Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Poly Win32 & StartPage-DU.dll/Hijacklog HELP [RESOLVED]


  • This topic is locked This topic is locked

#1
face_down

face_down

    New Member

  • Member
  • Pip
  • 3 posts
Thanks for this great site guys...I have learn soo much already. Ok...so I got these two bugs on my system, New Poly Win32 and StartPage-DU. McAfee, which is installed on my system does a great job telling me that these are on my system, but can not seem to remove them. I followed the "First Time here post" and still have these to bugs. Can you help a guy out? Here is the log file...thanks in advanced.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:55 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jeff\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {AA2EFF52-E8D3-CE7B-79E2-DCA16C899092} - C:\WINDOWS\atltz.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O8 - Extra context menu item: &Search - http://ka.bar.need2f...earch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresp...p/TLIEFlash.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi face_down and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS


Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save programs to your desktop for easy access, Please do not run any of the programs unless told to do so.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)


Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {AA2EFF52-E8D3-CE7B-79E2-DCA16C899092} - C:\WINDOWS\atltz.dll


8. click the Fix Checked box

9. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
10. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

11. Run the program CleanUp!

12. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

13. Please post an Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#3
face_down

face_down

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the quick help!!! Followed your instructions and the two bugs seem to be gone! :tazz:

Here are all of the logs:

AboutBuster 5.0 reference file 31
Scan started on [8/20/2005] at [8:43:06 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\AC3API.INI:lpxsbo
------------------------------------------------
Removed File! : C:\Windows\jghpo.dat
Removed File! : C:\Windows\System32\bblul.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:43:30 AM

(8/20/05 8:45:59 AM) SPSeHjFix started v1.1.2
(8/20/05 8:45:59 AM) OS: WinXP Service Pack 2 (5.1.2600)
(8/20/05 8:45:59 AM) Language: english
(8/20/05 8:45:59 AM) Win-Path: C:\WINDOWS
(8/20/05 8:45:59 AM) System-Path: C:\WINDOWS\system32
(8/20/05 8:45:59 AM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(8/20/05 8:46:03 AM) Disinfection started
(8/20/05 8:46:03 AM) Bad-Dll(IEP): (not found)
(8/20/05 8:46:03 AM) Bad-Dll(IEP) in BHO: (not found)
(8/20/05 8:46:03 AM) UBF: 8 - UBB: 1 - UBR: 26
(8/20/05 8:46:03 AM) UBF: 8 - UBB: 1 - UBR: 26
(8/20/05 8:46:03 AM) Bad IE-pages: (none)
(8/20/05 8:46:03 AM) Stealth-String not found
(8/20/05 8:46:03 AM) Not infected->END

Incident Status Location

Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/need2find No disinfected C:\PROGRAM FILES\Need2Find
Spyware:spyware/rxtoolbar No disinfected Windows Registry
Virus:Trj/Mitglieder.BQ Disinfected Personal Folders\Deleted Items\price.zip[doc_02.exe]

The HJT Log does show some things that I did previously delete...

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeff\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O8 - Extra context menu item: &Search - http://ka.bar.need2f...earch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Thanks again...you guys rock! :)
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Its not uncommon to have to do this again :)
Looks like you have another infection also, lets see if we can get that too :tazz:


DOWNLOAD PROGRAMS


rdrivRem.zip
  • Unzip it to your desktop.

THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Please double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder

6. Open up and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

7. Close all browsers, windows and unneeded programs.

8. Open HiJack and do a scan.

9. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hsuiz.dll/sp.html#10001
R3 - Default URLSearchHook is missing


10. click the Fix Checked box

11. Please remove the following folders using Windows Explorer (if present):

C:\PROGRAM FILES\Need2Find

13. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
14. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

15. Run the program CleanUp!

16. Delete File:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\smdat32m.sys
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "Yes".
17. Reboot into normal mode

18. Please post the rdriv.txt and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#5
face_down

face_down

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Excal.....Thanks so much!!! :tazz:

I think I might have it this time...everything seems to be OK and I can definately tell an increase in performance.

Is there any program that you would reccomend to block this crap from coming in???

Again THANK YOU!!!! :) :)

Here are the logs:


~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

***************************************************

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:40:02 PM, 8/20/2005
+ Report-Checksum: 9A758E87

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0B2910B5-8AE6-8676-E13B-4CEC5E6A75F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821C8BB3-C516-BEE5-C6A4-ECF0D92BF426} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-4229993464-467072065-2176786077-1006\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-4229993464-467072065-2176786077-1006\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-4229993464-467072065-2176786077-1006\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.771:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Jeff\Application Data\Netscape\NSB\Profiles\46sa8a1o.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wfkiskcpmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wfkokjazsgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wfkookczeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wfkycodzkaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjk4eocjkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjkocodjgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjkoekc5cgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjkooocpaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjliklazigo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjliqic5gfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjlywjd5mgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjmikjdjmfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjny-1oajog.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjnycmdzcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjnyemajkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@e-2dj6wjnyepazidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@ehg-rr.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jeff\Cookies\jeff@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\WINDOWS\SYSTEM32:mkaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup


::Report End


AboutBuster 5.0 reference file 31
Scan started on [8/20/2005] at [8:43:06 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\AC3API.INI:lpxsbo
------------------------------------------------
Removed File! : C:\Windows\jghpo.dat
Removed File! : C:\Windows\System32\bblul.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:43:30 AM

*********************************************

AboutBuster 5.0 reference file 31
Scan started on [8/20/2005] at [9:42:34 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:42:51 PM

********************************************

Logfile of HijackThis v1.99.1
Scan saved at 9:52:11 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeff\My Documents\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

I recommend that you Defrag your computer before setting your Restore points:

Go to start>all programs>accessories>system tools>Disk Defragmentor Make sure it set to the proper drive (default should be your main driver) and click on defragment


Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP