[abbieangel]

Hiya! Im new to all this...but here's whats going one

I keep on getting popups and derbiz deciding it wants to be my homepage. I have run virus scan and adaware, but it still keeps happening.

I hope you can help me.

Abbie,

ps here is my hijacklog thing. hope ive done it right

Logfile of HijackThis v1.99.1
Scan saved at 18:06:12, on 23/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Abigail\Local Settings\Temporary Internet Files\Content.IE5\81YB4DAB\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\dsldbaccess.exe -N
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49...dsldbaccess.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....c16/games30.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[Advertisements]

Hi AbbieAngel,Welcome to Geeks to Go!!

First,Lets move HijackThis to a Permanent Folder!!

Right Click the Desktop and Select New>>Folder>>Name it whatever you want!

Now Locate the Zip Folder for HijackThis and place it in the New Folder you just created!

Now Unzip HijackThis and Make sure to Extract All Files!

Please Download this Removal Tool to your Desktop!
Double Click the FixBint.exe to Open the tool!
Click Start to let it Scan the System,it will take about 5 minutes to finishing Scanning and will produce a log on the Desktop,I will want to see that log in the next Post!

Download Microsoft AntiSpyware from Here
Inside that link is a Direct Download and a Tutorial on how to Install,Update and Scan with the Program!
Once Downloaded Installed and Updated,Scan the system and delete all it finds!
Please Save the Report and put it in your next post!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!!
Make Sure Normal Startup is Checked!!

Select the tab labeled Startup and put a Check by every box there!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Once back in Normal Mode,Scan the system with HijackThis again and Post that log along with the other 2 I asked for!!

[Wizard]

Hi AbbieAngel,Welcome to Geeks to Go!!

First,Lets move HijackThis to a Permanent Folder!!

Right Click the Desktop and Select New>>Folder>>Name it whatever you want!

Now Locate the Zip Folder for HijackThis and place it in the New Folder you just created!

Now Unzip HijackThis and Make sure to Extract All Files!

Please Download this Removal Tool to your Desktop!
Double Click the FixBint.exe to Open the tool!
Click Start to let it Scan the System,it will take about 5 minutes to finishing Scanning and will produce a log on the Desktop,I will want to see that log in the next Post!

Download Microsoft AntiSpyware from Here
Inside that link is a Direct Download and a Tutorial on how to Install,Update and Scan with the Program!
Once Downloaded Installed and Updated,Scan the system and delete all it finds!
Please Save the Report and put it in your next post!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!!
Make Sure Normal Startup is Checked!!

Select the tab labeled Startup and put a Check by every box there!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Once back in Normal Mode,Scan the system with HijackThis again and Post that log along with the other 2 I asked for!!

[abbieangel]

Hiya! I hope ive given u what u wanted
Here is my microsoft spyware thing, but i didnt know if this is what u wanted?


Spyware Scan Details
Start Date: 24/04/2005 16:44:31
End Date: 24/04/2005 16:50:29
Total Time: 5 mins 58 secs

Detected Threats

ShopAtHome Spyware more information...
Details: ShopAtHome installs itself in the Winsock layer of your system and redirects your browser to merchant sites to take advantage of the affiliate fees.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID WEBInstaller.CExecute.1
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib {52CACFDF-9170-46a9-AE2E-E594D324C72A}
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID WEBInstaller.CExecute
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} CExecute Class


WinTools Trojan more information...
Details: Bubba WinTools’ purpose is currently unknown. Bubba.WinTools installs an Internet Explorer browser helper object, a URL search hook, and downloads several files in Common files\WinTools\. Bubba.WinTools runs at startup
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
C:\temp\EDowPack.exe
C:\temp\EDow.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\WToolsA.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\WToolsB.dll

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\WinTools


WindUpdates Browser Plug-in more information...
Details: WindUpdates downloads additional adware and displays pop-up advertising.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\windows\system32\ide21201.vxd

Infected folders detected
c:\temp\fleok


CallingHome.Biz.A Trojan Downloader more information...
Details: CallingHome.biz installs spyware on a users computer by doanloading via an FTP server on a remote server.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\windows\system32\nzapeo.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nzapeo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nzapeo


AproposMedia Browser Modifier more information...
Details: AproposMedia is a component of PeopleOnPage, sometimes found on computers without the commonly visible portion of the application . AproposMedia displays pop-up advertisements, and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected folders detected
c:\program files\cxtpls

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 C:\Program Files\CxtPls\CxtPls.exe
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 C:\Program Files\CxtPls\proxystub.dll
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} PSFactoryBuffer


Transponder.DLMax Spyware more information...
Details: Transponder is an Internet Explorer Browser Helper Object (BHO) that monitors web pages requested and data entered into forms.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\windows\dlmax.dll
C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.dll

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\ProgID DLMax.DLMaxObj.1
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\TypeLib {230c3786-1c2c-45bd-9d2d-9d277fce6289}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\VersionIndependentProgID DLMax.DLMaxObj
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200} DLMaxObj Class
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLI6d7OfSDist 52|58|6|1|BANNER.EXE
HKEY_CURRENT_USER\Software\DLMax DLI6d7OfSInst {BFB0A47B-7E2B-465F-A224-F154434AF2A5}
HKEY_CURRENT_USER\Software\DLMax DLC6n7trMsgSDisp 27
HKEY_CURRENT_USER\Software\DLMax DLT6o7pListSPos 0
HKEY_CURRENT_USER\Software\DLMax DLs6t7icky1S lflshdt%3D1114105443%26capdatedy%3D0424%26lstlogdt%3D20050424%26capdate%3D2411%26capcntdy%3D16%260%3D%26cntp%3Ddsl%26capcnt%3D3%26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLs6t7icky2S 0%3D%26fstcidt%3D1114105443232%26
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLC1o6d7eOfSFinalAd 1
HKEY_CURRENT_USER\Software\DLMax DLT6i7m8eOfSFinalAd 1114355643|0|0|0|0|1114354977|0|1114349143|0|
HKEY_CURRENT_USER\Software\DLMax DLD6s7tSSEnd ’›–‚ÀÀÍ––‚Ì––‚ƒŠÔ�‹ˆÕŽÍ¶ˆ„Ì�›œ
HKEY_CURRENT_USER\Software\DLMax DL6N7a8tionSCode UK
HKEY_CURRENT_USER\Software\DLMax DLP6D7om •‰„—ˆ€’†“‚‹ˆŸ�Ì‘�Ÿ
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSCheckSIn 45
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSMots 100
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLM6o7deSSync 11
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSCab 0
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSEx 0
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSLstest 0
HKEY_CURRENT_USER\Software\DLMax DLL6a7stMotsSDay 24
HKEY_CURRENT_USER\Software\DLMax DLL6a7stSSChckin 14612
HKEY_CURRENT_USER\Software\DLMax DLB6D7om ›�‡†ŽŠ�›”›‡€”Š–Ü™€�Ž™ƒ‹™‰Á�€•
HKEY_CURRENT_USER\Software\DLMax DLE6v7nt 0
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSBath 10000
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSysSInf 2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLL6n7Title 30
HKEY_CURRENT_USER\Software\DLMax DLC6u7rrentSMode 1
HKEY_CURRENT_USER\Software\DLMax DLC6n7tFyl 0
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLS6t7atusOfSInst roger
HKEY_CURRENT_USER\Software\DLMax HighestListIndex 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\InprocServer32 C:\WINDOWS\dlmax.dll
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\InprocServer32 ThreadingModel Apartment


CoolWebSearch Browser Modifier more information...
Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}


AvenueMedia.DyFuCA Browser Plug-in more information...
Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0


IST.ISTbar Browser Modifier more information...
Details: ISTbar is an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\iinstall.exe


VX2.ABetterInternet Adware more information...
Details: ABetterInternet displays advertisements based on the Web sites you visit.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
C:\WINDOWS\banner.dll


Comet Systems Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\inf\cc_43.pnf


IST.ISTbar.ActiveX Spyware more information...
Details: ISTactivex is an Internet Explorer redirector that silently modifies homepages and searches using an Internet Explorer toolbar.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\VersionIndependentProgID ISTx.Installer
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959} Installer Class
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\ProgID ISTx.Installer.2
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL, 101
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\TypeLib {EDBC8C5F-C58B-4d4e-A86D-956213E39691}
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\Version 1.2


Transponder.ABetterInternet.Ceres Spyware more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\banner.exe


MediaPass.LoaderX Trojan Downloader more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass DisplayName Media Pass
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 C:\PROGRA~1\MEDIAP~1\MEDIAP~2.EXE
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID LoaderX.Installer.1
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID LoaderX.Installer
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C} Installer Class
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C} AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass UninstallString C:\Program Files\Media Pass\MediaPass.exe /Remove


WindUpdates.MediaAccess Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
c:\program files\media access\mediaaccc.dll

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} Installer Class
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
HKEY_LOCAL_MACHINE\Software\Media Access
HKEY_LOCAL_MACHINE\Software\Media Access param 96e66a3e0b7ec801c58a1c614211eddadbd55fbc4a7195:3863346261646666626136316263363438656663346364373531383936333063
HKEY_LOCAL_MACHINE\Software\Media Access track 0
HKEY_LOCAL_MACHINE\Software\Media Access reqcount 42
HKEY_LOCAL_MACHINE\Software\Media Access DownloadPath \temp
HKEY_LOCAL_MACHINE\Software\Media Access Language en
HKEY_LOCAL_MACHINE\Software\Media Access
HKEY_LOCAL_MACHINE\Software\Media Access LastUpdate 1114276022
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access UninstallString C:\Program Files\Media Access\MediaAccess.exe /Remove
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access DisplayName Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 C:\PROGRA~1\MEDIAA~1\MEDIAA~2.EXE
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID MediaAccess.Installer
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID MediaAccess.Installer


IST.SlotchBar Toolbar more information...
Details: Slotch Bar is an adware toolbar program for affiliates to distribute on sites. Affiliates get paid per install of the toolbar.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll


Transponder.Farmmext Adware more information...
Details: Advertising network software to display popup advertising.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
c:\windows\farmmext.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\THI20BF.tmp\farmmext.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext


eBates.MoeMoneyMaker Adware more information...
Details: ebates Moe MoneyMaker displays pop-up advertisements and disables programs, including pop-up blockers that might interfere with its operation.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\THI1C0A.tmp\MMaker4b.exe


WhenU.SaveNow Adware more information...
Details: WhenU SaveNow displays pop-up advertisements.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Program Files\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}


BearShare Software Bundler more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll


Detected Spyware Cookies
No spyware cookies were found during this scan.

Here is the other log

Symantec Adware.BetterInternet Removal Tool 1.0.6


C:\System Volume Information: (not scanned)
Adware.BetterInternet has not been found on your computer.


Here is my hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 17:43:22, on 24/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Abigail\Desktop\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49...dsldbaccess.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....c16/games30.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[Wizard]

Thats exactly what I wanted to see,looks like it did alot of work for us!!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe

O4 - HKLM\..\RunServices: [PcSync] PCsync.exe

O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe

O4 - HKCU\..\RunServices: [PcSync] PCsync.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49...dsldbaccess.exe

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda....c16/games30.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Now its my belief that you have 4 different files running around in there that are trying to duplicate Legitimate Files,again this is just my belief,we will find out in a minute!

The Files are:
wmplayer.exe
PCsync.exe
cthelper.exe
hotkeysvc.exe

The best wayI know to find out if they are really on the PC,is to use Windows Search Feature!

Click Start>>Click Search>>Configure like this:
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by these 3:

Search System Folders
Search hidden files and folders
Search Subfolders

Now under All Files and Folders,enter this into the text box:

Enter each of the above entries and see what returns you get!

This one I know is Bad,so locate and Delete it immediatly:
hotkeysvc.exe

As for the Rest,Locate them,then go to the site below and have them Scanned!!
http://www.kaspersky.com/scanforvirus

There may be Multiple Versions of the Files so have them all scanned!
Remove any that are detected as a Virus!

Let me know what the File Scanning Yields and Lets have a look at a fresh HijackThis Log

[abbieangel]

Hiya..thanks for the help

I looked for the hotkeys in search, didnt find anything there, and it didnt find cthelper or pcsync.

It found wmplayer.exe in the prefetch folder, which i scanned on that virus scan...but no problems there apparently.


Logfile of HijackThis v1.99.1
Scan saved at 23:21:25, on 24/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Abigail\Desktop\Hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[Wizard]

I am amazed at what Microsoft AntiSpyware actually got rid of!!

If you will,please do this Online Scan:
http://www.pandasoft...n_principal.htm

You will have to be using Internet Explorer and Download the ActiveX content for the Scan to work!

Please Save the Report from the Scan and Post those results back here!

The HijackThis log is Clean!

[abbieangel]

wow i am very impressed...

but that link for that virus scan wouldnt work..???

[Wizard]

Lets try this again and I will give some others to try is that one wont work!!

http://www.pandasoft...n_principal.htm

http://www3.ca.com/s...sinfo/scan.aspx

http://support.f-sec.../home/ols.shtml

http://www.bitdefend...can/licence.php

That site looks different than what I am use to seeing,They may have just Updated it and Caused the URL change,Chances are the new Panda link will work!

[abbieangel]

Heres the scan...


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\DOCUME~1\Abigail\LOCALS~1\Temp\webrebates.exe
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\Abigail\LOCALS~1\Temp\THI*.tmp
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\fahKpYM.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI111E.tmp\Pynix.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI20BF.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI20BF.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.cab
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.cab[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.cab[spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI58C2.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI5C62.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI7384.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THI7503.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\THIE5.tmp\farmmext.inf
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\uninstall.exe
Adware:Adware/Comet No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\unpack\CC_43.inf
Adware:Adware/Comet No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\unpack\inst43.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Abigail\Local Settings\Temp\webrebates.exe
Adware:Adware/Transponder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\93A88C80-BAB1-4A40-A697-3847CD\3FC552F3-686A-49B6-B71D-5F4C74
Adware:Adware/Twain-Tech No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A7D2FF84-B85A-464F-BD8F-49A049\9CBFB0DF-6325-4889-B592-80E1DB
Virus:Trj/Downloader.BBF Disinfected C:\setup.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\Pynix.inf
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\temp.exe

[Wizard]

The 2 links below are to excellent programs that will help keep you Temps files to a minimum if you will run these about once a week!

CCleaner:
http://www.filehippo...d_ccleaner.html
This is to help keep those Temporary Files Cleaned Up,all you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!

CleanUp! 4.0:
http://cleanup.stevengould.org/
Just Scroll through the Page and locate this Line:
So download CleanUp! now and reap the benefits of a clean machine.
If that Link doesnt work,just go to Google.com and Search for CleanUp!
It should be the First Return!!
Once Installed,Open and Click CleanUp! and When Prompted to Log Off,do so!

2 other optional programs that are similar to Microsoft AntiSpyware and will pick up some things that Microst AntiSpyware wont:

AdawareSE:
http://www.bleepingc...showtutorial=48
Everything you need is in the link!

Spybot Search&Destroy:
http://www.bleepingc...showtutorial=43
Everything you need is in the link!

Now lets go after those files!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Locate and Delete:

C:\WINDOWS\inf\dlmax.inf<<< File Only!

C:\WINDOWS\inf\farmmext.inf<<< File Only!

C:\WINDOWS\inf\Pynix.inf<<< File Only!

C:\WINDOWS\system32\temp.exe<<< File Only!

C:\Program Files\WILDTANGENT<<< The entire WildTangent Folder!

C:\Program Files\Media Access<<< The entire Media Access Folder!

Now Navigate to this folder:
C:\Documents and Settings\Abigail\Local Settings\Temp
Open that Temp folder and Delete everything that is Inside it!

Open and Run CCleaner,once opened,just click the Run Cleaner button!

Open and Run CleanUp!,once opened,just click the CleanUp button and when it prompts you to log off,just Restart the PC in Normal Mode!

Back in Normal Mode,if you have downloaded either Ad Aware or Spybot,Scan the PC with those and Remove all they find!

Scan the PC with HijackThis and Post those results along with any comments on how the file\folder deletions went!

Edited by Cretemonster, 26 April 2005 - 08:00 AM.

[abbieangel]

Hiya, I deleted all the files you asked me to, no probs there.

I did the CCleaner, but couldnt download other one u suggested.

Shall i change the 'view hidden files' thing back to what it was?

Abbie

Logfile of HijackThis v1.99.1
Scan saved at 16:16:00, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Abigail\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[abbieangel]

Hiya my McAfee virus scan found ipsentry and dialer253

can they be cleaned?

[Wizard]

Sorry Abbie,
Somehow I Lost track of this post!!

Yes,delete anything that Mcafee finds!

Update me,tell me what the state of the PC is!!

[abbieangel]

Hiya...this is a bit of an update...(getting no more pop ups YAY! Thanks)...

This is my last spyware scan....

Spyware Scan Details
Start Date: 01/05/2005 23:13:37
End Date: 01/05/2005 23:18:52
Total Time: 5 mins 15 secs

Detected Threats

Dialer.ASDPlugin Dialer more information...
Details: Dialer.ASDPlugin is a premium-rate adult dialer.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN\restore\Start Page value about:blank
HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN\restore\Start Page key Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN\restore\Start Page hkey -2147483647
HKEY_LOCAL_MACHINE\SOFTWARE\ASDPLUGIN title Launch DerBiz.com


Detected Spyware Cookies
No spyware cookies were found during this scan.

And here is hijack...

Logfile of HijackThis v1.99.1
Scan saved at 23:23:16, on 01/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Abigail\Desktop\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[Wizard]

Hey Abbie,

It bothers me a bit that this stuff is still being Picked up,it may just be left overs but lets be sure!

Use the link from the previous post and run the F-Secure Online Scan!

This will let me know if there are re infections happening!

Once its complete,please save the Results and Post them here!

I am going to attach a Copy of CleanUp! 4.0
Use my Instructions on how to Run it!

Lets get some Saftey installed!

Visit the site below and definatly get Spyware Blaster and Spyware Guard is a plus on any system!
http://www.javacools...m/products.html

If you are going to use Internet Explorer to Browse with,IE Spyad is a great Addition!
IE Spyad:
http://www.bleepingc...showtutorial=53
There is a direct download inside and great tutorial also!

Does Mcafee have a Firewall with it??

If not here is an Excellent one if you are Intersted:
Sygate Personal Firewall:
http://smb.sygate.co...pf_standard.htm

All this will help Secure the PC and Make it alot Safer to Browse with!

You can go ahead and reconfigure Msconfig the way you like the PC to StartUp!

If you need alternatives to Internet Explorer,just ask and I will find ya the links!!

Post back with the F-Secure Results and we will go from there!

Attached Files

•  CleanUp40.zip   307.6KB   141 downloads

Edited by Cretemonster, 01 May 2005 - 05:35 PM.