Thank you
ps. EDIT:Email address removed
Attached Files
-
hijackthis.txt 7KB
125 downloads
Edited by Trevuren, 07 August 2005 - 02:20 PM.
Qoolaid virus and Adware [RESOLVED]
Started by
fgerlitz
, Aug 07 2005 07:41 AM
-
This topic is locked
#1
Posted 07 August 2005 - 07:41 AM
fgerlitz
-
- Member
-
- 6 posts
New Member
Thank you
ps. EDIT:Email address removed
#2
Posted 08 August 2005 - 11:36 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Welcome to GTG.
Please download Ewido Security Suite at http://www.ewido.net/en/download/.
1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.
CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Now open Ewido and do a scan on your system.
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKLM\..\Run: [lyozgc] C:\WINDOWS\System32\lyozgc.exe
O4 - HKLM\..\Run: [mysql.sock' (11)] C:\WINDOWS\System32\mysql.sock' (11)
O4 - HKCU\..\Run: [cfgbkend] C:\WINDOWS\System32\cfgbkend.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
Locate and delete the following:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\radn.exe
C:\WINDOWS\System32\lyozgc.exe
C:\WINDOWS\System32\mysql.sock' (11)
C:\WINDOWS\System32\cfgbkend.exe
C:\WINDOWS\System32\196_150_ni.exe
Finally, restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.
Then give me these logs also:
* Download WinPFind http://www.bleepingc...es/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don 't do anything with it yet!
* Download Track qoo http://www.geekstogo...ds/Trackqoo.zip
o Save it to the Desktop.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Double click WinPFind.exe
* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!
Reboot back to Normal Mode!
Double click on 'Track qoo.vbs'
Note - If you have an anti-virus program that has script blocking features, you will get a pop up window asking you what to do. Allow this entire script to run. It's harmless.
Wait a few seconds and Notepad will pop up. Copy & Paste those results and place them in the next post along with the results of WinPFind!
Please download Ewido Security Suite at http://www.ewido.net/en/download/.
1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.
CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Now open Ewido and do a scan on your system.
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKLM\..\Run: [lyozgc] C:\WINDOWS\System32\lyozgc.exe
O4 - HKLM\..\Run: [mysql.sock' (11)] C:\WINDOWS\System32\mysql.sock' (11)
O4 - HKCU\..\Run: [cfgbkend] C:\WINDOWS\System32\cfgbkend.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
Locate and delete the following:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\radn.exe
C:\WINDOWS\System32\lyozgc.exe
C:\WINDOWS\System32\mysql.sock' (11)
C:\WINDOWS\System32\cfgbkend.exe
C:\WINDOWS\System32\196_150_ni.exe
Finally, restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.
Then give me these logs also:
* Download WinPFind http://www.bleepingc...es/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don 't do anything with it yet!
* Download Track qoo http://www.geekstogo...ds/Trackqoo.zip
o Save it to the Desktop.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Double click WinPFind.exe
* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!
Reboot back to Normal Mode!
Double click on 'Track qoo.vbs'
Note - If you have an anti-virus program that has script blocking features, you will get a pop up window asking you what to do. Allow this entire script to run. It's harmless.
Wait a few seconds and Notepad will pop up. Copy & Paste those results and place them in the next post along with the results of WinPFind!
#3
Posted 09 August 2005 - 09:25 AM
fgerlitz
- Topic Starter
-
- Member
-
- 6 posts
New Member
greyknight17!
thank you for the prompt response. included are the hijackthis, WinpFind, ewido and Trackqoo files you requested. looks like we still have some goobers to remove. please let me know. thank you again.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:52:20 AM, 8/9/2005
+ Report-Checksum: AE95F332
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
C:\WINDOWS\SYSTEM32\pxmas.exe -> Trojan.Downloader.reqlook : Cleaned with backup
C:\WINDOWS\SYSTEM32\lyozgd.exe -> Spyware.Adstart : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.bem : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
:mozilla.9:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.14:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.31:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.32:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.33:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.53:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001306.exe -> Spyware.Adstart : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:24:07 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\SKYPE\Phone\Skype.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: pxmas - Unknown owner - C:\WINDOWS\system32\pxmas.exe (file missing)
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
PECompact2 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
qoologic 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
SAHAgent 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
PECompact2 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
qoologic 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
SAHAgent 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
Checking %System% folder...
PECompact2 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
FSG! 11/11/2003 4:00:22 PM 236544 C:\WINDOWS\SYSTEM32\DivXdec.ax
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 3/18/2003 7:05:48 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 3/18/2003 9:20:00 PM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 8:28:40 PM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 9:12:12 PM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 8:31:58 PM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder for system and hidden files within the last 60 days...
8/9/2005 10:50:16 AM 860160 C:\WINDOWS\SYSTEM32\config\system.LOG
8/9/2005 10:50:16 AM 90112 C:\WINDOWS\SYSTEM32\config\software.LOG
8/9/2005 10:50:16 AM 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
8/9/2005 10:53:24 AM 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
8/9/2005 10:52:50 AM 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
7/26/2005 12:50:54 PM 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
7/13/2005 4:15:46 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
7/13/2005 4:15:46 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\64d61dcc-d0e7-4df3-bd8e-498162df6ef2
7/21/2005 2:30:54 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
7/21/2005 2:30:52 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\ced91eec-90b4-4518-abb5-d305ac77570e
8/9/2005 10:49:56 AM 6 C:\WINDOWS\TASKS\SA.DAT
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\7EQH0R5F\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\R5WBHHR7\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\01YNSPYJ\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\W1UROLIV\desktop.ini
7/21/2005 2:22:24 PM 113 C:\WINDOWS\TEMP\History\History.IE5\desktop.ini
7/16/2005 2:16:56 PM 65 C:\WINDOWS\Offline Web Pages\desktop.ini
7/16/2005 2:16:58 PM 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
6/26/2005 11:44:38 AM 0 C:\WINDOWS\inf\oem8.inf
7/21/2005 11:49:12 AM 305145 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
7/21/2005 11:51:42 AM 68327 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
12/14/2004 10:55:08 AM 1728 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
1/19/2004 12:46:46 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/3/2004 1:54:26 AM 1343 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MUPS.lnk
8/8/2005 5:18:50 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
1/19/2004 8:18:42 PM 0 C:\Documents and Settings\PC\Application Data\dm.ini
2/5/2005 12:50:40 PM 45552 C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
DigExt =
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygfksyg
{b872bcb5-3b7a-4b89-b7a1-9cae874349dd} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF} = C:\Program Files\DigitalPersona\Bin\DPShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22} = C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22} = C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF} = C:\Program Files\DigitalPersona\Bin\DPShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\SYSTEM32\communicator.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
VTPreset VTPreset.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
DpAgnt C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
_AntiSpyware c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
HP Software Update C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSKAgentExe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSKDetectorExe C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
FLMOFFICE4DMOUSE C:\Program Files\Browser MOUSE\mouse32a.exe
RoxioDragToDisc "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
SM1BG C:\WINDOWS\SM1BG.EXE
SSBkgdUpdate "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
ControlCenter2.0 C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
PPort9reminder "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Skype "C:\SKYPE\Phone\Skype.exe" /nosplash /minimized
MSKAGENTEXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ugwpqkx.exe C:\WINDOWS\system\ugwpqkx.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/9/2005 11:03:10 AM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTPreset"="VTPreset.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DpAgnt"="C:\\Program Files\\DigitalPersona\\Bin\\DPAgnt.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\MssCli.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"MSKAgentExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"SM1BG"="C:\\WINDOWS\\SM1BG.EXE"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"PPort9reminder"="\"C:\\Program Files\\ScanSoft\\PaperPort\\WebEreg\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\PaperPort\\WebEreg\\ereg.ini\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- mygfksyg
{b872bcb5-3b7a-4b89-b7a1-9cae874349dd}
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF}
C:\Program Files\DigitalPersona\Bin\DPShell.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22}
C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {CFC7205E-2792-4378-9591-3879CC6C9022}
c:\progra~1\mcafee.com\vso\mcvsshl.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
Microsoft Office.lnk
MUPS.lnk
Acrobat Assistant.lnk
Status Monitor.lnk
==============================
C:\Documents and Settings\PC\Start Menu\Programs\Startup
desktop.ini
Microsoft Office.lnk
MUPS.lnk
Acrobat Assistant.lnk
Status Monitor.lnk
desktop.ini
==============================
C:\WINDOWS\SYSTEM32 cpl files
wuaucpl.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
inetcpl.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
that all folks!
thank you for the prompt response. included are the hijackthis, WinpFind, ewido and Trackqoo files you requested. looks like we still have some goobers to remove. please let me know. thank you again.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:52:20 AM, 8/9/2005
+ Report-Checksum: AE95F332
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
C:\WINDOWS\SYSTEM32\pxmas.exe -> Trojan.Downloader.reqlook : Cleaned with backup
C:\WINDOWS\SYSTEM32\lyozgd.exe -> Spyware.Adstart : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.bem : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
:mozilla.9:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.14:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.31:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.32:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.33:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.53:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\PC\Application Data\Mozilla\Profiles\default\zr8lrbi0.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001306.exe -> Spyware.Adstart : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:24:07 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\SKYPE\Phone\Skype.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: pxmas - Unknown owner - C:\WINDOWS\system32\pxmas.exe (file missing)
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
PECompact2 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
qoologic 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
SAHAgent 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\lpt$vpn.763
PECompact2 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
qoologic 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
SAHAgent 8/7/2005 12:39:32 PM 15582563 C:\WINDOWS\VPTNFILE.763
Checking %System% folder...
PECompact2 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 7:26:32 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
FSG! 11/11/2003 4:00:22 PM 236544 C:\WINDOWS\SYSTEM32\DivXdec.ax
winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 3/18/2003 7:05:48 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 3/18/2003 9:20:00 PM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 8:28:40 PM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 9:12:12 PM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 8:31:58 PM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder for system and hidden files within the last 60 days...
8/9/2005 10:50:16 AM 860160 C:\WINDOWS\SYSTEM32\config\system.LOG
8/9/2005 10:50:16 AM 90112 C:\WINDOWS\SYSTEM32\config\software.LOG
8/9/2005 10:50:16 AM 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
8/9/2005 10:53:24 AM 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
8/9/2005 10:52:50 AM 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
7/26/2005 12:50:54 PM 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
7/13/2005 4:15:46 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
7/13/2005 4:15:46 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\64d61dcc-d0e7-4df3-bd8e-498162df6ef2
7/21/2005 2:30:54 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
7/21/2005 2:30:52 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\ced91eec-90b4-4518-abb5-d305ac77570e
8/9/2005 10:49:56 AM 6 C:\WINDOWS\TASKS\SA.DAT
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\7EQH0R5F\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\R5WBHHR7\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\01YNSPYJ\desktop.ini
7/21/2005 2:22:22 PM 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\W1UROLIV\desktop.ini
7/21/2005 2:22:24 PM 113 C:\WINDOWS\TEMP\History\History.IE5\desktop.ini
7/16/2005 2:16:56 PM 65 C:\WINDOWS\Offline Web Pages\desktop.ini
7/16/2005 2:16:58 PM 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
6/26/2005 11:44:38 AM 0 C:\WINDOWS\inf\oem8.inf
7/21/2005 11:49:12 AM 305145 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
7/21/2005 11:51:42 AM 68327 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
12/14/2004 10:55:08 AM 1728 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
1/19/2004 12:46:46 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/3/2004 1:54:26 AM 1343 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MUPS.lnk
8/8/2005 5:18:50 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
1/19/2004 8:18:42 PM 0 C:\Documents and Settings\PC\Application Data\dm.ini
2/5/2005 12:50:40 PM 45552 C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
DigExt =
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mygfksyg
{b872bcb5-3b7a-4b89-b7a1-9cae874349dd} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF} = C:\Program Files\DigitalPersona\Bin\DPShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22} = C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22} = C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF} = C:\Program Files\DigitalPersona\Bin\DPShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\SYSTEM32\communicator.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
VTPreset VTPreset.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
DpAgnt C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
_AntiSpyware c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
HP Software Update C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSKAgentExe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSKDetectorExe C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
FLMOFFICE4DMOUSE C:\Program Files\Browser MOUSE\mouse32a.exe
RoxioDragToDisc "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
SM1BG C:\WINDOWS\SM1BG.EXE
SSBkgdUpdate "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
ControlCenter2.0 C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
PPort9reminder "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Skype "C:\SKYPE\Phone\Skype.exe" /nosplash /minimized
MSKAGENTEXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ugwpqkx.exe C:\WINDOWS\system\ugwpqkx.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/9/2005 11:03:10 AM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTPreset"="VTPreset.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DpAgnt"="C:\\Program Files\\DigitalPersona\\Bin\\DPAgnt.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\MssCli.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"MSKAgentExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"SM1BG"="C:\\WINDOWS\\SM1BG.EXE"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"PPort9reminder"="\"C:\\Program Files\\ScanSoft\\PaperPort\\WebEreg\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\PaperPort\\WebEreg\\ereg.ini\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- mygfksyg
{b872bcb5-3b7a-4b89-b7a1-9cae874349dd}
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- OneTouch Crypto
{18154541-0F1A-11D5-87C1-00010242D7FF}
C:\Program Files\DigitalPersona\Bin\DPShell.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- PowerZip
{FF463FE9-8DA1-11D1-B516-E5028A4DAE22}
C:\POWERZIP\PowerZip 7.0\PZShlExt.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {CFC7205E-2792-4378-9591-3879CC6C9022}
c:\progra~1\mcafee.com\vso\mcvsshl.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
Microsoft Office.lnk
MUPS.lnk
Acrobat Assistant.lnk
Status Monitor.lnk
==============================
C:\Documents and Settings\PC\Start Menu\Programs\Startup
desktop.ini
Microsoft Office.lnk
MUPS.lnk
Acrobat Assistant.lnk
Status Monitor.lnk
desktop.ini
==============================
C:\WINDOWS\SYSTEM32 cpl files
wuaucpl.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
inetcpl.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
that all folks!
#4
Posted 09 August 2005 - 09:55 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers and delete mygfksyg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run and delete ugwpqkx.exe
If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.
Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:
C:\WINDOWS\system\ugwpqkx.exe
C:\WINDOWS\RMAgentOutput.dll
Do these steps also, if any doesn't apply, just move on to the next one:
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
sc stop pxmas
sc delete pxmas
del delete.bat
Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.
Go to Start->Run and type in services.msc and hit OK. Then look for pxmas and double click on it. Click on the Stop button and under Startup type, choose Disabled.
Go into HijackThis->Config->Misc Tools->Delete an NT service and type in pxmas and hit OK.
Check and fix this in HijackThis if it's still there:
O23 - Service: pxmas - Unknown owner - C:\WINDOWS\system32\pxmas.exe (file missing)
Restart and post a new HijackThis log.
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers and delete mygfksyg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run and delete ugwpqkx.exe
If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.
Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:
C:\WINDOWS\system\ugwpqkx.exe
C:\WINDOWS\RMAgentOutput.dll
Do these steps also, if any doesn't apply, just move on to the next one:
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
sc stop pxmas
sc delete pxmas
del delete.bat
Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.
Go to Start->Run and type in services.msc and hit OK. Then look for pxmas and double click on it. Click on the Stop button and under Startup type, choose Disabled.
Go into HijackThis->Config->Misc Tools->Delete an NT service and type in pxmas and hit OK.
Check and fix this in HijackThis if it's still there:
O23 - Service: pxmas - Unknown owner - C:\WINDOWS\system32\pxmas.exe (file missing)
Restart and post a new HijackThis log.
#5
Posted 09 August 2005 - 01:10 PM
fgerlitz
- Topic Starter
-
- Member
-
- 6 posts
New Member
here is the newest hijackthis file:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:29 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
i still don't what a few of these files are? is there any way to find out? are we clean yet? how do i keep it clean? can you point me in the right direction.
thanks
Logfile of HijackThis v1.99.1
Scan saved at 2:58:29 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
i still don't what a few of these files are? is there any way to find out? are we clean yet? how do i keep it clean? can you point me in the right direction.
thanks
#6
Posted 09 August 2005 - 02:21 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Now open Ewido and do a scan on your system.
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
Locate and delete the following:
ie4tilse.exe
Restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.
Now open Ewido and do a scan on your system.
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
Locate and delete the following:
ie4tilse.exe
Restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.
#7
Posted 10 August 2005 - 11:11 AM
fgerlitz
- Topic Starter
-
- Member
-
- 6 posts
New Member
followed instructions as outlined and it appears that the ie4tilse bug is still there?
attached are the ewido and hijackthis files:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:29 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:35:01 AM, 8/10/2005
+ Report-Checksum: E885EC28
+ Scan result:
:mozilla.10:C:\Documents and Settings\Morgan\Application Data\Mozilla\Profiles\default\wj6yao8t.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001313.exe -> Trojan.Downloader.reqlook : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001314.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001315.dll -> Spyware.Wheaterbug : Cleaned with backup
::Report End
attached are the ewido and hijackthis files:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:29 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zyp8RXjne] ie4tilse.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:35:01 AM, 8/10/2005
+ Report-Checksum: E885EC28
+ Scan result:
:mozilla.10:C:\Documents and Settings\Morgan\Application Data\Mozilla\Profiles\default\wj6yao8t.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001313.exe -> Trojan.Downloader.reqlook : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001314.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{F9721488-AC01-4B51-A838-37AE54E8F74E}\RP8\A0001315.dll -> Spyware.Wheaterbug : Cleaned with backup
::Report End
#8
Posted 10 August 2005 - 12:55 PM
fgerlitz
- Topic Starter
-
- Member
-
- 6 posts
New Member
deleted all occurances of Zyp8RXjne and ie4tilse.exe from the registry.
restarted computer in safe mode and ran ewido (no bad files found), also ran hijackthis with the same results.
restarted the computer and ran hijackthis. lastest hijackthis report log follows.
looks like the computer is clean? your comment?
Logfile of HijackThis v1.99.1
Scan saved at 2:41:16 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
thats all folks!
restarted computer in safe mode and ran ewido (no bad files found), also ran hijackthis with the same results.
restarted the computer and ran hijackthis. lastest hijackthis report log follows.
looks like the computer is clean? your comment?
Logfile of HijackThis v1.99.1
Scan saved at 2:41:16 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Morgan\My Documents\Hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DpAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://www.webtrain....inet/wt0110.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1074642566030
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DpHost - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Belkin Bulldog Plus\upsd.exe
thats all folks!
#9
Posted 10 August 2005 - 08:33 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
Viewpoint
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:
C:\Program Files\Viewpoint\
Restart. No need for a new log.
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.
Your log is clean.
To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If not, you should be set to go.
Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
Viewpoint
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:
C:\Program Files\Viewpoint\
Restart. No need for a new log.
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.
Your log is clean.
To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If not, you should be set to go.
#10
Posted 14 August 2005 - 07:34 PM
fgerlitz
- Topic Starter
-
- Member
-
- 6 posts
New Member
the qoolaid virus and most of the other adware is gone. Thank you for your help and support.
i read your anti-spyware tutorial but after trying to play a blockbuster video in my computer DVD, i know i need more protection?
thank you again. keep up the good work.
this thread is closed.
i read your anti-spyware tutorial but after trying to play a blockbuster video in my computer DVD, i know i need more protection?
thank you again. keep up the good work.
this thread is closed.
#11
Posted 15 August 2005 - 07:55 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
