Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Here is my log [resolved]

Started by Yivin144 , Mar 14 2005 02:22 PM

  • This topic is locked This topic is locked

#1
Yivin144
Posted 14 March 2005 - 02:22 PM

Yivin144

    Member

  • Member
  • PipPip
  • 28 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:21:53 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\j?vaw.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\640YQ4HJ\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometown.aol....ivin/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31419FE1-0728-62A2-2BE2-0695CDD5DCEC} - C:\WINDOWS\System32\emgs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69F16106-EA18-1AB5-DC52-64550DF1291A} - C:\WINDOWS\System32\hwmnlw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108591508\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Udgloh] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [Lome] C:\Documents and Settings\Owner\Application Data\drbh.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...0.20/tukati.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Guest_thatman_*
Posted 14 March 2005 - 04:37 PM

Guest_thatman_*
  • Guest
Hi Yivin144

Welcome to the forums! ;)

The following explains how to remove items from your computer that are malware. These must be fixed now!

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

[*]Please set your system to show all files; please see here if you're unsure how to do this.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometown.aol....ivin/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {31419FE1-0728-62A2-2BE2-0695CDD5DCEC} - C:\WINDOWS\System32\emgs.dll
O2 - BHO: (no name) - {69F16106-EA18-1AB5-DC52-64550DF1291A} - C:\WINDOWS\System32\hwmnlw.dll (file missing)
O4 - HKCU\..\Run: [Udgloh] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [Lome] C:\Documents and Settings\Owner\Application Data\drbh.exe
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\System32\emgs.dll
C:\WINDOWS\System32\hwmnlw.dll
C:\WINDOWS\System32\j?vaw.exe
C:\Documents and Settings\Owner\Application Data\drbh.exe

Exit Explorer, and reboot as normal afterwards.

Please run the following free, online virus scans.

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
Yivin144
Posted 14 March 2005 - 08:42 PM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\System32\emgs.dll
C:\WINDOWS\System32\hwmnlw.dll
C:\WINDOWS\System32\j?vaw.exe
C:\Documents and Settings\Owner\Application Data\drbh.exe

I restarted in safe mode but could not find the 4 files listed above. Earlier today I tried to do the Trend Micros virus scan. It ran for over an hour and I had to leave and stop. I'm running it right now. It has been running for 15 minutes.

Thanks,
Y
  • 0

#4
Yivin144
Posted 16 March 2005 - 07:52 AM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the report from Panda...


Incident Status Location

Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~136564.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~155013.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~16568.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~237872.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~243802.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~253991.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~30071.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~317939.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~321630.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~347219.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~348535.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~349960.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~354574.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~359190.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~363490.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~368233.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~375293.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~381857.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~412752.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~418175.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~424373.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~434299.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~445822.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~458662.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~461641.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~463329.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~464136.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~484769.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~50848.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~533731.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~538282.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~571855.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~573142.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~583052.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~586646.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~609518.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~638379.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~641666.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~645130.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~669622.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~672866.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~680346.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~683456.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~685020.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~737845.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~762392.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~826686.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~830960.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~844377.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~852431.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~950379.tmp
Adware:Adware/PurityScan No disinfected C:\Program Files\backups\backup-20050314-210316-988.dll
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11849211.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12584300.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12952656.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13656640.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\20852671.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\28130467.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\33868282.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\34298752.asw
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49782961.asw
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49793121.asw
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49794371.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\53143908.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\68635935.asw
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\92639069.asw
Adware:Adware/FunWeb No disinfected C:\WINDOWS\system32\f3pssavr.scr
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\JVAW~1.EXE
I could not get the other program to run.

:tazz:
  • 0

#5
Yivin144
Posted 16 March 2005 - 08:00 AM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:58:35 AM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108591508\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...0.20/tukati.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Guest_thatman_*
Posted 16 March 2005 - 08:48 AM

Guest_thatman_*
  • Guest
Hi Yivin144

Well the clean up is going well HJT.log is clean.

Delete all files in your temp folder
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~136564.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~155013.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~16568.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~237872.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~243802.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~253991.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~30071.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~317939.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~321630.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~347219.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~348535.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~349960.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~354574.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~359190.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~363490.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~368233.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~375293.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~381857.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~412752.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~418175.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~424373.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~434299.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~445822.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~458662.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~461641.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~463329.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~464136.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~484769.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~50848.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~533731.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~538282.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~571855.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~573142.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~583052.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~586646.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~609518.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~638379.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~641666.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~645130.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~669622.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~672866.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~680346.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~683456.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~685020.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~737845.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~762392.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~826686.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~830960.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~844377.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~852431.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~950379.tmp

AOL Spyware Protection delete the backup files
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11849211.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12584300.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\12952656.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13656640.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\20852671.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\28130467.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\33868282.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\34298752.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49782961.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49793121.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\49794371.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\53143908.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\68635935.asw
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\92639069.asw

C:\WINDOWS\system32\f3pssavr.scr<--Delete this file
C:\WINDOWS\system32\JVAW~1.EXE<--Delete this file
C:\Program Files\backups\backup-20050314-210316-988.dll<--Delete the whole folder

Please run the following free, online virus scans.

http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
Yivin144
Posted 16 March 2005 - 09:02 AM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Do you want me to delete all the files in the temp folder or just the ones listed on the report?
  • 0

#8
Guest_thatman_*
Posted 16 March 2005 - 09:07 AM

Guest_thatman_*
  • Guest
Hi Yivin144 ;)

Delete all the file in you temp folder :tazz:

Kc ;)
  • 0

#9
Yivin144
Posted 16 March 2005 - 09:10 AM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I'm sorry I'm stupid but do you want me to delete the folders too? :tazz:
  • 0

#10
Guest_thatman_*
Posted 16 March 2005 - 09:24 AM

Guest_thatman_*
  • Guest
Hi Yivin144

What folder do you know or use in the temp folder

If you have files or folders you need to keep move them to a new folder on your c:\Drive: name it c:\Yivin144

Kc :tazz:
  • 0

Advertisements

#11
Yivin144
Posted 16 March 2005 - 04:59 PM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
How does this look? Thank you so much for helping. :tazz:

Panda Report...

Incident Status Location
Adware:Adware/MyWay No disinfected Windows Registry
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab[FL_atl71_dll_4_____X86.3643236F_FC70_11D3_A536_0090278A1BB8]
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\system32\atl71.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\JVAW~1.EXE HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 5:57:45 PM, on 3/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108591508\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...0.20/tukati.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#12
Guest_thatman_*
Posted 17 March 2005 - 03:01 AM

Guest_thatman_*
  • Guest
Hi Yivin144

Using Windows Add Remove Programs uninstall the following Program.
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Data1.cab[FL_atl71_dll_4_____X86.3643236F_FC70_11D3_A536_0090278A1BB8]
When you have removed Acrobat 7.0 delete all folder that Acrobat 7.0 has installed, dont reinstall Acrobat 7.0 till we have seen the new virus scans.

Reboot into Safe Mode: Click here if you don't know how to do this.


Using Windows Explorer remove the following files and folders

C:\WINDOWS\system32\atl71.dll<--Delete this file
C:\WINDOWS\system32\JVAW~1.EXE<--Delete this file

Reboot into normal mode.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#13
Yivin144
Posted 17 March 2005 - 03:41 PM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I could not find jvaw~1.exe. When I went to safe mode it asked if I wanted to sign-on as adminstrator or owner. I tried both and still could not find the file in system 32.

The WildTangent give me a error when I reboot.

Thanks again for helping. I can already tell a difference with response. :tazz:

Incident Status Location

Adware:Adware/WildTangent No disinfected Windows Registry
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\JVAW~1.EXE
Logfile of HijackThis v1.99.1
Scan saved at 4:36:44 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\COMMON~1\AOL\110859~1\EE\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108591508\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...0.20/tukati.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#14
Guest_thatman_*
Posted 17 March 2005 - 03:59 PM

Guest_thatman_*
  • Guest
Hi Yivin144

Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.
C:\WINDOWS\system32\JVAW~1.EXE
End off kilbox files

Reboot into normal mode.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#15
Yivin144
Posted 17 March 2005 - 04:17 PM

Yivin144

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Do I need to run this? It's asking if I want to decompress the files, should I?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP