Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

SPerkins21

15 Posts

1978

April 11th, 2006 22:00

Help is really needed...Please help...Thank you!

I had the Winfixer spyware that I think I got rid of after I ran the Vundo program.  So I needed someone to check it now that I have ran the Vundo program.  This all started when I tried to uninstall some Mcafee software which I still am not able to do.
 
Any suggestions??
 
Logfile of HijackThis v1.99.1
Scan saved at 7:48:23 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.2.0.38/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124549213682
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmnnl - pmnnl.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

ALgal

1.2K Posts

April 12th, 2006 12:00

Hello SPerkins and welcome to Dell,

Looks like you are rid of winfixer but you have other malware.

Please do the following:



STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here

  • Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper) You will be prompted to check for updated definitions, please do so.
    (This may take several minutes)
  • Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
  • Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
  • When the sweep has finished, click Remove. Click Select All and then Next
  • From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
  • Exit Spy Sweeper.



STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:

  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


Empty Recycle Bin
Reboot

Please post the results from SpySweeper, ewido and a new hijackthis log.

SPerkins21

15 Posts

April 15th, 2006 00:00

Spy Sweeper Log

 

********

6:24 PM: | Start of Session, Friday, April 14, 2006 |

6:24 PM: Spy Sweeper started

6:24 PM: Sweep initiated using definitions version 658

6:24 PM: Starting Memory Sweep

6:29 PM: Memory Sweep Complete, Elapsed Time: 00:05:06

6:29 PM: Starting Registry Sweep

6:29 PM: Found Adware: squiresearch

6:29 PM: HKCR\interface\{907ca0e4-ce84-11d6-9508-02608cdd2846}\ (8 subtraces) (ID = 142202)

6:29 PM: HKLM\software\classes\interface\{907ca0e4-ce84-11d6-9508-02608cdd2846}\ (8 subtraces) (ID = 142209)

6:29 PM: Found Adware: drsnsrch.com hijack

6:29 PM: HKU\WRSS_Profile_S-1-5-21-3929279291-1257536838-1180724919-501\software\microsoft\internet explorer\searchurl\ (ID = 128212)

6:29 PM: Found Trojan Horse: nssys32

6:29 PM: HKU\S-1-5-21-3929279291-1257536838-1180724919-1009\software\nssys32\ (1 subtraces) (ID = 136281)

6:29 PM: Registry Sweep Complete, Elapsed Time:00:00:20

6:29 PM: Starting Cookie Sweep

6:29 PM: Found Spy Cookie: 2o7.net cookie

6:29 PM: guest@2o7[2].txt (ID = 1957)

6:29 PM: Found Spy Cookie: about cookie

6:29 PM: guest@about[2].txt (ID = 2037)

6:29 PM: Found Spy Cookie: go.com cookie

6:29 PM: guest@adisney.go[2].txt (ID = 2729)

6:29 PM: Found Spy Cookie: specificclick.com cookie

6:29 PM: guest@adopt.specificclick[1].txt (ID = 3400)

6:29 PM: Found Spy Cookie: pointroll cookie

6:29 PM: guest@ads.pointroll[1].txt (ID = 3148)

6:29 PM: Found Spy Cookie: advertising cookie

6:29 PM: guest@advertising[2].txt (ID = 2175)

6:29 PM: Found Spy Cookie: apmebf cookie

6:29 PM: guest@apmebf[1].txt (ID = 2229)

6:29 PM: Found Spy Cookie: falkag cookie

6:29 PM: guest@as-us.falkag[2].txt (ID = 2650)

6:29 PM: Found Spy Cookie: ask cookie

6:29 PM: guest@ask[2].txt (ID = 2245)

6:29 PM: Found Spy Cookie: atlas dmt cookie

6:29 PM: guest@atdmt[2].txt (ID = 2253)

6:29 PM: Found Spy Cookie: atwola cookie

6:29 PM: guest@atwola[1].txt (ID = 2255)

6:29 PM: Found Spy Cookie: azjmp cookie

6:29 PM: guest@azjmp[2].txt (ID = 2270)

6:29 PM: guest@cartoonnetwork.122.2o7[1].txt (ID = 1958)

6:29 PM: Found Spy Cookie: casalemedia cookie

6:29 PM: guest@casalemedia[1].txt (ID = 2354)

6:29 PM: Found Spy Cookie: clickbank cookie

6:29 PM: guest@clickbank[1].txt (ID = 2398)

6:29 PM: guest@disney.go[2].txt (ID = 2729)

6:29 PM: Found Spy Cookie: ru4 cookie

6:29 PM: guest@edge.ru4[2].txt (ID = 3269)

6:29 PM: guest@exoticpets.about[1].txt (ID = 2038)

6:29 PM: Found Spy Cookie: fastclick cookie

6:29 PM: guest@fastclick[1].txt (ID = 2651)

6:29 PM: guest@go[1].txt (ID = 2728)

6:29 PM: Found Spy Cookie: mediaplex cookie

6:29 PM: guest@mediaplex[1].txt (ID = 6442)

6:29 PM: guest@msninvite.112.2o7[1].txt (ID = 1958)

6:29 PM: guest@msnportal.112.2o7[1].txt (ID = 1958)

6:29 PM: Found Spy Cookie: overture cookie

6:29 PM: guest@overture[1].txt (ID = 3105)

6:29 PM: guest@perf.overture[1].txt (ID = 3106)

6:29 PM: guest@psc.disney.go[1].txt (ID = 2729)

6:29 PM: Found Spy Cookie: qksrv cookie

6:29 PM: guest@qksrv[1].txt (ID = 3213)

6:29 PM: Found Spy Cookie: questionmarket cookie

6:29 PM: guest@questionmarket[1].txt (ID = 3217)

6:29 PM: guest@register.go[1].txt (ID = 2729)

6:29 PM: Found Spy Cookie: revenue.net cookie

6:29 PM: guest@revenue[2].txt (ID = 3257)

6:29 PM: Found Spy Cookie: servedby advertising cookie

6:29 PM: guest@servedby.advertising[2].txt (ID = 3335)

6:29 PM: Found Spy Cookie: serving-sys cookie

6:29 PM: guest@serving-sys[2].txt (ID = 3343)

6:29 PM: Found Spy Cookie: statcounter cookie

6:29 PM: guest@statcounter[2].txt (ID = 3447)

6:29 PM: Found Spy Cookie: webtrendslive cookie

6:29 PM: guest@statse.webtrendslive[1].txt (ID = 3667)

6:29 PM: Found Spy Cookie: tacoda cookie

6:29 PM: guest@tacoda[2].txt (ID = 6444)

6:29 PM: guest@tokenzone.go[1].txt (ID = 2729)

6:29 PM: Found Spy Cookie: trafficmp cookie

6:29 PM: guest@trafficmp[1].txt (ID = 3581)

6:29 PM: Found Spy Cookie: tribalfusion cookie

6:29 PM: guest@tribalfusion[1].txt (ID = 3589)

6:29 PM: guest@wrigley.122.2o7[1].txt (ID = 1958)

6:29 PM: guest@www.disney.go[1].txt (ID = 2729)

6:29 PM: Found Spy Cookie: zedo cookie

6:29 PM: guest@zedo[1].txt (ID = 3762)

6:29 PM: Found Spy Cookie: ad-logics cookie

6:29 PM: sophia perkins@ad-logics[1].txt (ID = 2049)

6:29 PM: Found Spy Cookie: searchsquire cookie

6:29 PM: sophia perkins@ad.searchsquire[1].txt (ID = 3324)

6:29 PM: Found Spy Cookie: addynamix cookie

6:29 PM: sophia perkins@ads.addynamix[2].txt (ID = 2062)

6:29 PM: sophia perkins@atdmt[2].txt (ID = 2253)

6:29 PM: sophia perkins@casalemedia[2].txt (ID = 2354)

6:29 PM: Found Spy Cookie: clickagents cookie

6:29 PM: sophia perkins@clickagents[2].txt (ID = 2394)

6:29 PM: sophia perkins@edge.ru4[1].txt (ID = 3269)

6:29 PM: Found Spy Cookie: incredifind cookie

6:29 PM: sophia perkins@incredifind[2].txt (ID = 2849)

6:29 PM: Found Spy Cookie: internetfuel cookie

6:29 PM: sophia perkins@internetfuel[1].txt (ID = 2873)

6:29 PM: sophia perkins@mediaplex[1].txt (ID = 6442)

6:29 PM: sophia perkins@qksrv[1].txt (ID = 3213)

6:29 PM: Found Spy Cookie: realmedia cookie

6:29 PM: sophia perkins@realmedia[1].txt (ID = 3235)

6:29 PM: Found Spy Cookie: tmpad cookie

6:29 PM: sophia perkins@tmpad[2].txt (ID = 3545)

6:29 PM: sophia perkins@trafficmp[1].txt (ID = 3581)

6:29 PM: sophia perkins@www.incredifind[1].txt (ID = 2850)

6:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01

6:29 PM: Starting File Sweep

6:32 PM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_710.dat". The process cannot access the file because it is being used by another process

6:40 PM: Found Adware: tibs dialer

6:40 PM: xxx.lnk (ID = 79520)

6:50 PM: Found Adware: sidesearch

6:50 PM: lycos.dll (ID = 76057)

7:12 PM: Warning: Invalid file - not a PKZip file

7:12 PM: Warning: Invalid file - not a PKZip file

7:13 PM: Warning: Unhandled Archive Type

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: Warning: Invalid file - not a PKZip file

7:14 PM: File Sweep Complete, Elapsed Time: 00:45:16

7:14 PM: Full Sweep has completed. Elapsed time 00:50:53

7:14 PM: Traces Found: 79

7:16 PM: Removal process initiated

7:16 PM: Quarantining All Traces: nssys32

7:16 PM: Quarantining All Traces: sidesearch

7:16 PM: Quarantining All Traces: tibs dialer

7:16 PM: Quarantining All Traces: drsnsrch.com hijack

7:16 PM: Quarantining All Traces: squiresearch

7:16 PM: Quarantining All Traces: 2o7.net cookie

7:16 PM: Quarantining All Traces: about cookie

7:16 PM: Quarantining All Traces: addynamix cookie

7:16 PM: Quarantining All Traces: ad-logics cookie

7:16 PM: Quarantining All Traces: advertising cookie

7:16 PM: Quarantining All Traces: apmebf cookie

7:16 PM: Quarantining All Traces: ask cookie

7:16 PM: Quarantining All Traces: atlas dmt cookie

7:16 PM: Quarantining All Traces: atwola cookie

7:16 PM: Quarantining All Traces: azjmp cookie

7:16 PM: Quarantining All Traces: casalemedia cookie

7:16 PM: Quarantining All Traces: clickagents cookie

7:16 PM: Quarantining All Traces: clickbank cookie

7:16 PM: Quarantining All Traces: falkag cookie

7:16 PM: Quarantining All Traces: fastclick cookie

7:16 PM: Quarantining All Traces: go.com cookie

7:16 PM: Quarantining All Traces: incredifind cookie

7:16 PM: Quarantining All Traces: internetfuel cookie

7:16 PM: Quarantining All Traces: mediaplex cookie

7:16 PM: Quarantining All Traces: overture cookie

7:16 PM: Quarantining All Traces: pointroll cookie

7:16 PM: Quarantining All Traces: qksrv cookie

7:16 PM: Quarantining All Traces: questionmarket cookie

7:16 PM: Quarantining All Traces: realmedia cookie

7:16 PM: Quarantining All Traces: revenue.net cookie

7:16 PM: Quarantining All Traces: ru4 cookie

7:16 PM: Quarantining All Traces: searchsquire cookie

7:16 PM: Quarantining All Traces: servedby advertising cookie

7:16 PM: Quarantining All Traces: serving-sys cookie

7:16 PM: Quarantining All Traces: specificclick.com cookie

7:16 PM: Quarantining All Traces: statcounter cookie

7:16 PM: Quarantining All Traces: tacoda cookie

7:16 PM: Quarantining All Traces: tmpad cookie

7:16 PM: Quarantining All Traces: trafficmp cookie

7:16 PM: Quarantining All Traces: tribalfusion cookie

7:16 PM: Quarantining All Traces: webtrendslive cookie

7:16 PM: Quarantining All Traces: zedo cookie

7:18 PM: Removal process completed. Elapsed time 00:01:37

7:19 PM: Deletion from quarantine initiated

7:19 PM: Processing: 2o7.net cookie

7:19 PM: Processing: about cookie

7:19 PM: Processing: addynamix cookie

7:19 PM: Processing: ad-logics cookie

7:19 PM: Processing: advertising cookie

7:19 PM: Processing: apmebf cookie

7:19 PM: Processing: ask cookie

7:19 PM: Processing: atlas dmt cookie

7:19 PM: Processing: atwola cookie

7:19 PM: Processing: azjmp cookie

7:19 PM: Processing: casalemedia cookie

7:19 PM: Processing: clickagents cookie

7:19 PM: Processing: clickbank cookie

7:19 PM: Processing: drsnsrch.com hijack

7:19 PM: Processing: falkag cookie

7:19 PM: Processing: fastclick cookie

7:19 PM: Processing: go.com cookie

7:19 PM: Processing: incredifind cookie

7:19 PM: Processing: internetfuel cookie

7:19 PM: Processing: mediaplex cookie

7:19 PM: Processing: nssys32

7:19 PM: Processing: overture cookie

7:19 PM: Processing: pointroll cookie

7:19 PM: Processing: qksrv cookie

7:19 PM: Processing: questionmarket cookie

7:19 PM: Processing: realmedia cookie

7:19 PM: Processing: revenue.net cookie

7:19 PM: Processing: ru4 cookie

7:19 PM: Processing: searchsquire cookie

7:19 PM: Processing: servedby advertising cookie

7:19 PM: Processing: serving-sys cookie

7:19 PM: Processing: sidesearch

7:19 PM: Processing: specificclick.com cookie

7:19 PM: Processing: squiresearch

7:19 PM: Processing: statcounter cookie

7:19 PM: Processing: tacoda cookie

7:19 PM: Processing: tibs dialer

7:19 PM: Processing: tmpad cookie

7:19 PM: Processing: trafficmp cookie

7:19 PM: Processing: tribalfusion cookie

7:19 PM: Processing: webtrendslive cookie

7:19 PM: Processing: zedo cookie

7:19 PM: Deletion from quarantine completed. Elapsed time 00:00:02

********

6:20 PM: | Start of Session, Friday, April 14, 2006 |

6:20 PM: Spy Sweeper started

6:21 PM: Your spyware definitions have been updated.

6:24 PM: | End of Session, Friday, April 14, 2006 |

 

 

SPerkins21

15 Posts

April 15th, 2006 00:00

ok...so I've ran the spy sweeper and the ewido, and this is my new hijack this log, spy sweeper and ewido logs.  Please let me know where to proceed from here.  Thanks again for your help.

All three files are too big for this one msg so I will post all three separately.

Logfile of HijackThis v1.99.1
Scan saved at 8:59:37 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.2.0.38/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124549213682
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

SPerkins21

15 Posts

April 15th, 2006 00:00

ewido log

 

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 8:49:09 PM, 4/14/2006

+ Report-Checksum: 3685E6FE

+ Scan result:

C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wflocjajkaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjk4qkd5gco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkyckczcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjlywpdzilq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjny-1gcpgk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@ehg-penguingroupusa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Guest\Cookies\guest@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup

C:\Documents and Settings\LocalService\Cookies\sophia perkins@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\LocalService\Cookies\sophia perkins@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@com[1].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@ehg-communityconnect.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@emimusic.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@homesteadtechnologies.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Sophia Perkins\Cookies\sophia perkins@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP323\A0160849.dll -> Adware.BargainBuddy : Cleaned with backup

C:\WINDOWS\Pplugin8.exe -> Not-A-Virus.PSWTool.Win32.MailPassView : Cleaned with backup

C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup

 

::Report End

ALgal

1.2K Posts

April 15th, 2006 01:00

Hello SPerkins,

Please do the following;

Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
  • Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
  • Over to the left click "shields" and uncheck all there.
  • Uncheck" home page shield".
  • Uncheck ''automatically restore default without notification".

After all of the fixes are complete it is very important that you enable SpySweeper again.

Scan with HijackThis. Place a check against each of the following:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Post back a fresh HijackThis log and we will take another look.

SPerkins21

15 Posts

April 15th, 2006 01:00

Here is the new Hijack this log:

 

Logfile of HijackThis v1.99.1
Scan saved at 10:29:31 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106925659\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.2.0.38/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124549213682
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

ALgal

1.2K Posts

April 15th, 2006 09:00

Hello SPerkins,

Good work! Your logs appear to be clean. Please do the following:

STEP 1.
======
Cleanmgr
To clean temporary files:

  • Go > start >run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.


STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.



STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malwareremoval.com/viewtopic.php?t=8138&sid=3965a617e3ae8fa3039eba6ea0b5e8ee
Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall


  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection


Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan

SPerkins21

15 Posts

April 15th, 2006 18:00

You guys are the best!!!  Thanks to everyone who have helped me on this issue!!!

Was this post helpful?

View All

0 events found

No Events found!

Top