This topic is lockedalright give me a moment to install my internet on the computer and hook it upYou should be ok, it will need connecting at some stage as i want you to run an online scan later, so now is as good a time as any.
Andy
brb :
Problems with comp, various virus [RESOLVED]
Started by
Caffeine_Powered
, Aug 22 2006 10:27 PM
#31
Posted 26 August 2006 - 02:28 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
brb :
#32
Posted 26 August 2006 - 02:41 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
I installed it on this [friends computer] Computer and am currently running the program
and as I typed that the program popped up after exactly one minute
and as I typed that the program popped up after exactly one minute
#33
Posted 26 August 2006 - 02:48 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
finished its scan and I'm going to continue with the directions from 2 pages ago
#34
Posted 26 August 2006 - 02:51 PM
andydf
-
- Visiting Consultant
-
- 1,660 posts
Visiting Staff
No, post the scan results first, lets deal with this one.
Andy
Andy
#35
Posted 26 August 2006 - 02:55 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
Here's the logs you requested finally
Logfile of HijackThis v1.99.1
Scan saved at 4:52:28 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 8/26/2006 4:43:35 PM
Infected! C:\WINDOWS\system32\lv0209doe.dll
Infected! C:\WINDOWS\system32\p0n8la5u1d.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
Infected! C:\WINDOWS\system32\e402ledo1h0c.dll
Infected! C:\WINDOWS\system32\ivmui.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\WINDOWS\system32\shcpack.dll
Infected! C:\WINDOWS\system32\wspdxm.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e402ledo1h0c.dll
C:\WINDOWS\system32\e402ledo1h0c.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ivmui.dll
C:\WINDOWS\system32\ivmui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\shcpack.dll
C:\WINDOWS\system32\shcpack.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wspdxm.dll
C:\WINDOWS\system32\wspdxm.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}"
HKCR\Clsid\{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C76238B1-FA5D-442D-A664-6BC90B19D724}"
HKCR\Clsid\{C76238B1-FA5D-442D-A664-6BC90B19D724}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 4:52:28 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 8/26/2006 4:43:35 PM
Infected! C:\WINDOWS\system32\lv0209doe.dll
Infected! C:\WINDOWS\system32\p0n8la5u1d.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
Infected! C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
Infected! C:\WINDOWS\system32\e402ledo1h0c.dll
Infected! C:\WINDOWS\system32\ivmui.dll
Infected! C:\WINDOWS\system32\kt6sl7j71.dll
Infected! C:\WINDOWS\system32\shcpack.dll
Infected! C:\WINDOWS\system32\wspdxm.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029316.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029327.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029333.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029342.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029355.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP163\A0029366.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029376.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP164\A0029377.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030389.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0030398.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031398.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031429.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031430.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031431.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031432.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031433.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031441.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0031449.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034461.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0034470.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0035476.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036479.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP165\A0036488.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036496.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036517.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP166\A0036525.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll
C:\System Volume Information\_restore{B4C9F709-B615-470A-A1D9-F49EC6795672}\RP167\A0036536.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\e402ledo1h0c.dll
C:\WINDOWS\system32\e402ledo1h0c.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ivmui.dll
C:\WINDOWS\system32\ivmui.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kt6sl7j71.dll
C:\WINDOWS\system32\kt6sl7j71.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\shcpack.dll
C:\WINDOWS\system32\shcpack.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wspdxm.dll
C:\WINDOWS\system32\wspdxm.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}"
HKCR\Clsid\{201393A4-8FD6-4F64-B18E-BD6CE4B44E7F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C76238B1-FA5D-442D-A664-6BC90B19D724}"
HKCR\Clsid\{C76238B1-FA5D-442D-A664-6BC90B19D724}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
#36
Posted 26 August 2006 - 03:18 PM
andydf
-
- Visiting Consultant
-
- 1,660 posts
Visiting Staff
Hi Caffiene_Powered
Looks alot better
Please download VundoFix.exe to your desktop.
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
Andy
Looks alot better
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Put a check next to Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
- When VundoFix re-opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
- Once you get to the Panda site, scroll down a bit and click on Scan your PC
- A new window will appear; click on Check Now!
- A new window will appear; fill in the boxes (Country, State, email addy)
- Click on Scan Now! >
If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files. - From "Select a device to scan...", choose "My Computer"
- Allow the scan to run. It'll take a while.
- When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
- I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
Andy
#37
Posted 26 August 2006 - 04:10 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
Hi Caffiene_Powered
Looks alot better
Please download VundoFix.exe to your desktop.[
- Double-click VundoFix.exe to run it.
- Put a check next to Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
- When VundoFix re-opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
There is no box that says Run as task...
should i just run it?
Edited by Caffiene_Powered, 27 August 2006 - 11:52 AM.
#38
Posted 27 August 2006 - 12:31 PM
andydf
-
- Visiting Consultant
-
- 1,660 posts
Visiting Staff
yes just run it,
#39
Posted 27 August 2006 - 02:15 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
sorry sounds like a stupid question but I've made to many little errors that turned out to be huge faults that just really made things hard to fix....yes just run it,
alright I'm not at home at the moment but Iwill do this when I get home
I'll post the log later when I get home...Hopefully everything will go good
#40
Posted 27 August 2006 - 06:51 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
oddly enough Vundofix picked up nothing..a window popped saying nothing was found
I'm going to do the panda scan now
I'm going to do the panda scan now
Edited by Caffiene_Powered, 27 August 2006 - 07:15 PM.
#41
Posted 27 August 2006 - 07:14 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
finished the panda scan
Incident Status Location
Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Cookies\user@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\user@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\user@hitbox[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\user\install.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\user\install.exe[¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[Activate.exe]
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\user\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@realmedia[1].txt
Spyware:Cookie/Luckynugget Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Adware:Adware/DollarRevenue Not disinfected C:\kybrdff_12.exe
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\services.dll
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0703-1033-1221-010928000001}\services.dll
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwa.exe
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwl.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\RDFX4.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\cvn0.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\ghynf.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\install.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\install.exe[¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[Activate.exe]
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32ghynf.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32n9nyb.exe
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Temp\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Temp\Cookies\user@zedo[1].txt
Here's the HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:14:34 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Incident Status Location
Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/sidesearch Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\user\Cookies\user@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\user@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\user\Cookies\user@hitbox[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\user\install.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\user\install.exe[¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\user\install.exe[Activate.exe]
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\user\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@realmedia[1].txt
Spyware:Cookie/Luckynugget Not disinfected C:\Documents and Settings\user\Local Settings\Temp\Cookies\[email protected][1].txt
Adware:Adware/DollarRevenue Not disinfected C:\kybrdff_12.exe
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\services.dll
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{50DC104B-0703-1033-1221-010928000001}\services.dll
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwa.exe
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-1229272821-162531612-682003330-1003\Dc6\iomwl.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\RDFX4.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\cvn0.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\ghynf.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\install.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\install.exe[¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe[Activate.exe]
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32bez6n4r21.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32ghynf.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32n9nyb.exe
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Temp\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Temp\Cookies\user@zedo[1].txt
Here's the HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:14:34 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
#42
Posted 28 August 2006 - 01:05 PM
andydf
-
- Visiting Consultant
-
- 1,660 posts
Visiting Staff
Hi Caffiene_Powered
Don't worry about Vundofix, I was just making sure as I saw evidence of Winfixer and the two are generally related.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Next
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
After that
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
Now close all windows other than HiJackThis, then click Fix Checked.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
Andy
Don't worry about Vundofix, I was just making sure as I saw evidence of Winfixer and the two are generally related.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
c:\windows\system32\tsuninst.exe
c:\windows\keyboard1.dat
C:\Documents and Settings\user\install.exe[²ÜÇ\nsProcess.dll]
C:\Documents and Settings\user\install.exe[¦++\²íÇ\services.dll]
C:\Documents and Settings\user\install.exe[MyToolBar.dll]
C:\Documents and Settings\user\install.exe[Activate.exe]
C:\Documents and Settings\user\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
C:\kybrdff_12.exe
C:\Program Files\Common Files\{50DC104B-0702-1033-1221-010928000001}\services.dll
C:\Program Files\Common Files\{50DC104B-0703-1033-1221-010928000001}\services.dll
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\install.exe[²ÜÇ\nsProcess.dll]
C:\WINDOWS\system32\install.exe[¦++\²íÇ\services.dll]
C:\WINDOWS\system32\install.exe[MyToolBar.dll]
C:\WINDOWS\system32\install.exe[Activate.exe]
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\system32\xeymi.dll
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Next
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
After that
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
Now close all windows other than HiJackThis, then click Fix Checked.
If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.
Andy
#43
Posted 28 August 2006 - 01:36 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
I did what you said in killbox but for some reason it doesn't appear to have deleted all of them because on the top it said 12 files 0 folders selected and I copied and pasted (off the list) more then 12 files...
another quick question is would ATF Cleaner be a good thing to keep in the computer afterwards because I dl'd the other Cleanup program you guys have and the ATF Cleaner seems to clean more stuff out..
another quick question is would ATF Cleaner be a good thing to keep in the computer afterwards because I dl'd the other Cleanup program you guys have and the ATF Cleaner seems to clean more stuff out..
Edited by Caffiene_Powered, 28 August 2006 - 01:45 PM.
#44
Posted 28 August 2006 - 01:48 PM
Caffeine_Powered
- Topic Starter
-
- Member
-
- 475 posts
Member
The system seems to be running relatively fine, the only thing I'm wondering is what I stated in the previous post of not everything being deleted...other than his system seems to be fine....Ewido is no longer popping up on startup saying that Adware2me (i believe the name was) is in the system...
Logfile of HijackThis v1.99.1
Scan saved at 3:46:16 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
The system se
Logfile of HijackThis v1.99.1
Scan saved at 3:46:16 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
The system se
#45
Posted 28 August 2006 - 02:25 PM
andydf
-
- Visiting Consultant
-
- 1,660 posts
Visiting Staff
Hi Caffiene_Powered
Can you navigate to C:\killbox\logs open the log file and copy the log in your reply.
ATFcleaner is a very good tool to keep on your system, cleanup is also good but ATFcleaner was created by one of our experts so I tend to use and trust it more.
Your log actually looks clean let me see the Killbox log and we'll take it from there.
Andy
Can you navigate to C:\killbox\logs open the log file and copy the log in your reply.
ATFcleaner is a very good tool to keep on your system, cleanup is also good but ATFcleaner was created by one of our experts so I tend to use and trust it more.
Your log actually looks clean
let me see the Killbox log and we'll take it from there.Andy
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
