Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aol Instant Messanger Virus Hijackthis Log Help! Please!


  • Please log in to reply
5 replies to this topic

#1 vigilantex69

vigilantex69

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 13 August 2006 - 09:00 PM

Hey! A couple of days ago I got an instant message from a friend saying "Can I add these photos of you and me to facebook and myspace?" Like an idiot I clicked it and it gave me this awful virus I cant seem to get rid of. The virus sends that message to everyone on your buddy list hundreds of times every time you log on. I have gone from forum to forum and tried AIMFix and uninstalling aim and everything but I can't fix it. One person told me to run a program called HijackThis and post the log for everyone to see? This is the log and I would greatly appreciate it if someone would tell me what to do next! I'm not good at computers and need help!! Thanks!!!!


Logfile of HijackThis v1.99.1
Scan saved at 9:59:40 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svsnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\sklrr7ygmrgmszf.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\sklrr7ygmrgmszf.exe
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS\system32\svsnt.exe

BC AdBot (Login to Remove)

 


#2 vigilantex69

vigilantex69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 13 August 2006 - 09:11 PM

Heres another update Hijack this profile to help


Logfile of HijackThis v1.99.1
Scan saved at 10:09:30 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svsnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nlkfev7xdjyek.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\nlkfev7xdjyek.exe
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS\system32\svsnt.exe

#3 vigilantex69

vigilantex69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 14 August 2006 - 12:04 PM

wow thanks for all the help :thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:39 AM

Posted 16 August 2006 - 07:44 PM

Hello vigilantex69 and welcome to the B HijackThis forum.Let's start with the following.

First download ewido anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan along with a new HijackThis log.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 vigilantex69

vigilantex69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 17 August 2006 - 11:04 PM

Hey! Thanks man I REALLY appreciate this! Please take a look at it and tell me what you think! I'm not good with computers so your doing me a huge favor!

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:44:43 PM 8/17/2006

+ Scan result:



C:\Program Files\ToolBar888 -> Adware.ToolBar888 : No action taken.
C:\Program Files\ToolBar888\Activate.exe -> Adware.ToolBar888 : No action taken.
C:\Program Files\ToolBar888\Uninst.exe -> Adware.ToolBar888 : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\d212[1].exe -> Backdoor.HacDef.fw : No action taken.
C:\regedit.pif -> Backdoor.HacDef.fw : No action taken.
C:\i386\svsnt.exe -> Backdoor.SdBot.xd : No action taken.
:mozilla.265:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.538:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.396:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.397:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.32:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.40:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.41:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.42:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.116:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.121:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.122:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.123:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.124:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.22:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.536:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.263:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.309:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.298:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.299:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.300:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.301:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.154:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.155:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.156:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.158:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.159:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.160:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.161:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.381:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.330:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.277:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.488:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.20:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.512:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.513:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.541:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.544:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.545:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.111:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.174:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.175:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.176:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.177:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.178:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.380:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.119:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.336:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.406:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.407:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.85:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.86:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.87:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.89:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.90:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.91:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.92:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.93:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.94:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.359:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.360:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.361:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.374:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.375:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.376:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.95:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.96:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.462:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.392:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.393:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.251:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.30:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.31:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.271:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.272:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.273:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.274:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.275:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.276:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.411:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.412:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.97:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.98:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.99:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Chris\Cookies\chris@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.233:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.234:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.235:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.415:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.416:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.417:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.418:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.419:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.453:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.454:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.455:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.456:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.457:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.390:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.391:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.394:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.395:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.211:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.212:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.213:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.214:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.215:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.264:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.327:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.166:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.167:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.168:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.169:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.170:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.171:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.172:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.173:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.510:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.139:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.142:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.143:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.144:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.145:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.146:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.147:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.148:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.149:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.362:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.555:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.23:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.24:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.479:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.480:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.481:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\cg75b83y.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end





NEW Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:03:42 AM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cjnr4r4joujpvcjq.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\cjnr4r4joujpvcjq.exe

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:39 AM

Posted 18 August 2006 - 03:27 PM

Hi vigilantex69. In the Ewidoreport it looks like either the report was run prior to fixing the entries or the Quarantine optionws not selected prior to selecting the Apply all Actions button. Let's run it again just to be sure.
  • Start Ewido and select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    [color=blue]Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Ok. Post the Ewido report back here and I will have a look see.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users