Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

TimGrover

4 Posts

605

January 24th, 2007 22:00

Trojan Virus Detected

My computer receives pop-ups indicating virus protection should be purchased.  The virus also creates ting or counting noises in the background and sluggish system performance, which I can sucessfully remove with McAfee. But only after a short while, these same nuisance noises and slow performance come back.  Ad-Aware SE Plus detected Trojan files in system32 directory: FE0wex.dll and ddcyx.dll  I can delete ddcyx.dll, but other file will not delete.  Here's my logfile.  Thanks for your assistance!    
 
Logfile of HijackThis v1.99.1
Scan saved at 2:37:08 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\Program Files\Microsoft Money\System\misuser.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {73E222EF-1F54-466F-8689-EEC0F23F3976} - C:\WINDOWS\system32\FE0wex.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\tmp79.tmp.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\bywvuv.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096315570843
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: FE0wex - C:\WINDOWS\SYSTEM32\FE0wex.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
 

zbestwun2001

4 Apprentice

 • 

8.8K Posts

January 25th, 2007 01:00

Hi
I am looking over you log now and will get back to you soon.

zb1

Message Edited by zbestwun2001 on 01-24-200708:53 PM

zbestwun2001

4 Apprentice

 • 

8.8K Posts

January 25th, 2007 12:00

Go to your Hijackthis folder here: C:\HJT\ HijackThis.exe and rename Hijackthis.exe to analyzer.exe

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded AVG AS, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on AVG AS in the system tray and uncheck "Start with Windows".
  4. >
  5. Go to Start > Run and type: services.msc
  6. Press "OK".
  7. In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware guard.
  8. When you find the guard service, double-click on it.
  9. In the Properties Window > General Tab that opens, click the "Stop" button.
  10. From the drop-down menu next to "Startup Type", click on "Manual".
  11. Now click "Apply", then "OK" and close the Services window
  12. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  13. On the main screen select the icon "Update". Tthen select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the AVG ASnti-spyware Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close AVG Anti-Spyware, Do Not run a scan just yet.
        1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
        2. IMPORTANT: Do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning proccess:
        3. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
        4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
        5. AVG AS will now begin the scanning process, be patient this may take a little time.
        6. Once the scan is complete do the following:
        7. If you have any infections you will prompted, then select "Apply all actions"
        8. Next select the "Reports" icon at the top.
        9. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
        10. Close AVG AS and reboot your system back into Normal Mode.


        11. Please download
          VundoFix.exe to

          your desktop.
          • Double-click VundoFix.exe to run it.
          • Click the Scan for Vundo button.
          • Once it's done scanning, click the Remove Vundo button.
          • You will receive a prompt asking if you want to remove the files,
          • click YES
          • Once you click yes, your desktop will go blank as it starts removing
          • Vundo.
          • When completed, it will prompt that it will shutdown your computer,
          • click OK.
          • Turn your computer back on.
          • Please post the contents of C:\vundofix.txt and a new
          • HiJackThis log.

          Note: It is possible that VundoFix encountered a file it could not
          remove.
          In this case, VundoFix will run on reboot, simply follow the above
          instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


        12. Please post the contents of C:\vundofix.txt, your report from AVG Anti-Spyware, and a new analyzer (HiJackThis) log.


      zb1

      Message Edited by zbestwun2001 on 01-25-200708:00 AM

      TimGrover

      4 Posts

      January 25th, 2007 15:00

      I am still getting pop-up ads.  Is there more that can be done?
       
      Here is the fresh analyzer log...
       
      Logfile of HijackThis v1.99.1
      Scan saved at 12:26:08 PM, on 1/25/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\brsvc01a.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\brss01a.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
      C:\WINDOWS\MXOALDR.EXE
      C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
      C:\Program Files\McAfee\MSK\MskAgent.exe
      C:\Program Files\Mcafee\MWL\MWLGui.exe
      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\FinePixViewer\QuickDCF.exe
      C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
      C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\PROGRA~1\McAfee\MSC\mctskshd.exe
      C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\Program Files\Mcafee\MWL\MwlSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\SiteAdvisor\4979\SAService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\McAfee\MPS\mps.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\McAfee\MPS\mpsevh.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\program files\mcafee\msc\mcshell.exe
      C:\HJT\analyzer.exe
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
      O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
      O2 - BHO: (no name) - {73E222EF-1F54-466F-8689-EEC0F23F3976} - C:\WINDOWS\system32\FE0wex.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\tmp79.tmp.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
      O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
      O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
      O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
      O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\bywvuv.dll",setvm
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O4 - Global Startup: Exif Launcher.lnk = ?
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096315570843
      O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
      O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
      O20 - Winlogon Notify: FE0wex - C:\WINDOWS\SYSTEM32\FE0wex.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: McAfee Application Installer Cleanup (0007351169745784) (0007351169745784mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\000735~1.EXE
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
      O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
      O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
      O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
       
       
      The AVG AS report is in the next reply.
       

      TimGrover

      4 Posts

      January 25th, 2007 15:00

      Here is the AVG AS report...
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 12:14:18 PM 1/25/2007
       + Scan result: 
       
      HKLM\SOFTWARE\Classes\Puk.PukBHO -> Adware.CometCursor : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Puk.PukBHO.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Puk.PukBHO\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Puk.PukBHO\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
      C:\Program Files\Insurance Information Institute\HomeInventory\uninst.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -> Heuristic.Win32.AVKiller : Cleaned with backup (quarantined).
      C:\Program Files\McAfee\MWL\Installer.zip/Apps/mps/redirsvc.cab/RedirSvc.exe -> Heuristic.Win32.AVKiller : Cleaned with backup (quarantined).
      C:\Program Files\McAfee\MWL\Installer.zip/Apps/msk/redirsvc.cab/RedirSvc.exe -> Heuristic.Win32.AVKiller : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{6A60AC0E-66D1-499D-B510-887AE881AA94}\RP842\A0054836.exe -> Heuristic.Win32.AVKiller : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{6A60AC0E-66D1-499D-B510-887AE881AA94}\RP842\A0054844.exe -> Heuristic.Win32.AVKiller : Cleaned with backup (quarantined).
      C:\Documents and Settings\Tim\Cookies\tim@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@7search[1].txt -> TrackingCookie.7search : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@thunderbolt.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@bluemountain[1].txt -> TrackingCookie.Bluemountain : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@ads49.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@ads.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@rccl.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cj[2].txt -> TrackingCookie.Cj : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@chicagotribune.com[1].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@com[1].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@news.com[2].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@usatoday.com[2].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@com[2].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.directnetadvertising[2].txt -> TrackingCookie.Directnetadvertising : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@estat[1].txt -> TrackingCookie.Estat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@roispy[1].txt -> TrackingCookie.Roispy : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@server1.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
      C:\Documents and Settings\Tim\Local Settings\Temp\Cookies\tim@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@www.x10[1].txt -> TrackingCookie.X10 : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
      C:\Documents and Settings\Tim\Cookies\tim@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

      ::Report end
       
       

      zbestwun2001

      4 Apprentice

       • 

      8.8K Posts

      January 25th, 2007 15:00

      Tim.
      I need one more log. Please post the contents of C:\ vundofix.txt that was generated when you ran Vundo Fix.

      zb1

      TimGrover

      4 Posts

      January 25th, 2007 17:00

      Here it is.  The pop-ups are now gone!  Thank you very much!
       
      Can you recommend how I can protect my computer from this vius in the future?
       

      VundoFix V6.3.2
      Checking Java version...
      Java version is 1.5.0.6
      Java version is 1.5.0.9
      Scan started at 12:41:35 PM 1/25/2007
      Listing files found while scanning....
      C:\WINDOWS\system32\FE0wex.dll
      C:\WINDOWS\system32\tmp252.tmp.dll
      C:\WINDOWS\system32\tmp5.tmp.dll
      C:\WINDOWS\system32\tmp79.tmp.dll
      Beginning removal...
       Attempting to delete C:\WINDOWS\system32\FE0wex.dll
      C:\WINDOWS\system32\FE0wex.dll Has been deleted!
       Attempting to delete C:\WINDOWS\system32\tmp252.tmp.dll
      C:\WINDOWS\system32\tmp252.tmp.dll Has been deleted!
       Attempting to delete C:\WINDOWS\system32\tmp5.tmp.dll
      C:\WINDOWS\system32\tmp5.tmp.dll Has been deleted!
       Attempting to delete C:\WINDOWS\system32\tmp79.tmp.dll
      C:\WINDOWS\system32\tmp79.tmp.dll Has been deleted!
      Performing Repairs to the registry.
      Done!

      zbestwun2001

      4 Apprentice

       • 

      8.8K Posts

      January 25th, 2007 18:00

      Now please post a fresh HJT log.

      zb1

      Was this post helpful?

      View All

      0 events found

      No Events found!

      Top