Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with comp, various virus [RESOLVED]


  • This topic is locked This topic is locked

#31
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts

You should be ok, it will need connecting at some stage as i want you to run an online scan later, so now is as good a time as any.

Andy :whistling:

alright give me a moment to install my internet on the computer and hook it up

brb : :blink:
  • 0

Advertisements


#32
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
I installed it on this [friends computer] Computer and am currently running the program

:whistling: and as I typed that the program popped up after exactly one minute
  • 0

#33
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
finished its scan and I'm going to continue with the directions from 2 pages ago
  • 0

#34
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
No, post the scan results first, lets deal with this one.

Andy
  • 0

#35
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
Here's the logs you requested finally

Logfile of HijackThis v1.99.1
Scan saved at 4:52:28 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe






Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/26/2006 4:43:35 PM

Infected! C:\WINDOWS\system32\lv0209doe.dll
Infected! C:\WINDOWS\system32\p0n8la5u1d.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
Infected! C:\WINDOWS\system32\e402ledo1h0c.dll
Infected! C:\WINDOWS\system32\ivmui.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\WINDOWS\system32\shcpack.dll
Infected! C:\WINDOWS\system32\wspdxm.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e402ledo1h0c.dll
C:\WINDOWS\system32\e402ledo1h0c.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ivmui.dll
C:\WINDOWS\system32\ivmui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\shcpack.dll
C:\WINDOWS\system32\shcpack.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wspdxm.dll
C:\WINDOWS\system32\wspdxm.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}"
HKCR\Clsid\{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C76238B1-FA5D-442D-A664-6BC90B19D724}"
HKCR\Clsid\{C76238B1-FA5D-442D-A664-6BC90B19D724}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
  • 0

#36
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Caffiene_Powered

Looks alot better :blink:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Next
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :help:

Andy :whistling:
  • 0

#37
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts

Hi Caffiene_Powered

Looks alot better :whistling:

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
[


There is no box that says Run as task...
should i just run it?

Edited by Caffiene_Powered, 27 August 2006 - 11:52 AM.

  • 0

#38
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
yes just run it,
  • 0

#39
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts

yes just run it,

sorry sounds like a stupid question but I've made to many little errors that turned out to be huge faults that just really made things hard to fix....

alright I'm not at home at the moment but Iwill do this when I get home

I'll post the log later when I get home...Hopefully everything will go good
  • 0

#40
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
oddly enough Vundofix picked up nothing..a window popped saying nothing was found



I'm going to do the panda scan now

Edited by Caffiene_Powered, 27 August 2006 - 07:15 PM.

  • 0

Advertisements


#41
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
finished the panda scan


Incident Status Location

Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\[email protected]softeup.112.2o7[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\user\install.exe[\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\user\install.exe[++\\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[Activate.exe]
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\user\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Luckynugget Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Adware:Adware/DollarRevenue Not disinfected C:\kybrdff_12.exe
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\services.dll
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0703-1033-1221-010928000001}\services.dll
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwa.exe
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwl.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\RDFX4.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\cvn0.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\ghynf.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\install.exe[\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\install.exe[++\\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[Activate.exe]
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32ghynf.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32n9nyb.exe
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Temp\Cookies\[email protected][1].txt


Here's the HJT

Logfile of HijackThis v1.99.1
Scan saved at 9:14:34 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

#42
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Caffiene_Powered

Don't worry about Vundofix, I was just making sure as I saw evidence of Winfixer and the two are generally related.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\tsuninst.exe
    c:\windows\keyboard1.dat
    C:\Documents and Settings\user\install.exe[\nsProcess.dll]
    C:\Documents and Settings\user\install.exe[++\\services.dll]
    C:\Documents and Settings\user\install.exe[MyToolBar.dll]
    C:\Documents and Settings\user\install.exe[Activate.exe]
    C:\Documents and Settings\user\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
    C:\kybrdff_12.exe
    C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\services.dll
    C:\Program Files\Common Files\{50DC104B-0703-1033-1221-010928000001}\services.dll
    C:\WINDOWS\RDFX4.exe
    C:\WINDOWS\system32\bez6n4r21.exe
    C:\WINDOWS\system32\cvn0.exe
    C:\WINDOWS\system32\ghynf.exe
    C:\WINDOWS\system32\install.exe[\nsProcess.dll]
    C:\WINDOWS\system32\install.exe[++\\services.dll]
    C:\WINDOWS\system32\install.exe[MyToolBar.dll]
    C:\WINDOWS\system32\install.exe[Activate.exe]
    C:\WINDOWS\system32bez6n4r21.exe
    C:\WINDOWS\system32ghynf.exe
    C:\WINDOWS\system32n9nyb.exe
    C:\WINDOWS\system32\xeymi.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Next
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

After that
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll

Now close all windows other than HiJackThis, then click Fix Checked.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :blink:

Andy :whistling:
  • 0

#43
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
I did what you said in killbox but for some reason it doesn't appear to have deleted all of them because on the top it said 12 files 0 folders selected and I copied and pasted (off the list) more then 12 files...

another quick question is would ATF Cleaner be a good thing to keep in the computer afterwards because I dl'd the other Cleanup program you guys have and the ATF Cleaner seems to clean more stuff out..

Edited by Caffiene_Powered, 28 August 2006 - 01:45 PM.

  • 0

#44
Caffeine_Powered

Caffeine_Powered

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 475 posts
The system seems to be running relatively fine, the only thing I'm wondering is what I stated in the previous post of not everything being deleted...other than his system seems to be fine....Ewido is no longer popping up on startup saying that Adware2me (i believe the name was) is in the system...

Logfile of HijackThis v1.99.1
Scan saved at 3:46:16 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe


The system se
  • 0

#45
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Caffiene_Powered

Can you navigate to C:\killbox\logs open the log file and copy the log in your reply.

ATFcleaner is a very good tool to keep on your system, cleanup is also good but ATFcleaner was created by one of our experts so I tend to use and trust it more.

Your log actually looks clean :blink: let me see the Killbox log and we'll take it from there.

Andy :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP