Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware bombardment, please help!


  • Please log in to reply

#1
Hakkar

Hakkar

    Member

  • Member
  • PipPip
  • 18 posts
Hello and thank you for your time. I'm having major problems with my computer. Upon boot up in normal mode an antivirus program comes up informing me of numerous adware/malware on my computer. With this program I only have two options: register the program so it can remove the malware or close the program. Unfortunately both options have the same result and that is they completely lock up my computer. The computer does not respond to anything, not even shutdown after it locks up so I have to manually shut down. The only way I've been able to still make use of the computer is through safe mode (I am currently in safe mode with networking). I've previously ran trend micro (also while in safe mode) and it found a ton of malware. According to trend micro the files have been deleted but when I reboot in normal mode I still have the lockup. Below I have posted my log of Hijack this. Thank you in advance for any/all help!

Logfile of HijackThis v1.99.1
Scan saved at 12:24:37 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: (no name) - {00000000-0000-47B0-B28F-B16077A1DE96} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {3EB43A2D-84CA-8E68-9C3C-DEEF4F09A2CF} - C:\WINDOWS\system32\msjre.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.
Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.
  • 0

#3
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is my new highjack this log. Also to add to my problem my keyboard is no longer functioning. It worked upon booting up but no longer responds (this whole message is being typed with the on-screen keyboard). Thank you again for your help.

Logfile of HijackThis v1.99.1
Scan saved at 3:43:13 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: (no name) - {00000000-0000-47B0-B28F-B16077A1DE96} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {3EB43A2D-84CA-8E68-9C3C-DEEF4F09A2CF} - C:\WINDOWS\system32\msjre.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your keyboard issue is probably separate from your malware problems. But try this.

Right click on My Computer and select Properties.
Click on the Hardware tab and then Device Manager.
Click on + sign next Keyboard and you should see your keyboard listed.
Right click on it and select Uninstall.
Now reboot your computer and Windows should reinstall the drivers.


==========


Now back to your malware issues.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  • 0

#5
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Just to note when I went into device manager the keyboard was not listed however upon reboot it is functioning again. Back to the malware issue after I ran VundoFix I restarted my computer in normal mode. I was able to get past that antivirus program that comes up (WinAntiviruspro) and things seemed to be working again but then it all locked up on me so I am continuing this back in safe mode (which is where I've been able to run VundoFix and Hijack THis). Here are my results from the VundoFix and the new Hijack This:


VundoFix V4.2.72

Checking Java version...

Java version is 1.4.2.3

Scan started at 4:42:29 PM 4/28/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak2

C:\WINDOWS\SYSTEM32\ghhkj.bak1
C:\WINDOWS\SYSTEM32\ghhkj.bak2
C:\WINDOWS\SYSTEM32\ghhkj.ini
C:\WINDOWS\SYSTEM32\jkhhg.dll
Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 4:47:29 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: (no name) - {00000000-0000-47B0-B28F-B16077A1DE96} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {3EB43A2D-84CA-8E68-9C3C-DEEF4F09A2CF} - C:\WINDOWS\system32\msjre.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

  • 0

#7
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:09:20 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: (no name) - {00000000-0000-47B0-B28F-B16077A1DE96} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {3EB43A2D-84CA-8E68-9C3C-DEEF4F09A2CF} - C:\WINDOWS\system32\msjre.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AOL Instant Messenger
AOL Toolbar 2.0
Ares 1.8.1
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Cinema Tycoon Gold (remove only)
CleanUp!
CrazyViewer
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Diablo II
DivX Player
DivX Pro Trial
Doom 3
DOOM 3: Resurrection of Evil
EarthLink setup files
EmpirePoker
Family Feud (remove only)
Get High Speed Internet!
Golden Tiger Casino
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
H&R Block Tax Offer
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire 4.9.28
Macromedia Flash Player
Macromedia Shockwave Player
McAfee SecurityCenter
MediaTickets By OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Age of Empires
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.0.3)
Musicmatch® Jukebox
NetZeroInstallers
NYR - Madison Square Garden Screen Saver
Photo Click
PowerDVD 5.3
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SelectRebates
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live! 24-bit
Trend Micro PC-cillin Internet Security 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
WildTangent Web Driver
WinAntiVirus Pro 2006 2.0.162.18
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WordPerfect Office 12
Yahoo! Toolbar
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Java 2 Runtime Environment, SE v1.4.2_03
MediaTickets By OIN
SelectRebates
Viewpoint Media Player
WildTangent Web Driver
WinAntiVirus Pro 2006 2.0.162.18



Reboot your computer(to normal mode if possible) and post a new hijackthis log(original log).
  • 0

#9
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Finally! I am finally able to operate windows in normal mode without my computer locking up! I have deleted those listed programs as suggested and here is the log of hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 6:17:38 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\w?auclt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\DOCUME~1\MARKMA~1\MYDOCU~1\FNTS~1\mmc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\ProSiteFinder\4767984.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pccreg.antivi...001002&PID=CIC0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {60A6F99C-102E-118F-2C71-4FB60A1FF6CA} - C:\WINDOWS\system32\pnalftnk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60A6F99C-102E-118F-2C71-4FB60A1FF6CA} - C:\WINDOWS\system32\pnalftnk.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [kqkw] C:\PROGRA~1\COMMON~1\kqkw\kqkwm.exe
O4 - HKCU\..\Run: [Klypu] C:\WINDOWS\system32\w?auclt.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\MARKMA~1\MYDOCU~1\FNTS~1\mmc.exe" -vt mtx
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's a step in the right direction. :whistling:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pccreg.antivi...001002&PID=CIC0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {60A6F99C-102E-118F-2C71-4FB60A1FF6CA} - C:\WINDOWS\system32\pnalftnk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {60A6F99C-102E-118F-2C71-4FB60A1FF6CA} - C:\WINDOWS\system32\pnalftnk.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKCU\..\Run: [kqkw] C:\PROGRA~1\COMMON~1\kqkw\kqkwm.exe
O4 - HKCU\..\Run: [Klypu] C:\WINDOWS\system32\w?auclt.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\MARKMA~1\MYDOCU~1\FNTS~1\mmc.exe" -vt mtx
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab



==========


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\pnalftnk.dll
    C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
    C:\Program Files\ProSiteFinder\prositefinder.exe
    C:\PROGRA~1\COMMON~1\kqkw\kqkwm.exe
    C:\DOCUME~1\MARKMA~1\MYDOCU~1\FNTS~1\mmc.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


===========


After you've booted back up, delete these folders.

C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\kqkw
C:\Program Files\ProSiteFinder



===========


Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.

dir C:\WINDOWS\system32\w?auclt.exe /a h > files.txt
notepad files.txt



Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.


===========


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#11
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the contents of FindFile.bat I am moving onto downloading and running Panda's activesite.

Volume in drive C has no label.
Volume Serial Number is A0FC-DA0B

Directory of C:\WINDOWS\system32

05/26/2005 04:16 AM 124,184 wuauclt.exe
04/18/2006 09:44 AM 409,600 w?auclt.exe
2 File(s) 533,784 bytes

Directory of C:\Documents and Settings\Mark XXXXXXXX\Desktop

Edited by Hakkar, 28 April 2006 - 05:43 PM.

  • 0

#12
Hakkar

Hakkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
As asked here is the new hijack this report and the Panda's activescan:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:07 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Mark Mammolito\Favorites\fun & games\Betting.lnk
Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\exdl0.exe
Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd
Adware:adware/purityscan Not disinfected c:\windows\system32\wtssvtr.exe
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\program files\common files\WinAntiVirus Pro 2006
Adware:adware/ncase Not disinfected c:\program files\180Solutions
Spyware:spyware/apropos Not disinfected c:\program files\AutoUpdate
Adware:adware/exact.bullseye Not disinfected c:\program files\BullsEye Network
Adware:adware/dyfuca Not disinfected c:\program files\Internet Optimizer
Adware:adware/ist.istbar Not disinfected c:\program files\ISTbar
Adware:adware/navhelper Not disinfected c:\program files\NavExcel
Adware:adware/powerscan Not disinfected c:\program files\Power Scan
Adware:adware/ist.sidefind Not disinfected c:\program files\SideFind
Adware:adware/surfaccuracy Not disinfected c:\program files\SurfAccuracy
Adware:adware/ucmore Not disinfected c:\program files\TheSearchAccelerator
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\Toolbar
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/prositefinder Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Possible Virus. Not disinfected C:\!KillBox\mmc.exe
Spyware:Spyware/ClearSearch Not disinfected C:\!KillBox\prositefinder.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zifzd6z.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.overture.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/SAHAgent Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[www.shopathomeselect.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.888.com/]
Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.inet-traffic.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.com.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.centrport.net/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Mammolito\Application Data\Mozilla\Firefox\Profiles\739cro08.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/CasinoKing Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mark Mammolito\Cookies\mark [email protected][2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Mark Mammolit
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
  • Make sure "Hide extensions for known file types" is unchecked
  • Make sure "Hide protected operating system files (recommended)" is unchecked
  • For more info on how to show hidden files click here.

Locate and delete this file. Keep in mind that the ? could represent any character, but the file you want to delete is about 409kb and dated 4/18/06.

C:\WINDOWS\system32\w?auclt.exe

Be careful not to delete the important system wuauclt.exe, which is only 124kb.


===========


Use Killbox again to delete these files.

C:\Documents and Settings\Mark Mammolito\Favorites\fun & games\Betting.lnk
c:\windows\system32\exdl0.exe
c:\windows\system32\ide21201.vxd
c:\windows\system32\wtssvtr.exe



===========


Delete these folders.

c:\program files\common files\WinAntiVirus Pro 2006
c:\program files\180Solutions
c:\program files\AutoUpdate
c:\program files\BullsEye Network
c:\program files\Internet Optimizer
c:\program files\ISTbar
c:\program files\NavExcel
c:\program files\Power Scan
c:\program files\SideFind
c:\program files\SurfAccuracy
c:\program files\TheSearchAccelerator



===========


Fix this line with Hijackthis.

O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe


===========


Reboot your computer once more.

Your Panda log was rather large and it appears to have been cut off at the end. If there is anything else other than cookies, please post that portion of the log. Please post a new hijackthis log.

Let me know of any problems that you are still having.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP