Files\WebRebates4\webrebates.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\sdkwj.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\WebRebates4\w11150.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Works\MSWorks.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zmbfs.dll/sp.html#37049%resultposition.net R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {166D5965-3523-FD3D-7653-2DD44AC66EB8} - (no file) O2 - BHO: (no name) - {36602E34-564B-4F82-3460-40E15FF68B74} - (no file) O2 - BHO: Class - {37E5E66E-C168-B55B-BE2E-8478ED77CD96} - C:\WINDOWS\system32\addbm.dll O2 - BHO: (no name) - {43DB041A-707F-D568-FF53-1CC67ADD3B82} - (no file) O2 - BHO: (no name) - {588E9107-C2D3-E0FF-D067-E37707B28CEA} - (no file) O2 - BHO: (no name) - {79FB99E0-9529-0FF5-9D52-B42B3DCDEF49} - (no file) O2 - BHO: (no name) - {8AF249B1-7F56-BD75-0375-407C171E89E5} - (no file) O2 - BHO: (no name) - {8D5677A8-8EC4-A206-E11B-F72C0B1F7287} - (no file) O2 - BHO: (no name) - {D8010B5A-E220-B876-B855-D2861F450A0C} - (no file) O2 - BHO: (no name) - {DBFC5A92-4FA4-C151-1D59-8CA0FBBFD49C} - (no file) O2 - BHO: (no name) - {E2EE3398-3679-6B34-51F3-26F80A4F6FA2} - (no file) O2 - BHO: (no name) - {E63F1C8C-F268-E0E3-67B6-E79D4A5DD48E} - (no file) O2 - BHO: (no name) - {EF3F1C7D-511A-0A1F-2915-8BF8D1F23F0D} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [sAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [C:\WINDOWS\System32\nvdsvc32.exe ] C:\WINDOWS\System32\nvdsvc32.exe O4 - HKLM\..\Run: [d3wm.exe] C:\WINDOWS\d3wm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe" O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Zxghadyw] C:\Program Files\Wcil\Dxiww.exe O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [win.exe] C:\WINDOWS\System32\win.exe O4 - HKLM\..\Run: [NNSCAG638.EXEeorg] C:\WINDOWS\System32\NNSCAG638.EXEeorg O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64 O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O23 - Service: Workstation NetLogon Service ( 11F
  3. Hello, I've tried running AboutBuster in safe mode to and received this message: runtime error '6' overflow. Any suggestions are welcomed, thanks!