Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Check me out Please [CLOSED]

Started by tirlane , Sep 05 2005 01:45 PM

  • This topic is locked This topic is locked

#1
tirlane
Posted 05 September 2005 - 01:45 PM

tirlane

    New Member

  • Member
  • Pip
  • 8 posts
:tazz:


just spent the day trying to clean up my PC including removal of alemod.e using this site's help.

below is my hijack this log. can somebody tell me if anything else needs to go.

Logfile of HijackThis v1.99.1
Scan saved at 00:49:51, on 05/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memzip\memzipr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
c:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\customer\Desktop\modules3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hhajctuxb...xsSjRQ3_MkL.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {2FA8B6B0-CAA0-D093-90C1-9F49CFA1E652} - C:\DOCUME~1\BECKYL~1.000\APPLIC~1\Junkremote\PLATFORMBEEP.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\Program Files\Memzip\memzipr.exe
O4 - HKCU\..\Run: [Program Defy] C:\DOCUME~1\customer\APPLIC~1\about rule\Body Jump.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.od2.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1865.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
  • 0

Advertisements

#2
ukbiker
Posted 05 September 2005 - 04:52 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there tirlane

I am UKBiker and I will be helping you with this log.

While I am preparing a fix for you, please do the following
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Documents and Settings\customer\Desktop\modules3.exe
  • Click on the submit button
  • Please post the results in your next reply.
UKBiker
  • 0

#3
tirlane
Posted 05 September 2005 - 05:02 PM

tirlane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
:tazz:

Hi UKBiker, Thanks for your help.

The reply I recieved from scan is

'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'
  • 0

#4
ukbiker
Posted 05 September 2005 - 05:21 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi tirlane

ok. we will deal with that later.

Firstly, ensure that you have HJT installed in its own folder on the C drive. This is important as if you dont, backups will not be made. DO NOT proceed with the rest of the fix until you have done this.

Please print these instructions out for reference as you work through t he fix.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:
===================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hhajctuxb...xsSjRQ3_MkL.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {2FA8B6B0-CAA0-D093-90C1-9F49CFA1E652} - C:\DOCUME~1\BECKYL~1.000\APPLIC~1\Junkremote\PLATFORMBEEP.exe
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1865.exe

===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Good Luck

UKBiker
  • 0

#5
tirlane
Posted 08 September 2005 - 02:21 PM

tirlane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
:tazz:

Hi ukbiker

I have completed most of the fixes. One problem. When I run the Panda ActiveScan I don't get an autoclean checkbox so the scan only finds the problems but does not clean them. Cleaning only seems to be included in the Pro version.

Below are the HijackThis Log, smitfiles.txt log, ActiveScan log and Ewido Log.

Happy reading :)

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 20:51:17, on 08/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Memzip\memzipr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\Program Files\Memzip\memzipr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe


smitfiles.txt log


smitRem log file
version 2.3

by noahdfear

The current date is: 07/09/2005
The current time is: 23:35:41.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)


ActiveScan log


Incident Status Location

Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\16 Each.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\About mp3.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\ActiveIntra.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\adminproxy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\amokhold.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\ARMYSITE.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\AXIS BAT.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\bags sect.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\BAIT FILE.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Bait Skip.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Ballload.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\bias bash.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\bias two.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\bind idle.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Bird Drive.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Bore Flag.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Bows locks.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\bowsdvd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\cash vc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\City Skip.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\CoalThis.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Coolsend.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\dash ball.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Date Start.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Delete Manager.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\dent chic.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\does save.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\DoesCopy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Dog This.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\draw 2.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\drv meal.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\EggsDrive.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Eggsnoun.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\else amok.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Exit Hope.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\facehold.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\FiveMulti.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\flag iso.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\flap grey.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\ford trust.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\four surf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\gpl win.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\gram bend.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\gram download.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Heart Bows.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\heartreal.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\HOLEJOY.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\idolbend.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Internet Face.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Internet Ford.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Less Team.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\less vga.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Link itch.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Link user.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\litebias.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\longhide.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Loud error.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\MAPI DENT.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\math global.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\mealbin.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\meet this.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\memo about.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\MemoHold.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\meow grey.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\metaroam.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Mfcd hope.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\MIXFLAW.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Mixsettings.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Mp3 Bags.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\MULTI MEET.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\namethat.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\objwin.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\okaycamp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\once keep.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Ooze about.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\ping scr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Platform 16.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\platformstore.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\poke support.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Poll manager.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Proc data.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\program base.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Proxystore.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\PureCopy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Ref1.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\scr once.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\secondonce.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\setup safe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Stop Copy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\stopace.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Stupid Bat.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\team logo.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\title math.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\tool amok.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\trust meta.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\TrustSign.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Type Axis.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\type two.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\typeaudio.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\viewhtm.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\wait byte.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\Way keep.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\WayEnc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MfcdThird64More\wma okay.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\aanvopku.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\advaggdc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\aecrmcdx.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\aqwwmqtx.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\arzzcwlg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\asjccdvf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\athoqpoj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\blwptfug.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\Body Jump.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\chzdyzkw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\cxoaywsz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\cztvsega.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\dffuhxho.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\dlacjpfp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\dmfnncex.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\dxqhpzgb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\eplxwdsc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\fnitwcoe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\frmdpumf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\ftnrugwj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\gdeexkpu.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\hcwcxdti.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\hmedlabu.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\hrcnnckr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\hsnwahwm.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\humyzcon.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\hybjuffw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\intjvcpa.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\itkjmcxt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\jbxlpinh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\jfqwubey.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\jhtaazym.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\jlhlvvnt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\kmqekhzv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\luluhodj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\Mp3MessCoal.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\mwozlbgv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\nknraztx.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\nysvzrld.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\obopggwu.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\oivohdvo.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\pvxpmted.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\qlrkcdeq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\qqnucsxa.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\rgzmujyh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\rzvagmbe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\spysojeo.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\suegimyy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\szddfene.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\szkljmxs.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\thlecoov.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\tjqzyjzk.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\twqydgyt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\ucfqikzd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\umuifxkr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Becky Lane.CUSTOMER-COMP.000\Application Data\about rule\uxyfjzee.exe
Adware:Adware/Lop
  • 0

#6
tirlane
Posted 11 September 2005 - 08:09 AM

tirlane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi ukbiker,


Looks like you missed my last post. Can you check out below please.


tirlane
  • 0

#7
John_L
Posted 14 September 2005 - 08:38 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi tirlane :tazz:

Ukbiker has asked me to take this log over for him, he's been feeling under the weather so i agreed.

With that being said and its been a few days, can you please send a new hijack log and we will see what we can do. :)
  • 0

#8
tirlane
Posted 16 September 2005 - 11:22 AM

tirlane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
:)

Hi John:

Below is the Hijack this log as requested. System is OK. Still getting a few annoying pop-ups every now and again. Previous post shows various logs from applications UKBiker asked me to run. My only problem was with the Panda Active Scan. It did not give me an Autoclean alternative as UKBiker said it would and it did seem to find a few problems as the Active Scan log shows.

:tazz: Happy reading.

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 18:13:34, on 16/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Memzip\memzipr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.scuwyxgux...BsSjRQ3_MkL.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MemoryZipperPlus] C:\Program Files\Memzip\memzipr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Program Defy] C:\DOCUME~1\customer\APPLIC~1\about rule\Body Jump.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
  • 0

#9
John_L
Posted 17 September 2005 - 02:14 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi tirlane :tazz:

I can see something that i need to get out of here.

Let's run this uninstaller.

LOP Removal

And please run this as well.

Download Ad-aware SE from: Here

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

* Automatically save log-file
* Automatically quarantine objects prior to removal
* Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

* Scan Within Archives
* Scan Active Processes
* Scan Registry
* Deep Scan Registry
* Scan my IE favorites for banned URL’s
* Scan my Hosts file
* Under Click here to select drives + folders, choose:
* All of your hard drives

Click on the Advanced button on the left and select:

* Include additional process information
* Include additional file information
* Include environment information

Click the Tweak button and select:

* Under the Scanning Engine:
- Unload recognized processes & modules during scan
- Include additional Ad-aware settings in logfile
* Under the Cleaning Engine:
- Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

* Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer.

When this is done please post a new log. :)
  • 0

#10
John_L
Posted 24 September 2005 - 02:36 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP