Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check My Log


  • This topic is locked This topic is locked
9 replies to this topic

#1 Xplosive^

Xplosive^

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 12 May 2006 - 07:58 PM

Is my computer safe? I see crss.exe flashin in taskmanger when i start my computer. I heard it was a virus or sumthin. Heres my log

Logfile of HijackThis v1.99.1
Scan saved at 5:38:18 PM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\KSE\nHancer\nHancer.exe
C:\FRAPS\FRAPS.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Francis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nHancer] "C:\Program Files\KSE\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146994946161
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

BC AdBot (Login to Remove)

 


#2 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 13 May 2006 - 12:36 AM

anyone?help!

#3 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 13 May 2006 - 07:47 PM

?

#4 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 14 May 2006 - 12:46 PM

wtf still no response.PLz help

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:06 AM

Posted 15 May 2006 - 02:38 PM

Hello Xplosive^,

Welcome to Bleeping Computer. :thumbsup:

I don't see any malware in your log, but let's do a scan to be sure.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]

Please download, install, and update the free version of Ewido Anti-Malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  • Close Ewido
In your reply, please post the log from Ewido and a new HijackThis log. How is your computer running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 16 May 2006 - 07:36 PM

+ Created on: 5:31:52 PM, 5/16/2006
+ Report-Checksum: E6A929CB

+ Scan result:

:mozilla.17:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.18:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.19:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.20:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.21:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.22:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.36:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.37:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.38:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.39:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.40:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.41:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.42:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.43:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.44:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.47:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.48:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning
:mozilla.49:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.50:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.51:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.52:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.59:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.60:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.61:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.68:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.80:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Myaffiliateprogram : Error during cleaning
:mozilla.89:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.90:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.91:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.92:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.93:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.97:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.98:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.99:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning
:mozilla.103:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.104:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.105:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.106:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.107:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.109:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.110:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning
:mozilla.111:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.112:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adbrite : Error during cleaning
:mozilla.114:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Cqcounter : Error during cleaning
:mozilla.121:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.122:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.123:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.124:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.125:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adrevolver : Error during cleaning
:mozilla.144:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adtech : Error during cleaning
:mozilla.145:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Adtech : Error during cleaning
:mozilla.178:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.179:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.180:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.181:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.224:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.258:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.272:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.274:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.289:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Clickhype : Error during cleaning
:mozilla.291:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.293:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.294:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.295:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.296:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.297:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.298:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.299:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning
:mozilla.304:C:\Program Files\Support.com\backup\co\cookies.txt\31151_5084b3da3_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 5:33:53 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\KSE\nHancer\nHancer.exe
C:\FRAPS\FRAPS.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Francis\My Documents\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nHancer] "C:\Program Files\KSE\nHancer\nHancer.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146994946161
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

#7 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 16 May 2006 - 07:38 PM

Computer is runnin fine i guess just dont know bout security

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:06 AM

Posted 16 May 2006 - 09:23 PM

Hello again,

Everything looks fine, so not to worry. :thumbsup: Ewido showed only cookies in your backups, and you should delete those. Now, don't feel like the lone ranger here, as I worry a lot even though I DO know how to keep my computer secure! :flowers:

Here's some info for you :

Make sure you keep your Java updated, as well as making sure ALL the old versions are deleted via Add/Remove Programs. You have the latest version as of now Java\jre1.5.0_06 so you can remove any others. The older versions make your machine vulnerable as long as they remain.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Xplosive^

Xplosive^
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 16 May 2006 - 11:55 PM

ok thx

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:06 AM

Posted 23 May 2006 - 11:45 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users