Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer virus [resolved]


  • This topic is locked This topic is locked

#1
jenm

jenm

    Member

  • Member
  • PipPip
  • 12 posts
Hi,

My laptop has the winfixer virus. I went through several scanning software programs, but they do not correct it. I read the directions for posting the first time...

Preparation includes running CLEANMGR ... well, my computer locks up right after I start running it. Even after I close it out, it still has my computer tied up (when I look at task list, CPU usage is maxed out and it's from cleanmgr).

Should I skip that step for now and go on to the other initial steps or ????

Any help would be much appreciated!!!!

Thanks,
Jen
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome jenm to Geeks to Go!

Please post back to this topic with a HijackThis log. We'll take it from there.
  • 0

#3
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you!

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:19 PM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\SYSTEM32\WISPTIS.EXE
C:\WINNT\System32\tabbtnu.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\System32\cusrvc.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\microsoft shared\ink\TPA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\System32\ctfmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINNT\System32\RegSrvc.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINNT\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Nevo\NevoBackup\NevoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\1XConfig.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notes.olean.wnyric.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINNT\System32\khhfe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINNT\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://notes.olean.w....org/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: khhfe - C:\WINNT\System32\khhfe.dll
O20 - Winlogon Notify: loginkey - C:\WINNT\SYSTEM32\LoginKey.dll
O20 - Winlogon Notify: Sebring - c:\WINNT\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINNT\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINNT\SYSTEM32\tpgwlnot.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\System32\cusrvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Disable McAfee Antispyware.

Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box and/or Uncheck Resident.
Close Spybot.

***

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Reverse the process when you’ve carried out the advise.

***

Please print these instructions out for use in Safe Mode.
Please note: your Antivirus program may prompt you to a malicious script trying to run. Allow the entire script once.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINNT\System32\khhfe.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINNT\System32\efhhk.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINNT\System32\khhfe.dll

    O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe

    O20 - Winlogon Notify: khhfe - C:\WINNT\System32\khhfe.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Run the Free use Panda Active Scan
use the free use active scan link in the right hand corner.

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#5
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,

I disabled McAfee Antispyware, SpyBot, and MS AntiSpyware Real Time Protection.

I downloaded VundoFix.exe and extracted it.

I'm not able to boot up in Safe Mode. Just when I think it's about it to go, it beeps and a dialog box flashes (too quickly for me to read)... then the screen goes back to black and it stalls out....

I used ctrl-alt-del to choose restart and as it was shutting down, there was a program called Sample that it said was not responding. I chose End Program and tried again, but the same thing happened.

What should I do next?

Thanks!
Jen
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
It's a side effect for this infection, but not all that are infected have it :tazz:

Try this:
Reboot to safe mode.
Run Vundofix via taskmanager (ctrl-alt-del) > applications > new task > browse
  • 0

#7
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK... here are my logs:

Active Scan:
===============================

Incident Status Location

Spyware:spyware/virtumonde No disinfected Windows Registry



HiJackThis:
===============================
Logfile of HijackThis v1.99.1
Scan saved at 10:34:18 AM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\SYSTEM32\WISPTIS.EXE
C:\WINNT\System32\tabbtnu.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\WINNT\System32\NWTRAY.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\System32\cusrvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\Program Files\Common Files\microsoft shared\ink\TPA.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\3M\PSNotes\psn.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
C:\WINNT\System32\RegSrvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notes.olean.wnyric.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINNT\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://notes.olean.w....org/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loginkey - C:\WINNT\SYSTEM32\LoginKey.dll
O20 - Winlogon Notify: Sebring - c:\WINNT\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINNT\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINNT\SYSTEM32\tpgwlnot.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\System32\cusrvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


VundoFix.txt:
===============================
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINNT\System32\khhfe.dll

The second filepath entered was C:\WINNT\System32\efhhk.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 152 'smss.exe'

Error, Cannot find a process with an image name of explorer.exe


Killing PID 228 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINNT\System32\khhfe.dll Deleted sucessfully.
C:\WINNT\System32\efhhk.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------





What should I do next?

Thanks!!!
Jen
  • 0

#8
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Something didn't go as planned.

Again, disable McAfee Antispyware, SpyBot, and MS AntiSpyware Real Time Protection.

Download these two tools to the desktop and run them.

http://securityrespo...er/FixVundo.exe
http://securityrespo...er/FxVMonde.exe

Reboot the computer.

Scan with Panda's free use active scan and post me the results please.
  • 0

#9
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I started with FixVundo... it went all the way to c:\\WINNT\bootstat.dat and then crashed ("Symantec.... has encountered a problem and needs to close...")

Should I try the other one or do something else next?

Thank you for your help!

Jen
  • 0

#10
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please try the other one and do the Panda. Let's see what happens.
  • 0

Advertisements


#11
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The second one went through and said it wasn't found, although....

Active Scan from Panda:


Incident Status Location

Spyware:spyware/virtumonde No disinfected Windows Registry




What next?

Thanks!
Jen
  • 0

#12
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The second one went through and said it wasn't found, although....

Active Scan from Panda:


Incident Status Location

Spyware:spyware/virtumonde No disinfected Windows Registry




What next?

Thanks!
Jen
  • 0

#13
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Next, run Ewido again.
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
***

Reboot the computer and post me the Ewido log please.
  • 0

#14
jenm

jenm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the Ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:40:13 PM, 10/25/2005
+ Report-Checksum: EEAF941

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Ignored
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Ignored
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Ignored
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Ignored
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Coremetrics : Ignored
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Bfast : Ignored
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Bfast : Ignored
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Coremetrics : Ignored
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitslink : Ignored
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitslink : Ignored
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitslink : Ignored
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Hitslink : Ignored
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1f3ww1e.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\WINNT\system32\oppqr.dll -> TrojanSpy.Agent.hn : Ignored


::Report End


What should I do next?

Thanks!
Jen
  • 0

#15
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Well Jen, can you rerun Ewido in safe mode and have it remove all it can find.

Post me that log to check please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP