Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

limewire aftermath [RESOLVED]

Started by Mamabeah , Mar 02 2006 12:41 AM

  • This topic is locked This topic is locked

#1
Mamabeah
Posted 02 March 2006 - 12:41 AM

Mamabeah

    Member

  • Member
  • PipPip
  • 58 posts
I downloaded Limewire last night and today I've been fighting adware like crazy. I've done spybot, adware, clean up. I'm mostly disturbed because there was a huge lot of [bleep] references when adware was scanning and I don't look at that stuff! I am not computer savvy at all and have spent the entire day fighting the adware, so any help is welcomed.

Here's my Hijack

Logfile of HijackThis v1.99.1
Scan saved at 1:35:20 AM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\windows\eee2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe
c:\program files\common files\aol\1129615984\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1129615984\ee\aolsoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [winsysupd] C:\\winsysupd12.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win32079271750842] C:\WINDOWS\win32079271750842.exe
O4 - HKLM\..\Run: [winsysban] C:\Documents and Settings\Chanize\Desktop\winsysban12.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\Run: [sys030842927175] C:\WINDOWS\sys030842927175.exe
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [rirm] C:\PROGRA~1\COMMON~1\rirm\rirmm.exe
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.ho...es/MsnPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...409/mcfscan.cab
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\o4lu0e39eh.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Trevuren
Posted 02 March 2006 - 01:29 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Mamabeah and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

I need to get you to move HijackThis to a folder of its own so that nothing gets deleted by mistake

1. Right click in an empty space on your desktop.

2. From the Menu, click New, then Folder and a folder will appear on your desktop.

3. Name the folder HJT

4. Cut/Paste your current version of HijackThis into the new Folder that was just created.

5. Now, run the program and post a fresh HJT log for review.

Regards,

Trevuren
  • 0

#3
Mamabeah
Posted 02 March 2006 - 09:22 AM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Okay, I've moved it to desk top and here's what comes up:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:30 AM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\windows\eee2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\common files\aol\1129615984\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1129615984\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chanize\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [winsysupd] C:\\winsysupd12.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win32079271750842] C:\WINDOWS\win32079271750842.exe
O4 - HKLM\..\Run: [winsysban] C:\Documents and Settings\Chanize\Desktop\winsysban12.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\Run: [sys030842927175] C:\WINDOWS\sys030842927175.exe
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [rirm] C:\PROGRA~1\COMMON~1\rirm\rirmm.exe
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.ho...es/MsnPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...409/mcfscan.cab
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\o4lu0e39eh.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Mamabeah
Posted 02 March 2006 - 11:14 AM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Will this help me remove what appears to be very disgusting webpages on my computer. McAfee is doing a scan now and the names of these files are truly revolting.
Thing is, I cannot find them on this computer!
  • 0

#5
Trevuren
Posted 02 March 2006 - 11:30 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
3. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren
  • 0

#6
Mamabeah
Posted 02 March 2006 - 05:51 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
sorry to PM you, I will post it here. I've run the Hijack, but the ewido report is full of xrated sites and I didn't want to post the report here and get in trouble unless you okay it. Aside from my being completely mistified how it all got on there (over 6,000) I'm embarrassed to death.
Here's the Hijack for now until I hear otherwise.

Logfile of HijackThis v1.99.1
Scan saved at 6:49:39 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\common files\aol\1129615984\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1129615984\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chanize\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [winsysupd] C:\\winsysupd12.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win32079271750842] C:\WINDOWS\win32079271750842.exe
O4 - HKLM\..\Run: [winsysban] C:\Documents and Settings\Chanize\Desktop\winsysban12.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\Run: [sys030842927175] C:\WINDOWS\sys030842927175.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [rirm] C:\PROGRA~1\COMMON~1\rirm\rirmm.exe
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.ho...es/MsnPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...409/mcfscan.cab
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\o4lu0e39eh.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#7
Mamabeah
Posted 02 March 2006 - 06:11 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Okay here's the ewido: :tazz:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:07:01 PM, 3/2/2006
+ Report-Checksum: 74C194C4

+ Scan result:

HKU\S-1-5-21-100847149-805724290-2424947563-1007\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-100847149-805724290-2424947563-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup


log edited by Trevuren due to nature of content

Edited by Trevuren, 05 March 2006 - 05:38 PM.

  • 0

#8
Mamabeah
Posted 02 March 2006 - 06:24 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
log edited by Trevuren due to nature of content

Edited by Trevuren, 05 March 2006 - 05:35 PM.

  • 0

#9
Mamabeah
Posted 02 March 2006 - 06:25 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
log edited by Trevuren due to nature of content

Edited by Trevuren, 05 March 2006 - 05:31 PM.

  • 0

#10
Mamabeah
Posted 02 March 2006 - 06:27 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Content of log edited by Trevuren

Edited by Trevuren, 05 March 2006 - 05:28 PM.

  • 0

Advertisements

#11
Mamabeah
Posted 02 March 2006 - 06:29 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I am just going to add the end....THERE IS SO MUCH MORE OF THIS, it's unreal.

C:\Documents and Settings\Chanize\Complete\Zagreb.justlodgings.com.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Downloads\DinerDashSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\oo.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\Program Files\MsMovies\MsMovies.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\p.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\v.tmp -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\nickarcade\nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\Program Files\SpongeBob SquarePants Movie 3D Game\bfgt_silent_ne.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\Program Files\SpongeBob SquarePants Movie 3D Game\bfgt_silent_ne.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0045273.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0045277.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046320.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046322.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046324.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046325.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046330.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046339.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046342.exe -> Downloader.Adload.v : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046344.exe -> Downloader.Agent.afi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046345.exe -> Hijacker.StartPage.aib : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP591\A0046348.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046494.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046496.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046523.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046524.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046525.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046537.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046546.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP592\A0046565.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP593\A0046666.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP593\A0046670.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP593\A0046783.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047292.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047293.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047336.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047347.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047366.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP595\A0047412.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\surv3.exe -> Downloader.VB.vv : Cleaned with backup
C:\WINDOWS\SYSTEM32\winlogi.exe -> Backdoor.Rbot.afu : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup


::Report End
  • 0

#12
Mamabeah
Posted 02 March 2006 - 07:44 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Well, might as well post it all..I can't possibly be any more disgusted.


log edited by Trevuren due to nature of content

Edited by Trevuren, 05 March 2006 - 05:25 PM.

  • 0

#13
Trevuren
Posted 02 March 2006 - 08:20 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Using Windows Explorer, please DELETE this entire folder:

C:\Documents and Settings\Chanize\Complete


2. Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
Regards,

Trevuren
  • 0

#14
Mamabeah
Posted 02 March 2006 - 09:31 PM

Mamabeah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
okay, here it is--


9:50 PM: | Start of Session, Thursday, March 02, 2006 |
9:50 PM: Spy Sweeper started
9:50 PM: Sweep initiated using definitions version 625
9:51 PM: Starting Memory Sweep
9:55 PM: Memory Sweep Complete, Elapsed Time: 00:03:56
9:55 PM: Starting Registry Sweep
9:55 PM: Found Adware: elitemediagroup-mediamotor
9:55 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
9:55 PM: Found Adware: screensavers
9:55 PM: HKLM\software\screensavers.com\ (16 subtraces) (ID = 140569)
9:55 PM: Found Adware: zenosearchassistant
9:55 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931)
9:55 PM: Found Adware: enbrowser
9:55 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
9:55 PM: Found Adware: findthewebsiteyouneed hijacker
9:55 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711)
9:55 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1121712)
9:55 PM: Found Adware: dollarrevenue
9:55 PM: HKLM\software\microsoft\windows\currentversion\run\ || gimmygames (ID = 1156794)
9:55 PM: Found Adware: look2me
9:55 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\extensions\ (6 subtraces) (ID = 1169275)
9:55 PM: Registry Sweep Complete, Elapsed Time:00:00:15
9:55 PM: Starting Cookie Sweep
9:55 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:55 PM: Starting File Sweep
9:57 PM: a0046350.exe (ID = 255020)
9:57 PM: Found Adware: zquest
9:57 PM: a0046341.exe (ID = 251354)
10:01 PM: Found Adware: maxifiles
10:01 PM: a0046289.exe (ID = 185254)
10:01 PM: a0046293.exe (ID = 255020)
10:02 PM: a0044312.exe (ID = 244271)
10:03 PM: Found Adware: surfsidekick
10:03 PM: a0046299.config (ID = 212361)
10:07 PM: a0045275.exe (ID = 212828)
10:10 PM: a0046531.exe (ID = 185254)
10:11 PM: a0046298.exe (ID = 212831)
10:11 PM: Found Trojan Horse: trojan-downloader-nextern
10:11 PM: klsx9e.exe (ID = 254873)
10:14 PM: a0049461.exe (ID = 244407)
10:19 PM: Found Adware: targetsaver
10:19 PM: class-barrel (ID = 78229)
10:19 PM: vocabulary (ID = 78283)
10:19 PM: Found Adware: elitemediagroup-pop64
10:19 PM: a0049460.exe (ID = 244513)
10:21 PM: a0049459.exe (ID = 244278)
10:21 PM: a0049464.exe (ID = 245110)
10:21 PM: a0049463.exe (ID = 245111)
10:22 PM: a0046621.exe (ID = 74759)
10:24 PM: a0049458.exe (ID = 244413)
10:25 PM: Found Adware: command
10:25 PM: a0046536.vbs (ID = 231442)
10:26 PM: a0046355.cfg (ID = 91140)
10:26 PM: kz11va5dtk.vbs (ID = 185675)
10:26 PM: a0046308.bat (ID = 212353)
10:26 PM: a0046315.config (ID = 212358)
10:26 PM: Warning: Unhandled Archive Type
10:26 PM: File Sweep Complete, Elapsed Time: 00:31:09
10:26 PM: Full Sweep has completed. Elapsed time 00:35:30
10:26 PM: Traces Found: 57
10:27 PM: Removal process initiated
10:27 PM: Quarantining All Traces: look2me
10:27 PM: Quarantining All Traces: dollarrevenue
10:27 PM: Quarantining All Traces: elitemediagroup-mediamotor
10:27 PM: Quarantining All Traces: enbrowser
10:27 PM: Quarantining All Traces: maxifiles
10:27 PM: Quarantining All Traces: surfsidekick
10:27 PM: Quarantining All Traces: trojan-downloader-nextern
10:27 PM: Quarantining All Traces: zquest
10:27 PM: Quarantining All Traces: command
10:27 PM: Quarantining All Traces: elitemediagroup-pop64
10:27 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
10:27 PM: Quarantining All Traces: screensavers
10:27 PM: Quarantining All Traces: targetsaver
10:27 PM: Quarantining All Traces: zenosearchassistant
10:27 PM: Removal process completed. Elapsed time 00:00:50
********
9:48 PM: | Start of Session, Thursday, March 02, 2006 |
9:48 PM: Spy Sweeper started
9:49 PM: Your spyware definitions have been updated.
9:50 PM: | End of Session, Thursday, March 02, 2006 |


Logfile of HijackThis v1.99.1
Scan saved at 10:30:05 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1129615984\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1129615984\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Chanize\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129615984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [win32079271750842] C:\WINDOWS\win32079271750842.exe
O4 - HKLM\..\Run: [sys030842927175] C:\WINDOWS\sys030842927175.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [rirm] C:\PROGRA~1\COMMON~1\rirm\rirmm.exe
O4 - HKCU\..\Run: [CU1]
O4 - HKCU\..\Run: [CU2]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.ho...es/MsnPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00719/sb028.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...409/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#15
Trevuren
Posted 02 March 2006 - 10:25 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We must disable Spy Sweeper for it may interfere with our fix

To disable SpySweeper:
  • Open SpySweeper, click >Options over to the left then >program options >Uncheck "load at windows startup".
  • Over to the left, click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck 'automaticly restore default without notifiction

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
    O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
    O4 - HKLM\..\Run: [win32079271750842] C:\WINDOWS\win32079271750842.exe
    O4 - HKLM\..\Run: [sys030842927175] C:\WINDOWS\sys030842927175.exe
    O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
    O4 - HKCU\..\Run: [rirm] C:\PROGRA~1\COMMON~1\rirm\rirmm.exe
    O4 - HKCU\..\Run: [CU1]
    O4 - HKCU\..\Run: [CU2]


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\Program Files\MsMovies<==Folder
    C:\WINDOWS\win32079271750842.exe
    C:\WINDOWS\sys030842927175.exe
    C:\WINDOWS\system32\loadadv64
    C:\PROGRAM FILES\COMMON FILES\rirm<==Folder

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP