you chopped-off the top section of the log. the next time i have you generate an updated version, be sure to include everything.
***************
First: You're running HJT from a TEMP directory:
C:\DOCUME~1\MISTYS~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
When you do so, either HJT will not create its log files and backup files; or if it does, you risk losing them when the TEMP's cache is cleared. It's important that you save these backup files, in case you have to "undo" [restore] some of the things you "FIX" incorrectly.
So you need to move HJT into a separate, non-temporary, non-Desktop, directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
* Save it to your Desktop * Close all running programs (including your Internet Browser) * Double-click VirtumundoBeGone.exe on the desktop * Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"
*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exefile to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 9:41:41 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Nice work. Looks like VirtumundoBeGone successfully deactivated the bad WinFixer file. Have you noticed any difference, in terms of WinFixer popups, and overall system speed/performance?
**********************
you're still running HJT from a TEMP directory, which is not a wise idea. i'm assuming you didn't know how to move it... so let's try the following way:
it appears you're running Sun Java
j2re1.4.2_03 . there is much speculation that a "hole" in this particular version is being exploited by WinFixer. so we should upgrade to the latest version,
1.5.0_06 from
http://www.java.com/en/download/manual.jsp
my personal preference is to download the MANUAL (OFFline) installation version (16 MB). but if you prefer the online installation, that choice is yours.
AFTER you successfully install the new java, go to your control panel, ADD/REMOVE programs, and
UNinstalll all older versions of Java (if any) that still show up there.... especially the 1.4.2_03.
when you're done,
REPLY here, and post an updated/revised HJT log.
At that point, I'm gonna try to ask someone else to step-in, to determine additional problems (if any) that you might have. Please be advised that we're very "understaffed" at the moment, so I can't make any guarantee as to when (or even if) the next helper will arrive.
Log appears OK other than some deadwood remnants (no file or file missing).
Ron
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained) and then you can just go back to an earlier time if you hit a bad site.
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
Make sure you have remove any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions. As an alternative you can dump adobe completely and use fox-it instead: http://www.foxitsoftware.com/pdf/rd_intro.php
ky331
3 Apprentice
•
15.6K Posts
0
December 3rd, 2005 17:00
pennypie78
7 Posts
0
December 4th, 2005 17:00
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\DOCUME~1\MISTYS~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.griffinfirst.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.griffinfirst.org/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\geebc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkhi - pmkhi.dll (file missing)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
ky331
3 Apprentice
•
15.6K Posts
0
December 4th, 2005 17:00
you chopped-off the top section of the log. the next time i have you generate an updated version, be sure to include everything.
***************
First: You're running HJT from a TEMP directory:
C:\DOCUME~1\MISTYS~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
When you do so, either HJT will not create its log files and backup files; or if it does, you risk losing them when the TEMP's cache is cleared. It's important that you save these backup files, in case you have to "undo" [restore] some of the things you "FIX" incorrectly.
So you need to move HJT into a separate, non-temporary, non-Desktop, directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe
****************
Download [but do *NOT* yet run] FixVundo from
http://securityresponse.symantec.com/avcenter/FixVundo.exe
[we'll have you run it later]
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
********************
Next, download VirtumundoBeGone from:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.
pennypie78
7 Posts
0
December 5th, 2005 00:00
[12/04/2005, 16:49:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Misty Smith\Desktop\VirtumundoBeGone.exe" )
[12/04/2005, 16:50:07] - Detected System Information:
[12/04/2005, 16:50:07] - Windows Version: 5.1.2600, Service Pack 2
[12/04/2005, 16:50:07] - Current Username: Misty Smith (Admin)
[12/04/2005, 16:50:07] - Windows is in NORMAL mode.
[12/04/2005, 16:50:07] - Searching for Browser Helper Objects:
[12/04/2005, 16:50:07] - BHO 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} ()
[12/04/2005, 16:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:50:07] - Checking for HKLM\...\Winlogon\Notify\pmkhi
[12/04/2005, 16:50:07] - Found: HKLM\...\Winlogon\Notify\pmkhi - This is probably Virtumundo.
[12/04/2005, 16:50:07] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[12/04/2005, 16:50:07] - BHO list has been changed! Starting over...
[12/04/2005, 16:50:07] - BHO 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} (MSEvents Object)
[12/04/2005, 16:50:07] - ALERT: Found MSEvents Object!
[12/04/2005, 16:50:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2005, 16:50:07] - BHO 3: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
[12/04/2005, 16:50:07] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/04/2005, 16:50:07] - BHO 5: {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} ()
[12/04/2005, 16:50:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:50:07] - No filename found. Continuing.
[12/04/2005, 16:50:07] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/04/2005, 16:50:07] - BHO 7: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[12/04/2005, 16:50:07] - ALERT: Found MSEvents Object!
[12/04/2005, 16:50:07] - Finished Searching Browser Helper Objects
[12/04/2005, 16:50:07] - *** Detected MSEvents Object
[12/04/2005, 16:50:07] - Trying to remove MSEvents Object...
[12/04/2005, 16:50:08] - Terminating Process: IEXPLORE.EXE
[12/04/2005, 16:50:08] - Terminating Process: RUNDLL32.EXE
[12/04/2005, 16:50:08] - Disabling Automatic Shell Restart
[12/04/2005, 16:50:08] - Terminating Process: EXPLORER.EXE
[12/04/2005, 16:50:08] - Suspending the NT Session Manager System Service
[12/04/2005, 16:50:08] - Terminating Windows NT Logon/Logoff Manager
[12/04/2005, 16:50:08] - Re-enabling Automatic Shell Restart
[12/04/2005, 16:50:08] - File to disable: C:\WINDOWS\system32\pmkhi.dll
[12/04/2005, 16:50:08] - Removing HKLM\...\Browser Helper Objects\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[12/04/2005, 16:50:08] - Removing HKCR\CLSID\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[12/04/2005, 16:50:08] - Adding Kill Bit for ActiveX for GUID: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[12/04/2005, 16:50:08] - Deleting ATLEvents/MSEvents Registry entries
[12/04/2005, 16:50:08] - Removing HKLM\...\Winlogon\Notify\pmkhi
[12/04/2005, 16:50:08] - Searching for Browser Helper Objects:
[12/04/2005, 16:50:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2005, 16:50:08] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
[12/04/2005, 16:50:08] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/04/2005, 16:50:08] - BHO 4: {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} ()
[12/04/2005, 16:50:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:50:08] - No filename found. Continuing.
[12/04/2005, 16:50:08] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/04/2005, 16:50:08] - BHO 6: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[12/04/2005, 16:50:08] - ALERT: Found MSEvents Object!
[12/04/2005, 16:50:08] - Finished Searching Browser Helper Objects
[12/04/2005, 16:50:08] - *** Detected MSEvents Object
[12/04/2005, 16:50:08] - Trying to remove MSEvents Object...
[12/04/2005, 16:50:09] - Terminating Process: IEXPLORE.EXE
[12/04/2005, 16:50:09] - Terminating Process: RUNDLL32.EXE
[12/04/2005, 16:50:10] - Disabling Automatic Shell Restart
[12/04/2005, 16:50:10] - Terminating Process: EXPLORER.EXE
[12/04/2005, 16:50:10] - Suspending the NT Session Manager System Service
[12/04/2005, 16:50:10] - Terminating Windows NT Logon/Logoff Manager
[12/04/2005, 16:50:10] - Re-enabling Automatic Shell Restart
[12/04/2005, 16:50:10] - File to disable: C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:50:10] - Renaming C:\WINDOWS\system32\geebc.dll -> C:\WINDOWS\system32\geebc.dll.vir
[12/04/2005, 16:50:10] - ! File rename was unsucessful.
[12/04/2005, 16:50:10] - Attempting to Deny Access to C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:50:11] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[12/04/2005, 16:50:11] - processed file: C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:50:11] - Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:50:11] - Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:50:11] - Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:50:11] - Deleting ATLEvents/MSEvents Registry entries
[12/04/2005, 16:50:11] - Removing HKLM\...\Winlogon\Notify\geebc
[12/04/2005, 16:50:11] - Searching for Browser Helper Objects:
[12/04/2005, 16:50:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2005, 16:50:11] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
[12/04/2005, 16:50:11] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/04/2005, 16:50:11] - BHO 4: {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} ()
[12/04/2005, 16:50:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:50:11] - No filename found. Continuing.
[12/04/2005, 16:50:11] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/04/2005, 16:50:11] - Finished Searching Browser Helper Objects
[12/04/2005, 16:50:11] - Finishing up...
[12/04/2005, 16:50:11] - A restart is needed.
[12/04/2005, 16:50:11] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[12/04/2005, 16:50:20] - Attempting to Restart via STOP error (Blue Screen!)
[12/04/2005, 16:57:06] - Detected System Information:
[12/04/2005, 16:57:06] - Windows Version: 5.1.2600, Service Pack 2
[12/04/2005, 16:57:06] - Current Username: Misty Smith (Admin)
[12/04/2005, 16:57:06] - Windows is in NORMAL mode.
[12/04/2005, 16:57:06] - Searching for Browser Helper Objects:
[12/04/2005, 16:57:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2005, 16:57:06] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
[12/04/2005, 16:57:06] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/04/2005, 16:57:06] - BHO 4: {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} ()
[12/04/2005, 16:57:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:57:06] - No filename found. Continuing.
[12/04/2005, 16:57:06] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/04/2005, 16:57:06] - BHO 6: {B313D637-F405-4052-AC37-E2119AB3C8F8} (MSEvents Object)
[12/04/2005, 16:57:06] - ALERT: Found MSEvents Object!
[12/04/2005, 16:57:06] - Finished Searching Browser Helper Objects
[12/04/2005, 16:57:06] - *** Detected MSEvents Object
[12/04/2005, 16:57:06] - Trying to remove MSEvents Object...
[12/04/2005, 16:57:07] - Terminating Process: IEXPLORE.EXE
[12/04/2005, 16:57:08] - Terminating Process: RUNDLL32.EXE
[12/04/2005, 16:57:08] - Disabling Automatic Shell Restart
[12/04/2005, 16:57:08] - Terminating Process: EXPLORER.EXE
[12/04/2005, 16:57:08] - Suspending the NT Session Manager System Service
[12/04/2005, 16:57:08] - Terminating Windows NT Logon/Logoff Manager
[12/04/2005, 16:57:08] - Re-enabling Automatic Shell Restart
[12/04/2005, 16:57:08] - File to disable: C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:57:08] - Renaming C:\WINDOWS\system32\geebc.dll -> C:\WINDOWS\system32\geebc.dll.vir
[12/04/2005, 16:57:09] - ! File rename was unsucessful.
[12/04/2005, 16:57:09] - Attempting to Deny Access to C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:57:09] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[12/04/2005, 16:57:09] - processed file: C:\WINDOWS\system32\geebc.dll
[12/04/2005, 16:57:09] - Removing HKLM\...\Browser Helper Objects\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:57:09] - Removing HKCR\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:57:09] - Adding Kill Bit for ActiveX for GUID: {B313D637-F405-4052-AC37-E2119AB3C8F8}
[12/04/2005, 16:57:09] - Deleting ATLEvents/MSEvents Registry entries
[12/04/2005, 16:57:09] - Removing HKLM\...\Winlogon\Notify\geebc
[12/04/2005, 16:57:09] - Searching for Browser Helper Objects:
[12/04/2005, 16:57:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2005, 16:57:09] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
[12/04/2005, 16:57:09] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[12/04/2005, 16:57:09] - BHO 4: {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} ()
[12/04/2005, 16:57:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2005, 16:57:09] - No filename found. Continuing.
[12/04/2005, 16:57:09] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/04/2005, 16:57:09] - Finished Searching Browser Helper Objects
[12/04/2005, 16:57:09] - Finishing up...
[12/04/2005, 16:57:09] - A restart is needed.
[12/04/2005, 16:57:09] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[12/04/2005, 16:57:17] - Attempting to Restart via STOP error (Blue Screen!)
pennypie78
7 Posts
0
December 5th, 2005 00:00
Scan saved at 9:41:41 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MISTYS~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.griffinfirst.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.griffinfirst.org/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
ky331
3 Apprentice
•
15.6K Posts
0
December 5th, 2005 11:00
Nice work. Looks like VirtumundoBeGone successfully deactivated the bad WinFixer file. Have you noticed any difference, in terms of WinFixer popups, and overall system speed/performance?
**********************
you're still running HJT from a TEMP directory, which is not a wise idea. i'm assuming you didn't know how to move it... so let's try the following way:
Run HiJackThis. click on DO A SYSTEM SCAN ONLY
Place a check-mark in the box in front of each of the lines:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
Click on FIX CHECKED. Close HiJackThis. Reboot.
***********************
At that point, I'm gonna try to ask someone else to step-in, to determine additional problems (if any) that you might have. Please be advised that we're very "understaffed" at the moment, so I can't make any guarantee as to when (or even if) the next helper will arrive.
Good luck.
RKinner
2 Intern
•
5.9K Posts
0
December 6th, 2005 01:00
Log appears OK other than some deadwood remnants (no file or file missing).
Ron
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained)
and then you can just go back to an earlier time if you hit a bad site.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm
Never hurts to do one of the free on line scans from Panda or Trend. They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D.
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while.
http://www.lavasoftusa.com/software/adaware/
Get the latest version of
Java:
http://www.java.com/en/download/windows_automatic.jsp
Make sure you have remove any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions.
As an alternative you can dump adobe completely and use fox-it instead:
http://www.foxitsoftware.com/pdf/rd_intro.php