[christine.bee]

I am hoping someone at this forum can do what Mcafee should of been able to do. I assumed paying for their service would keep me from having to spend hours fixing my computer and so far all of their scans come back clean. I was on an application called Mobsters, which is a game on myspace and I clicked on another members profile and an endless amount of windows started opening up. I shut down computer and it is not doing it currently but I'm sure it did something to undermine my computer. (it's a vista)

I've included two attachments.. a log from hijack and a log from superantispyware. Below is some other info that popped up that I'm assuming is suppose to be useful. Thank you for looking at this in advance. I would normally start deleting random files but I realize I should wait for someone who knows what they are doing to look at it first.


p.s. I've also had a trojan that came with a song in quarentine for months that Mcafee cannot remove. Any ideas?


Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


Index % of PCs with item Code Data
1 0.1% O1 ::1 localhost
2 0.2% O13
3 0.0% O15 http://*.mcafee.com
4 0.0% O16 {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
5 0.0% O16 {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
6 0.0% O16 {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
7 0.0% O16 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...354/mcfscan.cab
8 0.0% O16 {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-156b964f3...nPUplden-us.cab
9 0.0% O16 {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
10 0.4% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
11 1.4% O2 (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
12 0.7% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
13 0.6% O2 Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
14 0.3% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
15 0.0% O2 Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
16 0.0% O2 scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
17 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
18 0.0% O2 (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
19 0.0% O2 McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
20 0.1% O20 C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
21 1.5% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22 0.2% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23 0.1% O23 McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
24 0.1% O23 McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
25 0.1% O23 McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
26 0.1% O23 McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
27 0.1% O23 ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
28 0.1% O23 Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
29 0.1% O23 McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
30 0.1% O23 McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
31 0.0% O23 GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
32 0.0% O23 TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
33 0.0% O23 MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
34 0.0% O23 Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
35 0.0% O23 TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
36 0.0% O23 pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
37 0.0% O23 McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
38 0.0% O23 SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
39 0.0% O23 McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
40 0.0% O23 TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
41 0.0% O23 Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
42 0.0% O23 NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
43 0.0% O23 Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
44 0.3% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
45 0.0% O3 McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
46 0.0% O3 (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
47 0.9% O4 [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
48 0.6% O4 [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
49 0.6% O4 [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
50 0.3% O4 [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
51 0.1% O4 [Persistence] C:\WINDOWS\system32\igfxpers.exe
52 0.1% O4 [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
53 0.1% O4 [ehTray.exe] C:\Windows\ehome\ehTray.exe
54 0.1% O4 [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
55 0.1% O4 [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
56 0.1% O4 [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
57 0.1% O4 [NDSTray.exe] NDSTray.exe
58 0.1% O4 [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
59 0.0% O4 [RtHDVCpl] RtHDVCpl.exe
60 0.0% O4 [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
61 0.0% O4 [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
62 0.0% O4 [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
63 0.0% O4 [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
64 0.0% O4 [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
65 0.0% O4 [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
66 0.0% O4 [TOSCDSPD] TOSCDSPD.EXE
67 0.0% O4 [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
68 0.0% O4 [WeatherDPA] "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe" -auto
69 0.0% O4 [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
70 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
71 0.0% O4 [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
72 0.0% O4 [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
73 0.0% O4 [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
74 0.0% O4 [Microsoft Update Machine] rBot.exe
75 0.0% O4 [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
76 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
77 0.1% O9 Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
78 0.0% O9 Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
79 0.0% O9 S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
80 0.0% O9 Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
81 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
82 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
83 0.0% O9 Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
84 0.0% O9 &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
85 6.5% P01 C:\WINDOWS\Explorer.EXE
86 2.5% P01 C:\Program Files\Internet Explorer\iexplore.exe
87 1.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
88 0.8% P01 C:\WINDOWS\System32\hkcmd.exe
89 0.6% P01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
90 0.5% P01 C:\WINDOWS\system32\igfxpers.exe
91 0.4% P01 C:\Windows\ehome\ehtray.exe
92 0.4% P01 C:\Windows\ehome\ehmsas.exe
93 0.3% P01 C:\Program Files\Skype\Phone\Skype.exe
94 0.2% P01 C:\WINDOWS\system32\igfxsrvc.exe
95 0.2% P01 C:\Windows\system32\taskeng.exe
96 0.2% P01 C:\Windows\system32\Dwm.exe
97 0.1% P01 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
98 0.1% P01 C:\Windows\system32\wbem\unsecapp.exe
99 0.1% P01 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
100 0.1% P01 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
101 0.1% P01 C:\Program Files\Internet Explorer\ieuser.exe
102 0.1% P01 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
103 0.0% P01 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
104 0.0% P01 C:\Windows\RtHDVCpl.exe
105 0.0% P01 C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
106 0.0% P01 c:\program files\mcafee.com\agent\mcagent.exe
107 0.0% P01 c:\program files\mcafee\msc\mcshell.exe
108 0.0% P01 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
109 0.0% P01 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
110 0.0% P01 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
111 0.0% P01 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
112 0.0% P01 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
113 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
114 0.0% P01 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
115 0.0% P01 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
116 0.0% P01 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
117 0.0% P01 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
118 2.1% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
119 0.4% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
120 0.4% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
121 0.3% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
122 0.3% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
123 2.4% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
124 2.3% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
125 0.3% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
126 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

Explanation of the codes

R - Registry, StartPage/SearchPage changes


R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries


F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes


N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:


O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

Attached Files

•  superantilog.txt   28.01KB   125 downloads