My Log...Please Help! [RESOLVED], AdClicker.CS trojan has invaded |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Jun 9 2005, 10:13 PM
Post
#1
|
|
|
Member  Posts: 92 OS: Windows XP  |
AdClicker.CS trojan has invaded my girlfreinds computer. We have ran all the regular anti virus stuff, but it's still there even though the virus scan says it is not. Please help us repair without a re-install.
Here is her log: Logfile of HijackThis v1.99.1 Scan saved at 2:24:38 PM, on 5/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\ERDCENC.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Embqtu.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8B803716-123A-4635-BBAA-E278921CC92E}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks, peace out...daddy |
 |
 
|
|
Jun 14 2005, 09:46 PM
Post
#2
|
|
 Malware Slayer Extraordinaire!  Posts: 12,739 From: Mass, USA :) OS: XP |
Hi daddy and welcome to GeeksToGo! My name is Excal and I will be helping you.
If you still need help, please post a fresh Hijack log so I can help you with your Malware Problems.  Excal |
|
|
|
|
Jun 14 2005, 10:08 PM
Post
#3
|
|
|
Member Posts: 92 OS: Windows XP |
Hi Excalibur190! Thanks for getting to me. Also as a side note, this trojan has made it impossible for me to restore windows to a previous date. When I try, it fails every time. Anyhoo, here is the up to date log, and please give me step by step instructions for I have never done this before.
Logfile of HijackThis v1.99.1 Scan saved at 9:05:24 PM, on 6/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\system32\huaeybt.exe C:\WINDOWS\system32\hgaiecj.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\ERDCENC.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\stubinstaller5975.exe C:\Program Files\America Online 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Documents and Settings\user\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Embqtu.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe" O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8B803716-123A-4635-BBAA-E278921CC92E}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe peace out, daddy |
|
|
|
|
Jun 14 2005, 10:21 PM
Post
#4
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Hi daddy and welcome to GeeksToGo! My name is Excal and I will be helping you.
I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further. Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. Please download the trial version of Ewido Security Suite Here Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from Here Unzip it to the desktop but please do NOT run it yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Once in Safe Mode, please double-click on Nailfix.cmd Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Then please run Ewido, and run a full scan. Post the log from the scan here for me. Then please run HijackThis, click Scan, and check: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Close all open windows except for HijackThis and click Fix Checked. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan. 
|
|
|
|
|
Jun 16 2005, 11:12 PM
Post
#5
|
|
|
Member Posts: 92 OS: Windows XP |
Ok...here we go. Followed directions and ran Ewido scan.
During the Ewido scan I received a message that read: An infected file was found inside an archive and cannot be cleaned. Do you want to delete the whole archive? C:\\AOL\\Backup\QFle0530200519286672905.asw It gave me the options to "Delete All", "Delete" or "Ignore". I clicked on ignore. The following is the results from the Ewido scan: ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:24:43 PM, 6/16/2005 + Report-Checksum: 8DEF1056 + Date of database: 6/17/2005 + Version of scan engine: v3.0 + Duration: 45 min + Scanned Files: 43113 + Speed: 15.94 Files/Second + Infected files: 81 + Removed files: 80 + Files put in quarantine: 80 + Files that could not be opened: 0 + Files that could not be cleaned: 1 + Binder: Yes + Crypter: Yes + Archives: Yes + Scanned items: C:\Program Files\ewido\security suite\SecuritySuite.exe C:\ + Scan result: C:\Documents and Settings\user\Cookies\user@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\auf0.exe -> TrojanDownloader.Apropo.s -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\B182260709\build3.exe -> Spyware.Isearch -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@adopt.hotbar[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\ICD2.tmp\QDow_AS2.dll -> TrojanDownloader.QDown.s -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\ICD4.tmp\installer_MARKETING32.exe -> TrojanDownloader.Adload.a -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar.q -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temp\vmstmp\vmstmp.exe -> Spyware.DelphinMediaViewer -> Cleaned with backup C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0LYBSPMZ\fwbar2_main2[1].dll -> Spyware.CoolBar.a -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11622892.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11623744.asw -> Spyware.IBISToolbar -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11624144.asw -> Spyware.Wintol.y -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21783753.asw -> Spyware.DelphinMediaViewer.c -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21786577.asw -> Spyware.DelphinMediaViewer.c -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21786978.asw -> Spyware.DelphinMediaViewer.c -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\22399518.asw -> Spyware.IBISToolbar -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\22400039.asw -> Spyware.Websearch -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\22400840.asw -> Spyware.Wintol.y -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\37259979.asw -> Trojan.Delf.gh -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\37292921.asw -> Spyware.TopMoxie -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\65145273.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\65151283.asw -> Spyware.IBISToolbar -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\65156183.asw -> Spyware.Wintol.y -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\75484541.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\97247631.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle05282005193326198831.asw -> Spyware.Wintol.y -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0530200519286672584.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0530200519286672905.asw/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.ISearch.e -> Error during cleaning C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle05312005184344382759.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06022005181632499211.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06032005204329787642.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0607200506324142636.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06092005104712030539.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0610200519314731563.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06122005125010397080.asw -> Spyware.MediaPass -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem05282005193426220302.asw -> TrojanDownloader.Wintool.f -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem06092005104712028476.asw -> Spyware.Wintol.y -> Cleaned with backup C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING14.exe -> TrojanDownloader.Adload.a -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\DS3.dll -> TrojanDownloader.Agent.jt -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\installer_MARKETING14.exe -> TrojanDownloader.Adload.a -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe -> TrojanDownloader.Adload.a -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll -> TrojanDownloader.QDown.s -> Cleaned with backup C:\WINDOWS\edow.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup C:\WINDOWS\system32\adstartup.exe -> Spyware.Adstart -> Cleaned with backup C:\WINDOWS\system32\Cache\SSK3_B5 Advagency.exe -> TrojanDropper.Small.qn -> Cleaned with backup C:\WINDOWS\system32\dnoqo.dll -> TrojanDownloader.Qoologic.l -> Cleaned with backup C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper.x -> Cleaned with backup C:\WINDOWS\system32\EDow_AS2.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup C:\WINDOWS\system32\hgareas.exe -> Trojan.Painwin.a -> Cleaned with backup C:\WINDOWS\system32\hiasegb.dll -> Trojan.Painwin.a -> Cleaned with backup C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup C:\WINDOWS\system32\main.exe -> TrojanDownloader.Agent.hw -> Cleaned with backup C:\WINDOWS\system32\modgxyz.exe -> Spyware.Adstart.b2 -> Cleaned with backup C:\WINDOWS\system32\nsk143.dll -> Spyware.HotBar -> Cleaned with backup C:\WINDOWS\system32\spebegp.dll -> TrojanDownloader.Qoologic.i -> Cleaned with backup C:\WINDOWS\system32\stcwyc.exe -> Spyware.Adstart -> Cleaned with backup C:\WINDOWS\system32\stcwyd.exe -> Spyware.Adstart -> Cleaned with backup C:\WINDOWS\system32\stcwyf.exe -> Spyware.Adstart.b2 -> Cleaned with backup C:\WINDOWS\system32\unpack.exe -> Trojan.Painwin.a -> Cleaned with backup C:\WINDOWS\Temp\Cookies\user@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\WINDOWS\Temp\Cookies\user@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\WINDOWS\unadbeh.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup ::Report End AND THE NEW HIJACK LOG::::: Logfile of HijackThis v1.99.1 Scan saved at 9:27:29 PM, on 6/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll (file missing) O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe" O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Ok...where do we go now? Thanks bro! peace out, daddy |
|
|
|
|
Jun 17 2005, 07:20 PM
Post
#6
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Hi Daddy,
I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further. Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted Is this your internet service provider (isp)? internal.cahch.com Sometimes during the fixing of Malware, AntiMalware Programs (Virus, spyware ect.) get in the way of fixing problems, even though they are well meaning  . I need you to disable all of your AntiMalware programs for this fix, Please reenable them once you have finished.While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
Update CWShredder
Download and install CleanUp! Here We will use this program later. Please download the trial version of Ewido Security Suite Here Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from Here Unzip it to the desktop but please do NOT run it yet. Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. 1. Click this link to be sure you can view hidden files. 2. Ensure you are NOT connected to the internet. 3. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. 4. Once in Safe Mode, please double-click on Nailfix.cmd Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. 5. Then please run Ewido, and run a full scan. Post the log from the scan here for me. 6. Close all browsers, windows and unneeded programs. 7. Go to Start->Run and type in services.msc and hit OK. Then look for hgareas - Unknown owner - and double click on it. Click on the Stop button and under Startup type, choose Disabled. 8. Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time). C:\WINDOWS\Nail.exe 9. Open HiJack and do a scan. 10. Put a Check next to the following items: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll (file missing) O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe" O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe (file missing) 11. click the Fix Checked box 12. Please remove these entries from Add/Remove Programs in the Control Panel(if present): Media Access Surf Enhance 180Solutions 13. Please remove the following folders using Windows Explorer (if present): C:\Program Files\Media Access C:\Program Files\sf C:\PROGRA~1\COMMON~1\rmwi 14. Please remove just the files from the following paths using Windows Explorer (if present): C:\WINDOWS\Nail.exe C:\WINDOWS\system32\hiasegb.dll C:\WINDOWS\system32\stcwy.dll C:\WINDOWS\shyx.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\VCMnet11.exe C:\WINDOWS\ERDCENC.EXE C:\WINDOWS\system32\guarnset.exe c:\windows\system32\lbobkm.exe C:\WINDOWS\system32\aolgpw.exe C:\WINDOWS\system32\wmvnmp.exe C:\WINDOWS\sfita.exe C:\WINDOWS\stubinstaller5975.exe C:\WINDOWS\system32\hgareas.exe cabtadmn.exe<----Start>Search to find this one. cnetmgr.exe<----Start>Search to find this one. 15. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows. 16. Run the program CleanUp! 17. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan! 18. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running. |
|
|
|
|
Jun 17 2005, 08:09 PM
Post
#7
|
|
|
Member Posts: 92 OS: Windows XP |
Excalibur...couple things before I begin.
You asked: Is this your internet service provider (isp)? internal.cahch.com My answer: This is my girlfriends computer...she works on billing at a hospice org. This is a network thing and she needs to connect there to do her work. Her connection to the internet is Yahoo! DSL, but she uses th AOL network and browser to surf the net. You said: Sometimes during the fixing of Malware, AntiMalware Programs (Virus, spyware ect.) get in the way of fixing problems, even though they are well meaning . I need you to disable all of your AntiMalware programs for this fix, Please reenable them once you have finished. My question: How and where do I disable all of them...how do I knopw I have disabled all of them??? You said: Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy My question: What is Spybot Search and Destroy??? Is it already on her computer and if so, how do I access it??? Ok...that is what I need to know before I begin. I understand the rest of the process after that. Thank you, daddy |
|
|
|
|
Jun 17 2005, 08:31 PM
Post
#8
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Hi Daddy, (that feels soooo wrong saying that...lol
 )QUOTE My answer: This is my girlfriends computer...she works on billing at a hospice org. This is a network thing and she needs to connect there to do her work. Her connection to the internet is Yahoo! DSL, but she uses th AOL network and browser to surf the net. So internal.cahch.com is something to do with here network? The reason I ask is there is a suspcious entry on HiJack this which relates directly to a connection O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com QUOTE My question: What is Spybot Search and Destroy??? Is it already on her computer and if so, how do I access it??? This one is my main concern, and for the time being i think its best we just uninstall it. I will give u the link to reinstall it after we get you cleaned up. So go to start>controlpanel>add/remove programs and look for spybot - search & destroy to remove it. As far as the other ones, look in the tray by where your clock is. Most of the programs you can just right click on and they give you the option to disable. If not, like i said, I am mostly concerned with Spybot (it is a good program, don't get me wrong, just interferes with the fixes) Good luck with the fix, I will be here most of the nite, so if you get it done before 1AM EST, i can reply back to you,. Thanks, Excal |
|
|
|
|
Jun 18 2005, 05:02 AM
Post
#9
|
|
|
Member Posts: 92 OS: Windows XP |
Ok....I did everything and things were looking really great UNTIL I ran the very last scan with active scan. It said I still had over 50 infected files!!!! How??? Well, here are all my reports.
Activescan results: Incident Status Location Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\wsxsvc Adware:Adware/Gator No disinfected C:\WINDOWS\FT*_GEPFAH.EXE Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.log Spyware:Spyware/ISTbar No disinfected Windows Registry Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\payload2.inf Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\swin32.dll Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32 Adware:Adware/WinTools No disinfected Windows Registry Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\retpdat32.xml Adware:Adware/Fizzle No disinfected C:\Program Files\FwBarTemp Adware:Adware/WUpd No disinfected C:\Program Files\Media Pass Adware:Adware/EliteBar No disinfected C:\Documents and Settings\user\Favorites\Finances & Business Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\bsx32.ini Spyware:Spyware/YourSiteBar No disinfected Windows Registry Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11623954.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\15032605.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\15034428.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21787168.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21787839.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21787859.asw Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\22400540.asw Adware:Adware/Envolo No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\22401181.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\37297431.asw Adware:Adware/IPInsight No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\37299231.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41319511.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41320411.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41321111.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41321711.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41322311.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41323111.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41323821.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41324421.asw Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\41325021.asw Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\65153583.asw Adware:Adware/Envolo No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle05282005193326203178.asw Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.log Adware:Adware/nCase No disinfected C:\WINDOWS\180axau.dat Adware:Adware/nCase No disinfected C:\WINDOWS\180ax_gdf.dat Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\bsx32.ini Adware:Adware/WinTools No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\QDow_AS2.dll Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\casino-ico.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\casino.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\dating-ico.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\dating.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs-ico.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\fav-ico.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\fav.bmp Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\virus.bmp Adware:Adware/Gator No disinfected C:\WINDOWS\FT2_0_0_629_GEPFAH.EXE Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\payload2.inf Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system\QBUninstaller.exe Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\retpdat32.xml Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\sp32.xml Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\SWin32.dll Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008 Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:45:55 AM, 6/18/2005 + Report-Checksum: 4EE7033D + Date of database: 6/18/2005 + Version of scan engine: v3.0 + Duration: 50 min + Scanned Files: 43244 + Speed: 14.25 Files/Second + Infected files: 14 + Removed files: 14 + Files put in quarantine: 14 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: Yes + Scanned items: C:\Program Files\ewido\security suite\SecuritySuite.exe C:\ + Scan result: C:\Documents and Settings\user\Cookies\user@ads.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@hotlog[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\user\Cookies\user@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0530200519286672905.asw/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.ISearch.e -> Cleaned with backup C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me.ab -> Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 9:27:29 PM, on 6/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Common Files\AOL\ACS\acsd.exe C:\Documents and Settings\user\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hiasegb.dll (file missing) O2 - BHO: SDWin32 Class - {8E2F6564-6593-453C-A636-595C5E0FC07A} - C:\WINDOWS\system32\stcwy.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [shyx] C:\WINDOWS\shyx.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [ERDCENC] C:\WINDOWS\ERDCENC.EXE O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe O4 - HKLM\..\Run: [23rW3nh] cnetmgr.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [wjppeds] c:\windows\system32\lbobkm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKCU\..\Run: [J006RhNpe] cabtadmn.exe O4 - HKCU\..\Run: [aolgpw] C:\WINDOWS\system32\aolgpw.exe O4 - HKCU\..\Run: [wmvnmp] C:\WINDOWS\system32\wmvnmp.exe O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe O4 - HKCU\..\Run: [rmwi] C:\PROGRA~1\COMMON~1\rmwi\rmwim.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe" O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicAcc.../bridge-c11.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: hgareas - Unknown owner - C:\WINDOWS\system32\hgareas.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe OK EXcalibur...where to now bro??? Thanks for your help...let's kill this horsie! daddy |
|
|
|
|
Jun 18 2005, 06:42 AM
Post
#10
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Daddy,
I need you to run HiJackThis Again. and give me a new/fresh scan. Make sure you save it to your desktop so you remember where it is. The last one you gave me is old. Scan saved at 9:27:29 PM, on 6/16/2005 Also, did you uninstall Spaybot search and destroy? Thanks, Excal |
|
|
|
|
Jun 18 2005, 03:56 PM
Post
#11
|
|
|
Member Posts: 92 OS: Windows XP |
Hey Excalibur...thank you for being so prompt. I was so tired last night after that 2 hour ACTIVESCAN (I did a full comp. scan) that I grabbed the wrong hijack log!!!
Here is a new log I just did as well as a new scan from Ewido. Logfile of HijackThis v1.99.1 Scan saved at 2:12:45 PM, on 6/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\America Online 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HiJackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Ewido Log: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 2:50:14 PM, 6/18/2005 + Report-Checksum: 177021BB + Date of database: 6/18/2005 + Version of scan engine: v3.0 + Duration: 35 min + Scanned Files: 40352 + Speed: 18.82 Files/Second + Infected files: 0 + Removed files: 0 + Files put in quarantine: 0 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: Yes + Scanned items: C:\Program Files\ewido\security suite\SecuritySuite.exe C:\ + Scan result: No infected files found! ::Report End Ok...her computer is running better, but not back to normal yet. When I did all the fixes last night, I turned off her McAfee scan but could not figure out how to disable her AOL scan. I was not connected to the internet at all when I did the fixes...and YES...I got rid of the Spybot Search And Destroy before I started anyhting, and I put hijack in it's own folder so it can create the backup logs. When we started the computer this morning with the McAfee back on, it said it found trojan virus AdClicker.CS again and that it cleaned it??? I don't understand this one. Ok bro...let me know what to do next. Thanks peace out, daddy |
|
|
|
|
Jun 18 2005, 05:05 PM
Post
#12
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Hi Daddy,
Now thats much better!!! Phew.....lol Ok lets try to clean up the odds and ends. Please run a free online virus scan at these two sites: HouseCall Kaspersky Please scan your system with Ad-aware: Ad-aware SE - Download - Home Page
Can you please post these 3 logs Thanks, Excal |
|
|
|
|
Jun 19 2005, 01:53 AM
Post
#13
|
|
|
Member Posts: 92 OS: Windows XP |
1st) Ran scan with housecall...no infected files...clean scan...no log
2nd) Went to install second scan from kaspersky. Half way through download, a message tells me to remove my AOL McAfee for it might cause conflict...I disabled it. After installation was complete, a reboot was to take place, but instead the whole computer froze up solid!!! Had to shut down, go into safe mode and remove the kaspersky install to get computer working again. So, I said the heck with that and moved onto installing the Ad-Aware Se. 3rd) Successfully installed Ad-Aware Se and reconfigured to your specs. Here are the results: (to big to post all the results so I attached it!!!) Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, June 19, 2005 12:21:47 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R50 13.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AdRotator(TAC index:6):3 total references AdShooter(TAC index:6):1 total references BargainBuddy(TAC index:8):7 total references ClearSearch(TAC index:7):9 total references DealHelper(TAC index:7):7 total references EzuLa(TAC index:6):2 total references IBIS Toolbar(TAC index:5):128 total references MediaMotor(TAC index:8):2 total references MRU List(TAC index:0):23 total references Possible Browser Hijack attempt(TAC index:3):62 total references PromulGate(TAC index:5):2 total references Prutect(TAC index:8):1 total references SahAgent(TAC index:9):1 total references Tracking Cookie(TAC index:3):4 total references Win32.TrojanDownloader.Agent.Ay(TAC index:7):2 total references Win32.TrojanDownloader.Small.aly(TAC index:8):78 total references Win32.TrojanDownloader.TSUpdate(TAC index:6):3 total references WindUpdates(TAC index:8):2 total references VX2(TAC index:10):12 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R47 24.05.2005 Internal build : 55 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 476246 Bytes Total size : 1439523 Bytes Signature data size : 1408291 Bytes Reference data size : 30720 Bytes Signatures total : 40174 CSI Fingerprints total : 886 CSI data size : 30371 Bytes Target categories : 15 Target families : 679 6-19-2005 12:14:06 AM Performing WebUpdate... Installing Update... Definitions File Loaded: Reference Number : SE1R50 13.06.2005 Internal build : 58 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 481146 Bytes Total size : 1456012 Bytes Signature data size : 1427935 Bytes Reference data size : 27565 Bytes Signatures total : 40456 CSI Fingerprints total : 904 CSI data size : 31134 Bytes Target categories : 15 Target families : 692 6-19-2005 12:14:18 AM Success Update successfully downloaded and installed. Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:27 % Total physical memory:129520 kb Available physical memory:33708 kb Total page file size:314284 kb Available on page file:159808 kb Total virtual memory:2097024 kb Available virtual memory:2043972 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Move deleted files to Recycle Bin Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 6-19-2005 12:21:47 AM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 472 ThreadCreationTime : 6-19-2005 6:39:29 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 528 ThreadCreationTime : 6-19-2005 6:39:30 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 552 ThreadCreationTime : 6-19-2005 6:39:31 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 596 ThreadCreationTime : 6-19-2005 6:39:32 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 608 ThreadCreationTime : 6-19-2005 6:39:32 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 764 ThreadCreationTime : 6-19-2005 6:39:33 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 820 ThreadCreationTime : 6-19-2005 6:39:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 888 ThreadCreationTime : 6-19-2005 6:39:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 940 ThreadCreationTime : 6-19-2005 6:39:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1024 ThreadCreationTime : 6-19-2005 6:39:35 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1176 ThreadCreationTime : 6-19-2005 6:39:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [acsd.exe] ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe ProcessID : 1460 ThreadCreationTime : 6-19-2005 6:39:48 AM BasePriority : Normal #:13 [ewidoctrl.exe] ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe" ProcessID : 1528 ThreadCreationTime : 6-19-2005 6:39:49 AM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:14 [ewidoguard.exe] ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe Command Line : n/a ProcessID : 1544 ThreadCreationTime : 6-19-2005 6:39:49 AM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:15 [mpfservice.exe] ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe ProcessID : 1616 ThreadCreationTime : 6-19-2005 6:39:50 AM BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall CompanyName : McAfee Corporation FileDescription : McAfee Personal Firewall Service InternalName : MPFService LegalCopyright : Copyright © 2000,2001 OriginalFilename : MpfService.exe Comments : McAfee Personal Firewall Service #:16 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 1760 ThreadCreationTime : 6-19-2005 6:39:54 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:17 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 1824 ThreadCreationTime : 6-19-2005 6:39:55 AM BasePriority : Normal FileVersion : 9, 0, 0, 0 ProductVersion : 9, 0, 0, 0 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:18 [mpfagent.exe] ModuleName : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe Command Line : C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding ProcessID : 2032 ThreadCreationTime : 6-19-2005 6:40:03 AM BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Agent Interface InternalName : MpfAgent LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFAGENT.EXE Comments : McAfee Personal Firewall Security Center Module #:19 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 380 ThreadCreationTime : 6-19-2005 6:40:09 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:20 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 444 ThreadCreationTime : 6-19-2005 6:40:15 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:21 [realplay.exe] ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ProcessID : 972 ThreadCreationTime : 6-19-2005 6:40:27 AM BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE #:22 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 988 ThreadCreationTime : 6-19-2005 6:40:28 AM BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:23 [ltmsg.exe] ModuleName : C:\WINDOWS\LTMSG.exe Command Line : "C:\WINDOWS\LTMSG.exe" 7 ProcessID : 1040 ThreadCreationTime : 6-19-2005 6:40:31 AM BasePriority : Normal FileVersion : 3, 0, 0, 4 ProductVersion : 3, 0, 0, 4 ProductName : Agere Systems ltmsg CompanyName : Agere Systems FileDescription : ltmsg InternalName : ltmsg LegalCopyright : Copyright © 2003 OriginalFilename : ltmsg.exe Comments : Messaging application for Agere Win Modem #:24 [hpztsb07.exe] ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ProcessID : 1112 ThreadCreationTime : 6-19-2005 6:40:34 AM BasePriority : Normal FileVersion : 2,140,0,0 ProductVersion : 2,140,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002 #:25 [aolsp scheduler.exe] ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ProcessID : 1140 ThreadCreationTime : 6-19-2005 6:40:37 AM BasePriority : Normal FileVersion : 1, 5, 0, 0 ProductVersion : 1, 5, 0, 0 ProductName : AOLSP Scheduler FileDescription : AOLSP Scheduler InternalName : AOLSP Scheduler LegalCopyright : Copyright © America Online, Inc. 2004 OriginalFilename : AOLSP Scheduler.exe #:26 [mcagent.exe] ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe" ProcessID : 1244 ThreadCreationTime : 6-19-2005 6:40:40 AM BasePriority : Normal FileVersion : 4, 3, 0, 10 ProductVersion : 4, 3, 0, 0 ProductName : McAfee SecurityCenter CompanyName : Networks Associates Technology, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc. OriginalFilename : mcagent.exe #:27 [mcvsescn.exe] ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled ProcessID : 1356 ThreadCreationTime : 6-19-2005 6:40:47 AM BasePriority : Normal FileVersion : 8, 0, 0, 30 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:28 [aoltray.exe] ModuleName : C:\Program Files\America Online 9.0\aoltray.exe Command Line : "C:\Program Files\America Online 9.0\aoltray.exe" -check ProcessID : 2240 ThreadCreationTime : 6-19-2005 6:41:19 AM BasePriority : Normal FileVersion : 9.00.000 ProductVersion : 9.00.000 ProductName : America Online CompanyName : America Online, Inc. FileDescription : AOL Tray Icon InternalName : AolTray LegalCopyright : Copyright © America Online, Inc. 1999 - 2003 #:29 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 1664 ThreadCreationTime : 6-19-2005 7:13:34 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AdRotator Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1cfb8b32-4053-4144-af6f-1540eec7f101} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747} WindUpdates Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaaccess.installer VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37} DealHelper Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\dealhelper DealHelper Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\dealhelper Value : Changed Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 7 Objects found so far: 7 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 AdShooter Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\internet explorer\toolbar\Webbrowser Value : {c109664b-ceb1-420b-b353-d55a561536dd} MRU List Object Recognized! Location: : C:\Documents and Settings\user\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\user\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\office\11.0\publisher\recent file list Description : list of recent files used by microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1390067357-746137067-854245398-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : user@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:31 Value : Cookie:user@2o7.net/ Expires : 6-17-2010 9:17:46 PM LastSync : Hits:31 UseCount : 0 Hits : 31 Tracking Cookie Object Recognized! Type : IECache Entry Data : user@centrport[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:user@centrport.net/ Expires : 12-31-2029 5:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : user@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:user@questionmarket.com/ Expires : 8-9-2006 1:00:54 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : user@ads.pointroll[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:user@ads.pointroll.com/ Expires : 12-31-2009 5:00:00 PM LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 35 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» IBIS Toolbar Object Recognized! Type : File Data : 11623954.asw TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\ IBIS Toolbar Object Recognized! Type : File Data : 22400540.asw TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\ IBIS Toolbar Object Recognized! Type : File Data : 65153583.asw TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\ IBIS Toolbar Object Recognized! Type : File Data : A0045071.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP110\ IBIS Toolbar Object Recognized! Type : File Data : A0045095.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP110\ IBIS Toolbar Object Recognized! Type : File Data : A0045121.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP110\ IBIS Toolbar Object Recognized! Type : File Data : A0045176.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP111\ IBIS Toolbar Object Recognized! Type : File Data : A0045200.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP111\ IBIS Toolbar Object Recognized! Type : File Data : A0045256.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP112\ IBIS Toolbar Object Recognized! Type : File Data : A0045283.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP112\ IBIS Toolbar Object Recognized! Type : File Data : A0045314.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP112\ IBIS Toolbar Object Recognized! Type : File Data : A0045361.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP113\ IBIS Toolbar Object Recognized! Type : File Data : A0046356.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP113\ IBIS Toolbar Object Recognized! Type : File Data : A0046393.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP113\ IBIS Toolbar Object Recognized! Type : File Data : A0046419.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP113\ IBIS Toolbar Object Recognized! Type : File Data : A0046468.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP114\ IBIS Toolbar Object Recognized! Type : File Data : A0046493.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP114\ IBIS Toolbar Object Recognized! Type : File Data : A0046519.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP114\ IBIS Toolbar Object Recognized! Type : File Data : A0046543.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP114\ IBIS Toolbar Object Recognized! Type : File Data : A0047544.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP115\ IBIS Toolbar Object Recognized! Type : File Data : A0047569.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP115\ IBIS Toolbar Object Recognized! Type : File Data : A0047596.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP115\ IBIS Toolbar Object Recognized! Type : File Data : A0047633.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP116\ IBIS Toolbar Object Recognized! Type : File Data : A0047634.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP116\ IBIS Toolbar Object Recognized! Type : File Data : A0047641.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP116\ IBIS Toolbar Object Recognized! Type : File Data : A0047669.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP116\ IBIS Toolbar Object Recognized! Type : File Data : A0047696.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP116\ IBIS Toolbar Object Recognized! Type : File Data : A0047751.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP117\ IBIS Toolbar Object Recognized! Type : File Data : A0047764.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP117\ IBIS Toolbar Object Recognized! Type : File Data : A0047807.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP118\ IBIS Toolbar Object Recognized! Type : File Data : A0047808.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP118\ IBIS Toolbar Object Recognized! Type : File Data : A0047816.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP118\ BargainBuddy Object Recognized! Type : File Data : A0047862.srg TAC Rating : 8 Category : Malware Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe IBIS Toolbar Object Recognized! Type : File Data : A0047865.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0047866.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0047873.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0048870.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0048903.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0048927.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP119\ IBIS Toolbar Object Recognized! Type : File Data : A0048975.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049000.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049028.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049056.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049092.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049121.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP120\ IBIS Toolbar Object Recognized! Type : File Data : A0049169.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP121\ BargainBuddy Object Recognized! Type : File Data : A0049199.vxd TAC Rating : 8 Category : Malware Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP121\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe IBIS Toolbar Object Recognized! Type : File Data : A0049238.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP122\ IBIS Toolbar Object Recognized! Type : File Data : A0049263.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP122\ IBIS Toolbar Object Recognized! Type : File Data : A0049299.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP122\ IBIS Toolbar Object Recognized! Type : File Data : A0049326.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP122\ IBIS Toolbar Object Recognized! Type : File Data : A0049363.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP123\ IBIS Toolbar Object Recognized! Type : File Data : A0049387.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP123\ IBIS Toolbar Object Recognized! Type : File Data : A0049410.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP123\ IBIS Toolbar Object Recognized! Type : File Data : A0049450.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP123\ IBIS Toolbar Object Recognized! Type : File Data : A0049497.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP124\ IBIS Toolbar Object Recognized! Type : File Data : A0049522.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP124\ IBIS Toolbar Object Recognized! Type : File Data : A0049547.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP124\ IBIS Toolbar Object Recognized! Type : File Data : A0049579.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP124\ IBIS Toolbar Object Recognized! Type : File Data : A0049623.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP125\ IBIS Toolbar Object Recognized! Type : File Data : A0049668.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP127\ IBIS Toolbar Object Recognized! Type : File Data : A0049694.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP127\ IBIS Toolbar Object Recognized! Type : File Data : A0049744.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP128\ IBIS Toolbar Object Recognized! Type : File Data : A0049793.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP129\ IBIS Toolbar Object Recognized! Type : File Data : A0049835.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP130\ IBIS Toolbar Object Recognized! Type : File Data : A0049863.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP130\ IBIS Toolbar Object Recognized! Type : File Data : A0050863.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP131\ IBIS Toolbar Object Recognized! Type : File Data : A0050877.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP131\ IBIS Toolbar Object Recognized! Type : File Data : A0050909.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP132\ IBIS Toolbar Object Recognized! Type : File Data : A0050944.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP132\ IBIS Toolbar Object Recognized! Type : File Data : A0050957.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP132\ IBIS Toolbar Object Recognized! Type : File Data : A0051002.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{DE6A7A93-410F-46D8-8048-0C6F034565EE}\RP133\ IBIS Toolbar Object Recognized! Type : File Data : A0051072.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\System Volume Information� This post has been edited by daddy: Jun 19 2005, 02:06 AM
Attached File(s)
|
|
|
|
|
Jun 19 2005, 01:59 AM
Post
#14
|
|
|
Member Posts: 92 OS: Windows XP |
wow...guess too much info to fit in one post. Here is the hijack file
Logfile of HijackThis v1.99.1 Scan saved at 12:40:25 AM, on 6/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\America Online 9.0\aoltray.exe C:\HiJackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104348431241 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.cahch.com O17 - HKLM\Software\..\Telephony: DomainName = internal.cahch.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.cahch.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe peace out, daddy |
|
|
|
|
Jun 19 2005, 08:39 AM
Post
#15
|
|
|
Malware Slayer Extraordinaire! Posts: 12,739 From: Mass, USA :) OS: XP |
Hi Daddy,
Everything is looking good Most of those entries found in there were restore point previous infections and registry Keys. Lets clean up your registry.
please run this online virus scan: ActiveScan - Save the results from the scan! Let me know the problems your having with the computer. Only need the ActiveScan Log. Thanks, Excal |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
2 / 539 | 16th April 2005 - 10:17 AM ThePcGuy started - last by thatman |
||||
 |
14 / 859 | 2nd January 2006 - 06:09 AM samcrewe started - last by didom |
|||||
|
22 / 1,034 | 29th March 2008 - 07:34 AM rayrayc5 started - last by Essexboy |
|||||
|
25 / 610 | 26th October 2008 - 09:29 AM Fallenone27 started - last by Rorschach112 |
|||||
|
Time is now: 21st November 2009 - 01:39 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising