Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anoying Problem [RESOLVED]

Started by -fx7- , Jul 30 2005 05:25 AM

  • This topic is locked This topic is locked

#1
-fx7-
Posted 30 July 2005 - 05:25 AM

-fx7-

    Member

  • Member
  • PipPip
  • 18 posts
I have been getting anoying random popups from IE even tho my default browser is and has been Firefox. I mostly use this computer to play games on and this keeps minimizing my game when i'm tryn to play. Also if i run McAfee virus scan, it will temporaily cure the problem, but will return when it feels like it. And there seems to be something else that minimizes the game as well besides the popups. I'm getting really aggrivated. I thought it was the CW trojan but i've followed every thread i could find that was slightly related and none of them have seemed to help. Here is my hijack this log right after the last popup. Thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 6:17:23 AM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\husband\Desktop\Cleanup\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\husband\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\husband\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE on Lockdown
O2 - BHO: (no name) - {4EE59AE6-0159-4F8F-95E4-8FEC7B140EA5} - C:\WINDOWS\System32\bjnp.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - (no file)
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102892439\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\husband\LOCALS~1\Temp\se.dll,DllInstall
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Microsoft AntiSpyware helper - {3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108885020468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O18 - Filter: text/html - {E387A30E-D2E7-4CF5-B99A-FDAC00235913} - C:\WINDOWS\System32\bjnp.dll
O18 - Filter: text/plain - {E387A30E-D2E7-4CF5-B99A-FDAC00235913} - C:\WINDOWS\System32\bjnp.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

Advertisements

#2
MrCharlie
Posted 30 July 2005 - 09:52 AM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts
Welcome to the forum.

Download 'SpSeHjfix'. into a folder. (don't run it yet)

Download CW-Shredder:
http://www.trendmicr.../cwshredder.exe (don't run it yet)

Make sure you know how to boot into - SafeMode

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


---------------------------------------------------------------------------

Reboot into safe mode

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

Repeat the process above until you get a log like this - 'not infected'

Then run CW-Shredder - hit the FIX button.

3-26-05 18:08:05) SPSeHjFix started v1.1.0
(3-26-05 18:08:05) OS: Win (4.10.2222)
(3-26-05 18:08:05) Language: svenska
(3-26-05 18:08:07) Disinfect started
(3-26-05 18:08:07) Bad-Dll(IEP): (not found)  <------
(3-26-05 18:08:07) Bad-Dll(IEP) in BHO: (not found) <------
(3-26-05 18:08:07) UBF: 4
(3-26-05 18:08:07) UBB: 2
(3-26-05 18:08:07) UBR: 17
(3-26-05 18:08:07) Bad IE-pages:
(3-26-05 18:08:07) Stealth-String not found:  <------
(3-26-05 18:08:07) Not infected->END  <------



Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

or if that doesn't work:

To repair Internet Explorer in Windows XP, complete the following procedure while you are logged on as an administrator:

Use the System File Checker tool to scan all of the protected files on your computer:

Click Start, and then click Run.
In the Open box, type sfc /scannow, and then click OK.

Two links to look at:
Additional Info
Additional Info


Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
Thanks, MrC
  • 0

#3
-fx7-
Posted 30 July 2005 - 10:40 AM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Someone had messed with the comp before you replied but i followed instructions anyways. I dont know what its capable of. And here are the log files

Logfile of HijackThis v1.99.1
Scan saved at 11:36:15 AM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
C:\Documents and Settings\husband\Desktop\Cleanup\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE on Lockdown
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (disabled by BHODemon)
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - (no file)
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1102892439\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Microsoft AntiSpyware helper - {3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no

file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -

{3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...te.cab?11088850

20468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program

Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates

Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates

Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe"

-service (file missing)






(7/30/05 11:33:02 AM) SPSeHjFix started v1.1.2
(7/30/05 11:33:02 AM) OS: WinXP Service Pack 1 (5.1.2600)
(7/30/05 11:33:02 AM) Language: english
(7/30/05 11:33:02 AM) Win-Path: C:\WINDOWS
(7/30/05 11:33:02 AM) System-Path: C:\WINDOWS\System32
(7/30/05 11:33:02 AM) Temp-Path: C:\DOCUME~1\husband\LOCALS~1\Temp\
(7/30/05 11:33:07 AM) Disinfection started
(7/30/05 11:33:07 AM) Bad-Dll(IEP): (not found)
(7/30/05 11:33:07 AM) Bad-Dll(IEP) in BHO: (not found)
(7/30/05 11:33:07 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:33:07 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:33:07 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
(7/30/05 11:33:07 AM) Stealth-String found: C:\WINDOWS\System32\logcb.dll
(7/30/05 11:33:07 AM) Error while add to delete. Try another way... : C:\WINDOWS\System32\logcb.dll
(7/30/05 11:33:07 AM) No locked Files to delete. End without Reboot
(7/30/05 11:33:10 AM) Disinfection started
(7/30/05 11:33:10 AM) Bad-Dll(IEP): (not found)
(7/30/05 11:33:10 AM) Bad-Dll(IEP) in BHO: (not found)
(7/30/05 11:33:10 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:33:10 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:33:10 AM) Bad IE-pages: (none)
(7/30/05 11:33:10 AM) Stealth-String not found
(7/30/05 11:33:10 AM) Not infected->END


(7/30/05 11:34:01 AM) SPSeHjFix started v1.1.2
(7/30/05 11:34:01 AM) OS: WinXP Service Pack 1 (5.1.2600)
(7/30/05 11:34:01 AM) Language: english
(7/30/05 11:34:01 AM) Win-Path: C:\WINDOWS
(7/30/05 11:34:01 AM) System-Path: C:\WINDOWS\System32
(7/30/05 11:34:01 AM) Temp-Path: C:\DOCUME~1\husband\LOCALS~1\Temp\
(7/30/05 11:34:02 AM) Disinfection started
(7/30/05 11:34:02 AM) Bad-Dll(IEP): (not found)
(7/30/05 11:34:02 AM) Bad-Dll(IEP) in BHO: (not found)
(7/30/05 11:34:02 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:34:02 AM) UBF: 7 - UBB: 0 - UBR: 13
(7/30/05 11:34:02 AM) Bad IE-pages: (none)
(7/30/05 11:34:02 AM) Stealth-String not found
(7/30/05 11:34:02 AM) Not infected->END
  • 0

#4
MrCharlie
Posted 30 July 2005 - 11:00 AM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts
Looks better.

What is this? IE on Lockdown

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE on Lockdown

Close ALL programs down, leaving ONLY HijackThis running.
Place a check against the following items:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (disabled by BHODemon)
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3A45F285-67E1-4AAB-9A15-2D6E9B5C0C0F} - (no file) (HKCU)
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe

Click on Fix Checked and exit HijackThis.

Reboot and post a fresh HijackThis log and we'll take another look. MrC
  • 0

#5
-fx7-
Posted 30 July 2005 - 11:10 AM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
LoL: IE on Lockdown, to remind myself that i changed it to where IE cant access the internet. I forgot i did that one day and started to get aggrivated so i changed the title to remind myself incase there was a next time. And i disabled IE because everytime i would start it, pop-ups and crap would start happening like crazy.

Logfile of HijackThis v1.99.1
Scan saved at 12:10:13 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\husband\Desktop\Cleanup\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE on Lockdown
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102892439\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108885020468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

#6
MrCharlie
Posted 30 July 2005 - 11:13 AM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts
Looks Good! How's it running? MrC
  • 0

#7
-fx7-
Posted 30 July 2005 - 11:17 AM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It seems to be running ok for now at least.
Would you be able to tell me what other useless stuff could be cut out so to improve performance?

[and only one sig?]
  • 0

#8
MrCharlie
Posted 30 July 2005 - 11:25 AM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts
I hope we're using a legal copy of XP here, you're way behind on your updates.

Visit Windows Update and install all the lastest critical updates.

These aren't needed at start up - you can restore them if you like - just use HJT backups.

Close ALL programs down, leaving ONLY HijackThis running.
Place a check against the following items:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Click on Fix Checked and exit HijackThis.



Make sure you clean up all the temp files frequently , I like this program: CCleaner
http://www.filehippo...d_ccleaner.html

Download, install and run it.
Use the default settings, just uncheck cookies.

------------------------------------------------------------------------
Clean up the registry:
I use RegCleaner, link below
http://www.capetechs.../RegCleaner.exe
http://www.worldstar...-cleaner4.3.htm
http://www.worldstar.../regcleaner.exe

Download and install it.
Click on the RegCleanr.exe
Tools (at the top) > Registry Cleanup > Do Them All
Then 'Select' (at top left) > choose ALL
'Remove Selected" (at bottom right)
A backup of all that was removed will be made, just choose 'Backups' (top right) to view them, you can delete them when you're confident they're no longer needed.

----------------------------------------------------------------

Finally run defrag:
Start/Programs/Accessories/System Tools/Disk Defragmenter
Here's an excellent alternative tool - Diskeeper Lite
http://www1.execsoft.com/dklite.exe
http://www.webattack...eeperlite.shtml

====================================================================

If you have any questions - please post back.


I'll leave you with........

Some preventive maintenance:

------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point:
(ME and XP users only)

XP system restore

ME system restore


Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked. Check for updates weekly.

SpywareBlaster

SpywareGuard


IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
IE-SPYAD

SpyBot has some protection benefits - use them.

Need a free anti virus?
AVG*free
(check for updates - daily)

How about a firewall? The front door to your computer.
ZoneAlarm*free



----------Free malware removal programs:----------

SpyBot
AD-Aware
CW-Shredder

Free Online Trojan Scan

A SQUARED FREE TROJAN SCANNER

Trojan Hunter
TrojanHunter - free trial

Please consider using FireFox instead of Internet Explorer

Replace Java with SunJava

Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable Windows MessengerXP - 2K (stops pop-up ads -etc):
Disabling Messenger Service in Windows XP
How to Remove Windows Messenger on Windows XP
How to Remove Windows Messenger on Windows XP
Shoot The Messenger


Don't open e-mail attachments without first scanning them with an up-to-date
anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC
  • 0

#9
-fx7-
Posted 30 July 2005 - 12:33 PM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
HEY!!!
Now i get an alert by McAfee BackDoor-CFB.
Completely new, what happened???

New Log

Logfile of HijackThis v1.99.1
Scan saved at 1:33:55 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\husband\Desktop\s-t-i-n-g-e-r.exe
C:\Documents and Settings\husband\Desktop\Cleanup\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE on Lockdown
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102892439\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122744903937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

#10
MrCharlie
Posted 30 July 2005 - 12:58 PM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts

HEY!!!
Now i get an alert by McAfee BackDoor-CFB.
Completely new, what happened???


The log is clean, I see you ran the Stinger - did it find any thing?
What exactly did McAfee say as far as what is infected?
Let me know, MrC
  • 0

Advertisements

#11
-fx7-
Posted 30 July 2005 - 01:01 PM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Stinger didnt find anything nor did any other scanner with the exception of McAffe now.
I chose to delete the thing and McAfee said it was unable to clean/delete/or quarintine the file, i clicked ok and it aint popped up again. So i'm running another scan tryn to find it.
  • 0

#12
-fx7-
Posted 30 July 2005 - 01:10 PM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan came up empty......... hmmmm..........
  • 0

#13
-fx7-
Posted 30 July 2005 - 01:15 PM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
well i rebooted and got this alert

C:\WINDOWS\SYSTEM32\LOGCB.DLL is infectd by the BackDoor-CFB virus and cannot be cleaned
  • 0

#14
MrCharlie
Posted 30 July 2005 - 01:33 PM

MrCharlie

    Visiting Staff

  • Visiting Consultant
  • 170 posts
Can you physically see the file?

Copy the text in blue into Notepad,

Save it as fix.bat and make sure the "Save as type" field says "All files".
Save it on your Desktop

@ECHO OFF
cd %windir%\system32
regsvr32 /u /s C:\WINDOWS\SYSTEM32\LOGCB.DLL
attrib -s -r -h LOGCB.DLL
del LOGCB.DLL
exit

Reboot into safe mode and double click on the fix.bat.

Reboot into normal mode and see if it's still there. MrC
  • 0

#15
-fx7-
Posted 30 July 2005 - 01:42 PM

-fx7-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Unfortuneately it still is.....
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP