Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer running slow...hijack log posted [RESOLVED]

Started by mjacob , Sep 18 2006 04:19 PM

  • This topic is locked This topic is locked

#1
mjacob
Posted 18 September 2006 - 04:19 PM

mjacob

    New Member

  • Member
  • Pip
  • 7 posts
My computer has been running very slow. Did antivirus scan, adaware, spybot, cwshredder, trojan hunter scans and a defrag with no real improvment.

Thanks for your help

----------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:19:06 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\Desktop\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell....amp;appindex=ds
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: palstart.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
don77
Posted 21 September 2006 - 08:44 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and sorry for the delay

Could you provide a couple things for me please,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#3
mjacob
Posted 24 September 2006 - 02:01 PM

mjacob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for helping me. ActiveScan did pick up some items (see below). I did not do anything with them yet.

Here is what you asked for:

======================================

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOLIcon
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audible Download Manager
Auto Gordian Knot 2.32 beta
Avi2Dvd 0.4.3 beta
AviSynth 2.5
BitComet 0.60
Broadcom Management Programs 2
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cisco Systems VPN Client 4.6.00.0049
Conexant D480 MDC V.9x Modem
Corel Photo Album 6
Dell Bluetooth Software
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DVD Decrypter (Remove Only)
EarthLink setup files
EducateU
FLAC Installer 1.1.2a (remove only)
Get High Speed Internet!
Google Toolbar for Internet Explorer
HiDownload
HijackThis 1.99.1
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Macromedia Flash Player
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mIWCA
mkw Audio Compression Toolkit
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.5.0.7)
MPEG Video Wizard DVD
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
mWlsSafe
mXML
MyWay Search Assistant
mZConfig
Nero PhotoShow Elite
Nero Suite
NetWaiting
NetZeroInstallers
OfotoNow
Paltalk Messenger
Photo Click
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
TrojanHunter 4.6
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Helper
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebCyberCoach 3.2 Dell
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPcap 3.1
WinRAR archiver
WordPerfect Office 12
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)

==========================================


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.overture.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[server.iad.liveperson.net/hc/68202908]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.com.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[counter.hitslink.com/]
  • 0

#4
don77
Posted 24 September 2006 - 03:43 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets do a wee bit of clean up and see if it helps any if not we can disable some programs from running on start up,


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next

Make sure you can view all Hidden Files/Folders


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...sidebar.jsp?p=D
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll



Next Reboot into SAFE MODE
Search for and delete the Folders highlighted in Blue

C:\Program Files\MyWaySA

Restart your computer,
Rescan with Active scan again please post back what it finds if anything

Post back a fresh HJT log as well please
  • 0

#5
mjacob
Posted 24 September 2006 - 07:18 PM

mjacob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the quick response!

iBy the way, I did not see any folders highlighted in blue when I rebooted in safe mode.

==================================================

Here is the result of the scan:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.overture.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[server.iad.liveperson.net/hc/68202908]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.com.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default\cookies.txt[counter.hitslink.com/]

==============================
Here is the new hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 9:16:50 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell....amp;appindex=ds
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: palstart.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

#6
don77
Posted 24 September 2006 - 07:33 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
when you ran ATF did you click on FireFox to be cleaned as well ?
  • 0

#7
mjacob
Posted 24 September 2006 - 07:57 PM

mjacob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
yes i did...but I did not erase the passwords...cleaned everything else
  • 0

#8
don77
Posted 24 September 2006 - 08:05 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Navigate to this folder and clean out the cookies manually

C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\xj3e0qvc.default


computer still running slow ?
  • 0

#9
mjacob
Posted 24 September 2006 - 08:23 PM

mjacob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It is definitely much faster.

Should I do anything about the issues that the ActiveScan picked up? It showed 32 instances of Spyware.
  • 0

#10
mjacob
Posted 24 September 2006 - 08:24 PM

mjacob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oh...ok, I see now...that is what you are having me clean out.

Thanks for your help.
  • 0

#11
don77
Posted 24 September 2006 - 08:50 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Rescan with Active scan and lets see what it comes back with :whistling:
  • 0

#12
don77
Posted 07 October 2006 - 06:29 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP