Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Inqwire and Winsync [RESOLVED]


  • This topic is locked This topic is locked

#1
elibet803

elibet803

    New Member

  • Member
  • Pip
  • 8 posts
Gone through several rounds of delousing my cousins computer. And now we are stuck. Please help. Here is the latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:32:10 PM, on 10/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1108571488\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC05.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\skslxx.exe reg_run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi elibet803 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks a bunch. Sorry for the delay, had headed off to sleep before I got your reply.

Here is the HJT after your instructions:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:52 AM, on 10/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\sessmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\common files\aol\1108571488\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\skslxx.exe reg_run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Download a trial version of SpySweeper
  • Install the application
  • Update its definitions
  • Run the program
  • Let it remove everything it wants
  • Finally, when it has finished its work, REBOOT your system.
B. Run HTY, Scan, produce a log and post in the thread for review.

Regards,

Trevuren

  • 0

#5
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks! ran spysweeper (lots cleaned), rebooted, and HJT. Here ya go!

Logfile of HijackThis v1.99.1
Scan saved at 11:07:36 AM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\sessmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
c:\program files\common files\aol\1108571488\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply. Please also inform me if you are having any more problems.
Regards,

Trevuren

  • 0

#7
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok. Here is the Ewido Scan log:

---------------------------------------------------------??
ewido security suite - Scan report??
---------------------------------------------------------??
??
+ Created on: 6:01:02 PM, 10/23/2005??
+ Report-Checksum: DAAC2922??
??
+ Scan result:??
??
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup??
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup??
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup??
HKU\S-1-5-21-1004336348-492894223-764733703-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup??
HKU\S-1-5-21-1004336348-492894223-764733703-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup??
HKU\S-1-5-21-1004336348-492894223-764733703-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup??
HKU\S-1-5-21-1004336348-492894223-764733703-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup??
HKU\S-1-5-21-1004336348-492894223-764733703-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1lcpga.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygod5sco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup??
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Backdoor.Rbot : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\131742_2896_2324_2904_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjk4cgajwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjmialdjggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjmyghdpofo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\i3D5.tmp -> Spyware.SurfSide : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_1C72.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_1EEF.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_25F0.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_39CE.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_39E.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_983A.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_AB11.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_C6DD.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_CF5B.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_D023.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_D39E.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_DA12.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_DA7E.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_F791.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temp\k_FF17.tmp -> Trojan.EliteBar.a : Cleaned with backup??
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K1GX250N\!update-2695[1].0000 -> Backdoor.Rbot : Cleaned with backup??
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup??
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup??
C:\WINDOWS\system32\oins.exe -> Spyware.MediaTickets : Cleaned with backup??
??
??
::Report End
-----------------------------------------------------------------------------------------------------------


And the HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:06:15 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1108571488\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

----------------------------------

So? Are we clean? Are we clean?
:tazz:
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log is looking good but because of the amount of malware that was found by Ewido, I strongly suggest that we check the rest of your system for problems.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

#9
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
since this is a little bit thrid had, I hope I am giving you the right stuff here (mwav)

Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "midaddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "casinoclient Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "abetterinternet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "startsurfing Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING11.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\COMCTL32.OCA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\COMDLG32.OCA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\windows\system32\drivers\cdr4_2K.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING11.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\cwssleay.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\cwlibeay.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AppFile.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\AppFile.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Applet.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\Applet.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AppOcr.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\AppOcr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Copy.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\Copy.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Epp.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\Epp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\minstall.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OcrEngine.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\OcrEngine.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\pcshw" refers to invalid object "C:\WINDOWS\system32\pkshpbih.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\pshower" refers to invalid object "C:\WINDOWS\system32\pshwr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Pyth.exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\Pyth.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\ahead\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".00[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bcproj". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bsp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DSC". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".OLB". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ser". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online us". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Spyware Protection". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ItalMgr". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810217". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "OvMon". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8B114997-C963-11D3-BBAD-00C04F5996A7}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00000000-0000-4C16-B87A-D4BA12AE7439}" refers to invalid object "C:\Program Files\Zango SiteFinder\Zango SiteFinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00F442C2-5C9E-4ae5-AF7D-FB4E0350C2E3}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{030CD4FD-3EC2-4D16-BCCA-45186B8E7497}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\WEBSER~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0AD31460-EF0E-402B-93CB-D92615A5C2E1}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\AOLCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{11405E5B-9008-4121-B33C-7F6C5692F862}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\ADDRES~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{13AFA3A3-5687-487c-93F2-63D5DA468F4E}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32239586-29DE-4268-8AF3-CE7658D3D672}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35FE0D30-27F3-4E6A-82AE-784EF9B43D83}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Alerts.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4493EDDC-F245-479B-B256-09296B14C5B8}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Mail.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4EDDDDBC-3528-41AA-AA6E-237AA8092C08}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Buddy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5119389F-2AFB-40E4-BC83-F3D12D6B5CB2}" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe -deviceConnect". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5AAECB3B-3D56-47c7-8706-77899E73802A}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{823FA5B2-FD5A-4EA5-BCF9-18FCCC9884D2}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\PUBLIS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DA5DF2C-798A-4CAB-8BB7-672C53DDDE94}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\FAVORI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A0B65408-65FF-4FDF-9CF0-3763C3CA29C4}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\IMs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE265956-6F5F-4790-9CAB-EDFAC64362EF}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3206ECF-B7F9-4E61-9D15-ACC0627E2C59}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\WEBSER~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{155B3F27-CDEE-4FE2-8CC5-8D08882FDE15}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Buddy.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2DBDEE9B-56B8-4E14-8A48-D20C64AAA673}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\FAVORI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}" refers to invalid object "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C15D2EF-34AB-48FC-876C-3A64961E10C1}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Mail.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6F3F3EF2-AA93-487B-A25C-BD67735E53B9}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\Alerts.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{74848F95-A02A-4286-AF0C-A3C755E4A5B3}" refers to invalid object "C:\WINDOWS\system32\actskn43.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{84751420-35AA-48F2-B207-990C4F8F4B52}" refers to invalid object "C:\Program Files\FlashPlayer Plus\FPPCM.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{89988AA7-41CF-4AA0-853B-977665F71665}" refers to invalid object "C:\PROGRA~1\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{95117066-315E-4CAE-BE3D-E7897D3F98BC}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\IMs.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{989E6670-3798-4C35-AA11-EB4E18F404C4}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\PUBLIS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D3470F50-AB2B-40B4-B75E-057BB3487550}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\WEBSER~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D6D80D13-633A-444C-9829-4A3013D7FFBB}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\AOLCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D72EC833-A24A-4A71-8BE1-31C224629287}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\WTHost.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E53FDFBA-3FFE-4468-B0E5-C834DAB63CB1}" refers to invalid object "C:\Program Files\Roxio\PhotoSuite\Bin\MGIShowServer.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F0F69A8F-9388-4EEE-9977-BD8AB18C5733}" refers to invalid object "C:\PROGRA~1\AOLCOM~1\ADDRES~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken.
Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\AOL.IEToolbar" refers to invalid object "{4982D40A-C53B-4615-B15B-B5B5E98D167C}". Action Taken: No Action Taken.
Entry "HKCR\AOL.IEToolbar.1" refers to invalid object "{4982D40A-C53B-4615-B15B-B5B5E98D167C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\HexWorkshop\shell\open\command" refers to invalid object "C:\PROGRA~1\BREAKP~1\HEXWOR~1.1\hworks32.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp.1" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile0\shell\open\command" refers to invalid object "C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe %1". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile1\shell\open\command" refers to invalid object "C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe %1". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile2\shell\open\command" refers to invalid object "C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe %1". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile3\shell\open\command" refers to invalid object "C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SDISERVR50.SDIEVENT" refers to invalid object "{C494C9B2-5FCE-43AA-B9DF-5FF08869888B}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\VSEditorFactory.VsEditorFactory.1" refers to invalid object "{CB3FCF01-03DF-11D1-81D2-00A0C91BBEE3}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\i438.tmp tagged as "not-a-virus:AdWare.Win32.SurfSide.j". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\SD2ZCP27\script[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\i438.tmp tagged as "not-a-virus:AdWare.Win32.SurfSide.j". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SD2ZCP27\script[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\My Videos\sinstaller.exe tagged as "not-a-virus:AdWare.Win32.Comet.c". Action Taken: No Action Taken.
File C:\Software\VisualStudio.MsdnLibrary\Samples\VC98\sdk\sdktools\spy\dll\hook.dll tagged as not-a-virus:Monitor.Win32.KeyLogger.30. No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0001004.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0001005.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0001006.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0001007.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0002004.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0002005.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0002006.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0003004.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0003006.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0003008.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0004004.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0004006.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0004007.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0005004.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0005005.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0005006.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0005008.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0006009.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0006010.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP1\A0006011.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006157.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006159.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006160.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006161.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006197.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006198.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006199.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006200.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006228.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006229.dll infected by "Trojan-Downloader.Win32.Qoologic.ae" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006230.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006231.cpl infected by "Trojan-Downloader.Win32.Qoologic.ad" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006232.exe infected by "Trojan-Dropper.Win32.Small.qn" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006234.exe infected by "Backdoor.Win32.HacDef.bo" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006235.exe infected by "Trojan-Downloader.Win32.Agent.vp" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006236.exe infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006237.exe tagged as "not-a-virus:AdWare.Win32.CASClient.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006239.exe tagged as "not-a-virus:AdWare.Win32.VirtualBouncer.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{84D0ADE8-BD9B-4492-B491-2CD9A046BAF6}\RP2\A0006384.exe tagged as "not-a-virus:AdWare.Win32.PurityScan.w". Action Taken: No Action Taken.
  • 0

#10
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
deleted because of inadvertant identical post

Edited by elibet803, 25 October 2005 - 11:57 AM.

  • 0

Advertisements


#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Sorry in the delay in replying to your post. We have been having technical difficulties of late and some posts have not been forwarded.

Things look pretty good. Most items point to orphan registry entries while others are contained in your system restore cache which we will take care of at the very end.

1. Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
2. Reboot your system

3. Download a trial version of SpySweeper
  • Install the application
  • Update its definitions
  • Run the program
  • Let it remove everything it wants, and keep any log made available
  • Finally, when it has finished its work, REBOOT your system.
4. Post your SpySweeper log and a fresh HJT log for review.

Regards,

Trevuren

  • 0

#12
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
my turn to apologize for not getting this to you sooner.

I am doing this as a go-between (i'm the desginated geek in the family :tazz: )

She said that the spysweeper did have a log. Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:07 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\common files\aol\1108571488\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1108571488\ee\AOLServiceHost.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108571488\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://moviefone.kon...ry/main/kdx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0

#14
elibet803

elibet803

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
the computer seems to be acting normally.
thanks a heep.

final steps?
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP