Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Clean Log, but bad start-ups? [RESOLVED]


  • This topic is locked This topic is locked

#1
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hello G2G admin,

As a geekU student, im always being curious and exploring the different aspects of HJT. Because of this, im always getting confused and finding things on my computer that REALLY should not be there... :blink: I recently made a start-up list with HJT's misc tools section, and took a look at it. I noticed there was still quite a few things from malware i had in the past. My most recent log files checked by professionals came up clean. I think it would be for the better for me to let the experts handle this, and tell me wether or not i have a need to be concerned.

Thanks in advance



Fresh HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:42 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe










Start-up list (i did the extensive one, sorry for the excess cluster)

StartupList report, 9/10/2006, 11:15:20 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Work Station\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

VSOCheckTask = "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online = C:\Program Files\McAfee.com\VSO\mcvsshld.exe
OASClnt = C:\Program Files\McAfee.com\VSO\oasclnt.exe
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MPSExe = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
FreeRAM XP = "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\mcafee.com\mps\mcbrhlpr.dll - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
McAfee PopupKiller - c:\program files\mcafee.com\mps\popupkiller.dll - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
(no name) - (no file) - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcaf...01/mcinsctl.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = http://download.mcaf...,26/mcgdmgr.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mclsp.dll
Protocol #2: C:\WINDOWS\system32\mclsp.dll
Protocol #3: C:\WINDOWS\system32\mclsp.dll
Protocol #4: C:\WINDOWS\system32\mclsp.dll
Protocol #5: C:\WINDOWS\system32\mclsp.dll
Protocol #6: C:\WINDOWS\system32\mclsp.dll
Protocol #7: C:\WINDOWS\system32\mclsp.dll
Protocol #8: C:\WINDOWS\system32\mclsp.dll
Protocol #9: C:\WINDOWS\system32\mclsp.dll
Protocol #10: C:\WINDOWS\system32\mclsp.dll
Protocol #11: C:\WINDOWS\system32\mclsp.dll
Protocol #12: C:\WINDOWS\system32\mclsp.dll
Protocol #13: C:\WINDOWS\system32\mclsp.dll
Protocol #14: C:\WINDOWS\system32\mclsp.dll
Protocol #15: C:\WINDOWS\system32\mclsp.dll
Protocol #16: C:\WINDOWS\system32\mclsp.dll
Protocol #17: C:\WINDOWS\system32\mclsp.dll
Protocol #18: C:\WINDOWS\system32\mclsp.dll
Protocol #19: C:\WINDOWS\system32\mclsp.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\rsvpsp.dll
Protocol #24: C:\WINDOWS\system32\rsvpsp.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll
Protocol #37: C:\WINDOWS\system32\mswsock.dll
Protocol #38: C:\WINDOWS\system32\mswsock.dll
Protocol #39: C:\WINDOWS\system32\mclsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Aureal Game Port Enumerator: System32\DRIVERS\admjoy.sys (manual start)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM42RLY: \??\C:\WINDOWS\System32\BCM42RLY.SYS (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\system32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
GTNDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\GTNDIS5.SYS (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: system32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: system32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: system32\DRIVERS\wADV09nt.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: system32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: system32\DRIVERS\wATV06nt.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
iriver Internet Audio Player IFP-700: system32\drivers\ifp700.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (autostart)
McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (autostart)
McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (autostart)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
mf: System32\DRIVERS\mf.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MPFIREWL: System32\Drivers\MpFirewall.sys (system)
McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (autostart)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Linksys Wireless-G PCI Adapter Driver: system32\DRIVERS\RT2500.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4881C63A-6AC9-44FD-A1B9-BCACB6DD9425} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
szkg: system32\DRIVERS\szkg.sys (system)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Aureal Vortex 8810 Audio Driver (WDM): system32\drivers\adm8810.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\5cb1b112d01\5cb1b112d01\0004bba4.exe||C:\WINDOWS\system32\5cb1b112d01\5cb1b112d01\0003fba4.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

homepage.monitor.exe = C:\Program Files\IntCodec\isamonitor.exe
pmsngr.exe = C:\Program Files\IntCodec\pmsngr.exe

--------------------------------------------------

End of report, 34,078 bytes
Report generated in 1.553 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
















The things that concerned me included the C:\Program Files\IntCodec (which does not exist.. part of a smit fraud infection i had a long time ago, and i did double check to make sure it was not there still :help: )

and there were a few others which with a little research were identified as the Gaster Virus... those are:


[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub









Thank you in advance for taking the time to look at this :whistling:


look foreward to hearing from you soon



-Silenced Message
  • 0

Advertisements


#2
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Hi silencedmessage, Welcome to Geek U !!
Sorry for the delay in reviewing your post

Your log seems to be clean !! :whistling:

Lets run one scan and see if anything pops up :

Download and Install Ewido Anti-Malware© by Ewido Networks

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close Ewido Anti-Malware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run Ewido Anti-Malware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
Ewido will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido Anti-Malware

Reboot to Normal Mode and post the Ewido log here

BTW : Like your avatar !! Go Irish !! :blink:
  • 0

#3
silencedmessage

silencedmessage

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 987 posts
Hello Linkmaster :lol:

No worries on the "delay" in review, I completely understand that this is a very busy forum (especially as of recently) and that the staff here is running behind a little bit :whistling:

I typically run Ewido about once a month, but have yet to do it recently :)

The part that was confusing me is that the log was coming back clean from what i could tell (still a NB so figured id add it in just in case)

Irish pride all the way :blink:


ok, back to the topic at hand...lol


Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found


None of these were in the settings screen... maybe i have an out-dated version? its only a moth or so old, so i didnt think it would be




The ewido did find a few things i didnt know were there, and that HJT didnt get either... a couple of the concerns from the start-up list as a matter of fact... the IntCodec thing there... here is the log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:46:45 PM, 9/15/2006
+ Report-Checksum: BF51DD69

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1409082233-1935655697-1060284298-1004\Software\Internet Security -> Adware.IntCodec : Cleaned with backup
HKU\S-1-5-21-1409082233-1935655697-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Momma Skunk\Application Data\Mozilla\Firefox\Profiles\uswnauu4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Momma Skunk\Cookies\momma [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Momma Skunk\Cookies\momma [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.760:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.786:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.788:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.903:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.904:C:\Documents and Settings\Work Station\Application Data\Mozilla\Firefox\Profiles\s8ur2w8r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup


::Report End









and i dont think you will really have any interest in looking at a new HJT log since it came back clean before, but im going to post it anyways. Also, attached is a new start-up list which i just did and noticed the entries are still there. I appologize for throwing all this info at you at once, but look at what you need to, hopefully it will save us from extra un-necessary posting :help:


Logfile of HijackThis v1.99.1
Scan saved at 11:33:43 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\DllHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  • 0

#4
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Im thinking those may be dead entries, but lets try another scan :
Did you use one of the Smitfraud tools to remove Smitfraud??

Download and Extract ComboFix© by sUBs to your Desktop
Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it will produce a log for you

Open Windows Explorer
Navigate to C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\HijackThis.exe
Right click on HijackThis.exe and select Rename
Type in Analyze.exe and hit Enter
Close Windows Explorer
Reboot
Run Analyze.exe and post a fresh Analyze log along with the ComboFix log here
  • 0

#5
silencedmessage

silencedmessage

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 987 posts

Im thinking those may be dead entries, but lets try another scan :


i was wondering if that was the case, but i know that Ewido picked up something else from the IntCodec, which is weird because i had run ewido, adaware, spybot S&D, SpywareBlaster, McAfee all since i had that multiple times


and yes, i used SmitFraudFix :whistling:

just curious, if you dont mind, could you give a breif explanation of why you had me rename HJT or a link that would tell me? thanks :blink:


Work Station - 06-09-16 11:08:51.61 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs

((((((((((((((((((((((((((((((( Files Created from 2006-08-16 to 2006-09-16 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-16 11:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-16 01:58 -------- d-------- C:\Program Files\ParadisePoker
2006-09-15 23:59 -------- d-------- C:\Program Files\Omerta Script
2006-09-15 21:29 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-14 23:07 -------- d-------- C:\Program Files\Microsoft Calculator Plus
2006-09-10 21:28 -------- d-------- C:\Documents and Settings\Work Station\Application Data\Macromedia
2006-09-10 21:23 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-10 21:19 -------- d-------- C:\Program Files\Macromedia
2006-09-10 21:17 -------- d---s---- C:\Documents and Settings\Work Station\Application Data\Microsoft
2006-09-10 21:17 -------- d-------- C:\Program Files\Common Files
2006-09-07 19:01 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-29 01:44 -------- d-------- C:\Program Files\YourWare Solutions
2006-08-28 22:40 -------- d-------- C:\Program Files\Pawsoft
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-18 12:38 -------- d-------- C:\Program Files\msn gaming zone
2006-08-17 22:55 -------- d-------- C:\Program Files\coolpro2
2006-08-14 02:41 -------- d-------- C:\Program Files\Java
2006-08-14 02:39 -------- d-------- C:\Program Files\Common Files\Java
2006-08-13 21:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-13 20:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-13 20:12 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-28 14:31 24070456 --a------ C:\wmp11-windowsxp-x86-enu.exe
2006-06-22 01:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 01:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 09/16/2006 11:11:07.42
ComboFix.txt












Anaylize.exe log:


Logfile of HijackThis v1.99.1
Scan saved at 11:17:27 AM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\Work Station\Desktop\Anti-Malware Programs\Analyze.exe.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe







thanks in advance :help:

-Silenced Message
  • 0

#6
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Your log seems to be fine !!

just curious, if you dont mind, could you give a breif explanation of why you had me rename HJT or a link that would tell me? thanks wink.gif

There are some infections (Vundo for one) that hide from HijackThis.
Usually when you see a log that has no O2's and/or no O20's, have the user rename HijackThis.exe to something else and rerun the log.
Read all of the Canned speeches and Spyware fixes in those sections. There are some real experts here that have helped me greatly. Also they are very easy to talk to about any questions you have ! Welcome to the Fight !!

((Here is my "All Clean" Speech))

**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Very good Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Comodo Personal Firewall© by Comodo Group

Alternative Browsers :
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness
FireFox© by Mozilla
Opera© by Opera Software ASA

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??

Edited by Linkmaster, 16 September 2006 - 09:46 AM.

  • 0

#7
silencedmessage

silencedmessage

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 987 posts
okay, makes sense!

thanks very much


but i have just one more question


should i go ahead and get rid of those out of the start-up just to prevent a slow boot in the future?


thanks :whistling:
  • 0

#8
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You can if you like ! I dont see them actively running though!
  • 0

#9
silencedmessage

silencedmessage

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 987 posts
Ok :whistling:

thank you very much LinkMaster

and nothing personal, but i hope i wont have to deal with you about malware issues on my pc again :blink:

it was a pleasure, and keep up the extraordinary work!

Edited by Linkmaster, 17 September 2006 - 02:52 AM.

  • 0

#10
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Thank you and You are very Welcome !

Nothing personal taken !! :whistling:
  • 0

#11
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP