Unsolved
This post is more than 5 years old
6 Posts
0
3538
October 27th, 2004 00:00
Hijack This Log Help....?
:smileysad:
Ok, I had a Trojan about two weeks ago. I called Dell 24 Hour Support and she had me Download Giant. It found all kinds of Hijacked files and a Trojan (Or a few) And we removed them.
Every Time I run it now, it comes up with a Trojan. How do I get the darn thing to stop coming back. It says it is being downloaded by "Cashback" or "Bargainbuddies". I can't find them on remove programs.
Anywhoo, here is my Hijack This log...Please help me....
PS. my Mcafee Virus Scan won't Update either. I have Xoftspy, Adaware and now Giant and none of them are picking up Trojans...but Symantic has found a Trojan.
Logfile of HijackThis v1.98.2
Scan saved at 5:50:22 PM, on 10/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 5:50:22 PM, on 10/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Kim\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Kim\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\csrss.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb04350US
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo - http://bingoj03.pogo.com/applet/bingo/bingoj-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.6.20/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.1.18/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.0.32/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks02.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://pool30.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades12.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire01.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peaks/peaks-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: Tube Runner by pogo - http://ea04.pogo.com/applet/tube/tube-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = miner
O17 - HKLM\Software\..\Telephony: DomainName = miner
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = miner
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = miner
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\csrss.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb04350US
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Program Files\eBay\eBay Toolbar\4.4.0.1\eBayBand.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo - http://bingoj03.pogo.com/applet/bingo/bingoj-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.6.20/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.1.18/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.0.32/flinger/flinger-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks02.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://pool30.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades12.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.8.5.21/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire01.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peaks/peaks-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: Tube Runner by pogo - http://ea04.pogo.com/applet/tube/tube-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.0.32/worldclass/worldclass-ob-assets.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4400/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = miner
O17 - HKLM\Software\..\Telephony: DomainName = miner
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = miner
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = miner
No Events found!
jamez kann
2 Intern
•
860 Posts
0
October 27th, 2004 03:00
Essential Anti Spyware tools everyone needs to run
A Download Spybot Tutorials on how To Install Spybot Search and Destroy Tutorial2
B Download Ad-aware SE Personal 1.03 Tutorial using Ad-aware
C. Download CWShredder Tutorial - How to remove CoolWebSearch with CWShredder
Do any 2 Online scans TrendMicro RAV Kaspersky McAfeeBit Defender Symantec
And let us know what comes up
hobiecat22
6 Posts
0
October 27th, 2004 06:00
hobiecat22
6 Posts
0
October 27th, 2004 06:00
Ok..Here is what Spybot did...What does this mean?
Also I downloaded the Ebay toolbar to notify me when Auctions are ending...Is this a problem?
Error during check!: BackOrifice.B (Datei C:\WINDOWS\wininit.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
Connect MFC Application: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-639874297-1757877059-505846217-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\access-to
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-639874297-1757877059-505846217-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
eBayToolbar: Autostart file (File, nothing done)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBay Toolbar.LNK
eBayToolbar: Log file (File, nothing done)
C:\WINDOWS\ReceBay.rec
eBayToolbar: Log file (File, nothing done)
C:\eBay.log
eBayToolbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863}
eBayToolbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{53BAA94E-AF15-11D4-B2C1-0090278B20DE}
eBayToolbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{001F2570-5DF5-11d3-B991-00A0C9BB0874}
eBayToolbar: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\eBayToolbar
eBayToolbar: IE extension (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92D7F210-7F20-11d3-8157-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F69298DB-525A-4034-A43D-0AB592569AFF}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B12-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B11-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B10-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B0F-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B0E-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5C163B0D-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{53BAA94D-AF15-11D4-B2C1-0090278B20DE}
eBayToolbar: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/eBayTBar.exe
eBayToolbar: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/eBayHtml.dll
eBayToolbar: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/eBayFile.Fil
eBayToolbar: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/eBayBand.dll
eBayToolbar: Program directory (Directory, nothing done)
C:\Program Files\eBay\eBay Toolbar\
eBayToolbar: Program group (Directory, nothing done)
C:\Documents and Settings\All Users\Start Menu\Programs\eBay Toolbar
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.ToolbarBand.1
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.ToolbarBand
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.HtmlPopup.1
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.HtmlPopup
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.Helper.1
eBayToolbar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\eBayToolbar.Helper
eBayToolbar: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5C163B01-4E76-11D3-8132-0090278B20DE}
eBayToolbar: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{53BAA941-AF15-11D4-B2C1-0090278B20DE}
eBayToolbar: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eBay
eBayToolbar: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\eBayToolbar
eBayToolbar: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-639874297-1757877059-505846217-1007\Software\eBayToolbar
eBayToolbar: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\eBayToolbar
KeenValue.eUniverse.MyFreeCursors: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\updater
n-Case: Autorun settings (Clock) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-639874297-1757877059-505846217-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Clock
Roings: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\IObjSafety.DemoCtl
Roings: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{78A163D2-2358-464D-807B-0E2A078C7727}
VX2/f: Web page (File, nothing done)
C:\WINDOWS\TEMP\dummy.htm
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-10-26 Includes\Dialer.sbi
2004-10-26 Includes\Hijackers.sbi
2004-10-07 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-10-26 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-10-26 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-10-26 Includes\Trojans.sbi
jamez kann
2 Intern
•
860 Posts
0
October 27th, 2004 07:00
2. Anti-Trojan Scanners. Tauscan & TDS-3 were two unbeatable options in this field
3 Firewall (ANY ONE) Zone Alarm Outpost Sygate Personal Firewall
4 a² is a complementary product to antivirus software. It provides specialist protection against harmful software. Antivirus software is not enough! a² provides protection against Trojans, Dialers and Spyware. a² fills the gaps that malware writers exploit.
Then rerun spybot and let use know if anything shows up
Alternatively
rend Micro Sysclean Package - Download + Virus Pattern File - Home Page
A Virus Removal Tool for Virus infections that can not be cleaned or deleted by the online scan. This is not an AntiVirus Program.
Instructions - Download the Sysclean Package (sysclean.com) and the latest Virus Pattern File (lptXXX.zip). Create a folder on your C: drive (C:\Sysclean), download both files to this folder, unzip the "lptXXX.zip" pattern file into this folder, then run "sysclean.com", check "Automatically clean or delete detected files", left-click "Scan". If there are still Virus infections left that can not be removed, reboot your computer into safe mode by holding the Ctrl key down during boot up and selecting "Safe Mode" from the menu. In safe mode do another Sysclean scan and remove the remaining Virus infections.
Notes - The Virus Pattern File is updated on a weekly sometimes daily basis. Anytime a Virus is detected that your AntiVirus program or the Online Virus Scanner is unable to clean, you will have to redownload the latest Virus Pattern File for Sysclean to be able to properly remove it. A larger numbered file (lptXXX.zip) represents a newer Virus Pattern File.
Steps
http://www.trendmicro.com/ftp/products/tsc/cpr/sysclean.com
http://www.trendmicro.com/ftp/products/pattern/lpt212.zip (file may change)
2. Extract the contents of lpt212.zip
3. make a folder Sysclean
5. Double click on sysclean and click on scan
Taken from Optimize XP
hobiecat22
6 Posts
0
October 27th, 2004 19:00
I am getting a message saying Password Protected when I try to extract files, from Virus Pattern into C:\sysclean?
Help
Dave Lyle
2 Intern
•
2K Posts
0
October 27th, 2004 20:00
hobiecat22
6 Posts
0
October 27th, 2004 20:00
Dave Lyle
2 Intern
•
2K Posts
0
October 27th, 2004 20:00
hobiecat22
6 Posts
0
October 27th, 2004 21:00
jamez kann
2 Intern
•
860 Posts
0
October 28th, 2004 03:00
Please read Spybot-s&d Error Messages During Scan
Dave Lyle
2 Intern
•
2K Posts
0
October 28th, 2004 13:00
You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder.
Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder. If required a tutorial is here: Hijackthis Folder Tutorial
Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\csrss.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
With ALL OTHER WINDOWS CLOSED, click on Fix Checked.
Reboot into Safe Mode and enable viewing of Hidden and System files. Open Windows Explorer (Windows key+e), drill down and delete the following files and folders if found:
C:\WINDOWS\ csrss.exe --File Use caution. Do not delete the valid Windows file C:\WINDOWS\System32\csrss.exe
Use Windows Search to locate the following file and delete it:
DLHelperEXE.exe --File
Reboot and post a new log.
==========