Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Slowdowns And Fake System Alert


  • Please log in to reply
12 replies to this topic

#1 DarkPsycho

DarkPsycho

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 June 2006 - 03:08 PM

I start my computer and everything runs really really slowly. I get alot of pop-ups and this fake security alert in the quick-launch taskbar. I know what program runs it (atmclk.exe) but when i deleted it, it came back. But the major problem is the huge slowdowns and pop-ups.

Logfile of HijackThis v1.99.1
Scan saved at 8:33:57 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\MCROSO~1.NET\XPLORE~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\atmclk.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
G:\HijackThis.exe

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunOnce: [mcbrhlpr.dll] rundll32.exe advpack.dll,RegisterOCX c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oqxi] C:\WINDOWS\system32\MCROSO~1.NET\XPLORE~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148694558328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148694681828
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by DarkPsycho, 13 June 2006 - 08:53 PM.


BC AdBot (Login to Remove)

 


m

#2 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 June 2006 - 08:54 PM

I edited the first post with a newer log. I deleted some things I knew were spyware/malware. Still running crappy though. I also deleted the atmclk.exe file and dconfgc.exe but they both came back.

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 June 2006 - 04:21 AM

Hi DarkPsycho and Welcome to the Bleeping Computer!


Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

#4 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 14 June 2006 - 07:37 PM

Ok my computer is coming along much faster, but the pop-ups persist. Not as many as before but they still are there.

Panda Scan
------------------
Incident Status Location

Adware:adware/yazzle Not disinfected c:\windows\downloaded program files\YazzleActiveX.inf
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Nicholas\Favorites\~ VIP Free Porn ~.url
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.go.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[hc2.humanclick.com/hc/11199995]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.888.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@888[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@atwola[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@errorsafe[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nicholas\Cookies\nicholas@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nicholas\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Nicholas\Local Settings\Application Data\c52fa5dc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nicholas\Local Settings\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nilo\Cookies\nilo@atwola[1].txt
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\c52fa5dc.exe
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:29:50 PM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\MCROSO~1.NET\XPLORE~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\HijackThis.exe

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Oqxi] C:\WINDOWS\system32\MCROSO~1.NET\XPLORE~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148694558328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148694681828
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
---------------------
smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Wed 06/14/2006
The current time is: 15:39:36.14

Running from
C:\Documents and Settings\Nicholas\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

simpole.tlb
stdole3.tlb
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 804 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:19:17 PM, 6/14/2006
+ Report-Checksum: B321B8B1

+ Scan result:

:mozilla.11:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\kz9nf3yh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nicholas\Cookies\nicholas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nicholas\Cookies\nicholas@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nicholas\Cookies\nicholas@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nicholas\Cookies\nicholas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nicholas\Cookies\nicholas@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nicholas\Local Settings\Application Data\15cc8511.exe -> Downloader.Obfuscated.a : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Nilo\Application Data\Mozilla\Firefox\Profiles\smfrfh8z.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nilo\Cookies\nilo@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nilo\Cookies\nilo@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nilo\Cookies\nilo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\15cc8511.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__spool32.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup


::Report End

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 03:26 AM

Follow the link below and download the Purity(OuterInfo) Uninstaller.
http://www.purityscan.com/uninstall.html

Run the Uninstaller and follow any prompts.


Restart the machine and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#6 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 June 2006 - 05:36 PM

Ok purity scan uninstall worked but the second scanner gave me an error when deleting saying there was an error and I needed to close the browser and start over.

Edited by DarkPsycho, 15 June 2006 - 05:37 PM.


#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 06:03 PM

Give this one a try
http://www.bitdefender.com/scan/licence.php

#8 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 17 June 2006 - 11:58 AM

BitDefender scan is in HTML so I didn't bother posting it :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:58:01 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
G:\HijackThis.exe

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148694558328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148694681828
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Everything seems to be fine now, if you see anything else just let me know but I think its all good :flowers:

Edited by DarkPsycho, 17 June 2006 - 11:58 AM.


#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 June 2006 - 12:10 PM

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll

O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Search for and Delete if found

C:\WINDOWS\system32\spool32.dll<-- File


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.


#10 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 18 June 2006 - 01:34 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, June 18, 2006 2:31:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 17/06/2006
Kaspersky Anti-Virus database records: 189081
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 60132
Number of viruses found: 7
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:01:40

Infected Object Name / Virus Name / Last Action
C:\!KillBox\atmclk.exe Infected: Trojan-Downloader.Win32.Zlob.ry skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP132\A0006669.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP132\A0006707.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP133\A0007721.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP133\A0007803.exe Infected: Trojan-Downloader.Win32.PurityScan.cr skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP133\A0007804.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP133\A0007914.exe Infected: Trojan-Downloader.Win32.Zlob.si skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP133\A0007915.exe Infected: Trojan-Downloader.Win32.Zlob.sm skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP135\A0008198.exe Infected: Trojan-Downloader.Win32.Zlob.ry skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP135\A0008223.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP135\A0008244.exe Infected: Trojan-Downloader.Win32.Zlob.sm skipped
C:\System Volume Information\_restore{5062759A-EC9C-481A-AAFD-99E53E0BC17F}\RP135\A0008247.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped

Scan process completed.
----------------
Logfile of HijackThis v1.99.1
Scan saved at 2:34:27 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
G:\HijackThis.exe

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148694558328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148694681828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2006 - 04:46 AM

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#12 DarkPsycho

DarkPsycho
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 20 June 2006 - 08:19 PM

its all good here, thnx a ton :thumbsup:

Edited by DarkPsycho, 20 June 2006 - 08:20 PM.


#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 June 2006 - 03:41 AM

Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users