Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

unruly666

17 Posts

24887

December 30th, 2004 14:00

Internet Explorer 6 hijacked?

I have my Dell for over a year or so. I us IE all the time. Actually everytime I go online cause I hate AOL.
 
Anyhows,
 
About 4 days ago , when I open IE, it goes to my homepage for a second and then does this:
The page cannot be displayed
with  clicking noise *click click click*
 
I can't get into tools or anything, I can't even get into my dell update.
 
I already ran Mcafee, spybot and adaware (updated them too)  and nothing
 
I have also noticed my keyboard keys 'sticking' like i am typing to fast  for the keyboard or something
 
Any help, other then throwing IE out and using MSN or something like that?
 
~PLEASE HELP~
 
I have tried the system restore, but I think he probem is that I only installed spy & ad aware after I was having a problem, so maybe it is restoring it back at that point? (which of course would do me no good)
 
I haven't installed anything in months and like I said, I only installed those two programs after the fact.
 
The http:/// is not a type o. It goes from loading my homepage (yahoo) to stopping and going to http:///
 
 
I have disconnected my keyboard and reinstalled it...
 
still the same problem with IE, so it is not the keyboard
 
~someone please help~

zbestwun2001

3 Apprentice

 • 

8.8K Posts

December 30th, 2004 14:00

Before we do anything can you do a couple things first?
Go to this sight http://www.trendmicro.com/en/home/us/enterprise.htm and do an online scan and delete whatever it finds. Be sure to highlight the drives you want to have searched.

After that could you please go to http://www.majorgeeks.com/download506.html and download AdAwareSE and delete what it finds. Then while using AdAware, click on add-ons and get their plug-in for the VX2 variant, and run that and delete what it finds.
After that go to http://www.majorgeeks.com/download2471.html and download SpyBot and run that and delete what it finds.


Now go to http://www.majorgeeks.com/download3155.html and download HiJackThis to its own folder that you create on your C:/ drive.
After it is downloaded open the program and click on the Scan button.
When that is done, click on Save to log.
Post the log that it generates right here so that it maybe viewed and analyzed for problems.

Thanks
Steve

unruly666

17 Posts

December 30th, 2004 14:00

(thanks Steve for the suggestion of posting this here!)

unruly666

17 Posts

December 30th, 2004 15:00

i will do this as soon as i get home from work
thank you steve!!
 
i'll post again to let you know if it works
 
 

christin814

26 Posts

December 30th, 2004 22:00

I had the same problem. My webroot spy sweeper found a spyware that hijacks your internet exployer. I went into Add/Remove Programs and got rid of the file. I think the name of it was Webseach.com Hijacker or soemthing like that. I can look on my other computer and let you know.

unruly666

17 Posts

December 30th, 2004 23:00

Sorry Steve, I have dial up and to do this took me hours...
 
Here is the information you requested, ad again THANK YOU
 

Trend Micro

So I had a newer source then they had (so it told me) I didn’t know where to find it in my computer so I downloaded the file and replace it.

It came up with three things (I scanned my computer and Local Disk c):

Troj Agent.Amo non cleanable ‘c/systemsvolumeinformation

Troj Adwaheck.A non cleanable ‘c/systemsvolumeinformation

Troj Ju.b Non cleanable ‘c:/windows/system32/winpack.exe’

When I pushed delete it said it deleted the first two, but the last one Troj JU.B was in use and could not be deleted.

________________________________

Adaware

I didn’t have to download this, I downloaded it a few days ago.

The link I found under the help menu for plug in (add ons) went into IE, so I couldn’t follow along. Also I looked in configurations, didn’t see anything and in my add ons folder there was no tools and/or extensions, so I couldn’t run the plug in for VXZ Variant.

That came up with a tracking cooking, that I guess came from downloading Trend Micro cause I didn’t have that cookie last night.

Vendor: Tracking Cookie Data Miner IE cache Entry

and also some MRUlist thingies (Hikey user) I believe is from Spybot program.

(All deleted)

_________________________________

Spybot

5 DSO Exploit entries (no matter how many times I erase these, they are always there when I scan...)

Deleted them for the 10th time...

_________________________________________

Hijackthis Log

Logfile of HijackThis v1.99.0

Scan saved at 8:08:46 PM, on 12/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\AOL Companion\companion.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\wmsdmod.exe

C:\Program Files\America Online 8.0\aol.exe

C:\Program Files\America Online 8.0\waol.exe

C:\Program Files\America Online 8.0\aolwbspd.exe

C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe

C:\WINDOWS\System32\winpack.exe

C:\highjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"

O4 - HKCU\..\Run: [wmsdmod] C:\WINDOWS\System32\wmsdmod.exe

O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab

O16 - DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (12.0)) - http://up.webphotos.com/lead/ltocx12n.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://up.webphotos.com/upload/XUpload.ocx

O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Agian thanks
 
 

Midnight Star

4.8K Posts

December 31st, 2004 00:00

unruly,

Let's go ahead and fix these...


Open "Windows Task Manager", then 'end' the following processes, if running:

wmsdmod.exe
winpack.exe

Refresh the list and make sure their gone.


Run HiJackThis and click " Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

O4 - HKCU\..\Run: [wmsdmod] C:\WINDOWS\System32\wmsdmod.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)


Now, with all windows closed except HiJackThis, click " Fix checked".

Reboot your computer.


Post back a new log.

Mike.

zbestwun2001

3 Apprentice

 • 

8.8K Posts

December 31st, 2004 00:00

For openers you can open HiJackThis and run a scan and put a check next to this entries



O4 - Global Startup: Digital Line Detect.lnk = ?



Close all you other applications except the HiJackThis box.

Then click fix.

Reboot and rescan and it should be gone. But your log needs more work and someone else will be here to help you.

Steve

unruly666

17 Posts

January 3rd, 2005 10:00

Hi Steve & Mike:

 

First off I would like to thank both of you for helping me...

Steve:

I got rid of 04-Global

Mike: I ran the task manger and closed

wmsdmod.exe
winpack.exe
 
I also noticed winlogon.exe - RUNNING- this looks strange to me , but I didn't stop it, cause I do not know what it is.
 
I also fixed the 5 things you told me to
 
I did have anti spyware Spybot Immusnize feature running at one point...
but I just want to till this problem so i checked them off the list anyhows
 
here is my new long, I haven't opened IE yet,,,
 
Logfile of HijackThis v1.99.0
Scan saved at 7:35:27 AM, on 1/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\highjack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (12.0)) - http://up.webphotos.com/lead/ltocx12n.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://up.webphotos.com/upload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{447BD466-488C-483B-8CC9-1EED5722CC94}: NameServer = 205.188.146.145
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Midnight Star

4.8K Posts

January 3rd, 2005 15:00

unruly,
 
Good work! I think youv'e nailed it! - I don't see either process in your log, and everything else looks good.
 
How's your system running?
 
-
 
if everything is running ok, let's go ahead a do some cleanup...
 
1.  Disable system restore; you'll need to reboot your computer.
2.  Run the HouseCall online virus scanner again - it should be able to remove what it finds now.
3.  Locate and delete the following, if present (just in case...):
 
       C:\WINDOWS\System32\wmsdmod.exe 
     C:\WINDOWS\System32\winpack.exe
 
4.  Run AdAware SE and Spybot S&D; just to make sure nothing was added at the last minute when those two programs 'went down'.
5.  Run "Disk Cleanup" and allow it to remove everything it finds.
6.  Re-enable system restore and create a new restore point manually.
 
-
 
You should be good to go! - Post back if your having any more problems.
 
Mike.
 

Message Edited by Midnight Star on 01-03-2005 11:36 AM

unruly666

17 Posts

January 3rd, 2005 15:00

(keeping on top)

Midnight Star

4.8K Posts

January 3rd, 2005 20:00

Hey Liz!
 
Your log looks good! Good work!
 
-
 
That's should be ok, we deleted that file in step #3.
 
Reguarding the "IE Cache data miner" and HouseCall, i'm not sure. I'll see if I can replicate it on this end.
 
Mike.

Message Edited by Midnight Star on 01-03-2005 04:50 PM

unruly666

17 Posts

January 3rd, 2005 20:00

Hi MIke,
 
Okay,
House Call found Troj jub non cleanable - again...
 
Spy found Dso Expliot (i think from ad aware) - again (i also had to re install spy...)
 
and Ad Aware found a tracking cooking IE Cache data miner. I didn't do anything with this YET. I think it is from House Call?
 
IE is working fine! :smileyvery-happy:
 
here is my new log (if needed)  I am going to turn back on system restore
 
Thanks!
Liz
 
(New Log)
 
Logfile of HijackThis v1.99.0
Scan saved at 4:53:34 PM, on 1/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\highjack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (12.0)) - http://up.webphotos.com/lead/ltocx12n.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://up.webphotos.com/upload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{447BD466-488C-483B-8CC9-1EED5722CC94}: NameServer = 205.188.146.145
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

unruly666

17 Posts

January 4th, 2005 13:00

I know I had deleted some stuff
but like I said I had to reinstall spybot, cause I deleted in step three.
 
As the cookie in house call, the first time I downloaded that as well, when ad aware check my computer, it picked it up and I deleted it (this was right after I installed house call)  Then when I tired to run house call the second time, I had to reinstall that as well. And guess what, I had that tracking cookie again... so I can only say it must come from house call since I was no where else...
 
Should I delete it?
 
It just that the next time I need to run an online scan, I will have to wait for it to reinstall itself (house call)

Midnight Star

4.8K Posts

January 4th, 2005 14:00

unruly666,
 
I am listening to you, and trying my very best to work with you on this...
 
-
 
You said...
 
but like I said I had to reinstall spybot, cause I deleted in step three.
 
Which Spybot file did you delete in step #3, i'm comfused here; remember i'm just trying to understand what your referring to? Without that, it's going to be difficult to help.
 
-
 
This is what I recommended you remove...
 
       C:\WINDOWS\System32\wmsdmod.exe 
     C:\WINDOWS\System32\winpack.exe
 
... we're one of these the files what you we're talking about? I'm running both AdAware and Spybot on my system and don't have either.
 
 
Now, referring to a tracking cookie, can you give me the name of it? Just 'tracking cookie' is a fairly vague reference; let's see if it came from the "TrendMicro" website (the web page actually).
 
I can't imagine an ActiveX control installing a cookie.
 
-
 
Mike.
 

unruly666

17 Posts

January 5th, 2005 18:00

Hi Mike,
 
the second part of what you told me was this (see page one)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
 
I think this is why I had to reinstall sypbot? (of course this is just an educated guess...)
 
As for the cookie: Ad Aware found this:
I have three now *rolls eyes*
 
COOKIE 1
Vendor:Tracking Cookie
Category:Data Miner
Object Type:IECache Entry
Size:377 Bytes
Location:C:\Documents and Settings\Liz\Cookies\liz@ads.pointroll[2].txt
Last Activity:1-5-2005 8:19:57 PM
Risk Level:Low
TAC index:3
Comment:Hits:4
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.
COOKIE 2
Vendor:Tracking Cookie
Category:Data Miner
Object Type:IECache Entry
Size:84 Bytes
Location:C:\Documents and Settings\Liz\Cookies\liz@tribalfusion[1].txt
Last Activity:1-3-2005 6:41:02 PM
Risk Level:Low
TAC index:3
Comment:Hits:1
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.

  COOKIE 3
Vendor:Tracking Cookie
Category:Data Miner
Object Type:IECache Entry
Size:105 Bytes
Location:C:\Documents and Settings\Liz\Cookies\liz@questionmarket[1].txt
Last Activity:1-5-2005 8:20:14 PM
Risk Level:Low
TAC index:3
Comment:Hits:1
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.
Like I said I have only downloaded spybot and House Call (trendmicro)
 
Liz
 
 
 

Was this post helpful?

View All

0 events found

No Events found!

Top