Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty Sure I'm Infected


  • This topic is locked This topic is locked
7 replies to this topic

#1 carstraft

carstraft

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 05 September 2006 - 05:24 PM

i'm pretty sure i'm infected but i don't know what with, i WAS getting quite a few alerts from yahoo online protection thing saying different things [a while ago] and i did a mcafee scan that took forever, which said i had 44 infected things? ..computer's been going slow..

here's hijackthis log..



Logfile of HijackThis v1.99.1
Scan saved at 5:20:05 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\James\Desktop\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsj2E.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [lfights.exe] C:\WINDOWS\System32\lfights.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1757bab2f62dbf4a3d19/netzip/RdxIE.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/253dc04125c7a1...ip/RdxIE601.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {A28ED82F-EB06-4FD7-80C2-07A38488CA60} (MediaProj.VerizonMediaControl) - http://a1040.g.akamai.net/f/1040/759/1h/20...vznmcplayer.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/.../yiebio4025.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tec...tionControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 September 2006 - 03:44 PM

ok i just finished a mcafee scan, 22 things i'm infected with are..

Adware-abetterintrnt
*Adware-HiWire
Adware-IWantSearch
Adware-MediaMotor.dll
Adware-Mirar
Adware-PortalScan
Adware-Softomate.dr
Adware-SurfSideKick
Adware-SurfSideKick.dll
Adware-Websearch
Adware-WurldMedia
Adware-ZangoSA.dldr
Generic Adware.inf.a
MP3Search

the "*" means that mcafee said it was removed [after i tried removing the iwantsearch one mcafee messed up and went back to the home menu.]

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 08 September 2006 - 08:47 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to all but system restore:


* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 08 September 2006 - 11:45 PM

ok, thanks.. here is the spysweeper log:

11:39 PM: Removal process completed. Elapsed time 00:02:16
11:39 PM: A reboot was suggested but declined.
11:38 PM: Quarantining All Traces: stopzilla cookie
11:38 PM: Quarantining All Traces: burstnet cookie
11:38 PM: Quarantining All Traces: tribalfusion cookie
11:38 PM: Quarantining All Traces: trafficmp cookie
11:38 PM: Quarantining All Traces: statcounter cookie
11:38 PM: Quarantining All Traces: realmedia cookie
11:38 PM: Quarantining All Traces: questionmarket cookie
11:38 PM: Quarantining All Traces: 2o7.net cookie
11:38 PM: Quarantining All Traces: mediaplex cookie
11:38 PM: Quarantining All Traces: findwhat cookie
11:38 PM: Quarantining All Traces: fastclick cookie
11:38 PM: Quarantining All Traces: hitslink cookie
11:38 PM: Quarantining All Traces: casalemedia cookie
11:38 PM: Quarantining All Traces: goclick cookie
11:38 PM: Quarantining All Traces: enhance cookie
11:38 PM: Quarantining All Traces: atwola cookie
11:38 PM: Quarantining All Traces: atlas dmt cookie
11:38 PM: Quarantining All Traces: tacoda cookie
11:38 PM: Quarantining All Traces: advertising cookie
11:38 PM: Quarantining All Traces: pointroll cookie
11:38 PM: Quarantining All Traces: hackerag dialer
11:38 PM: Quarantining All Traces: bullguard popup ad
11:38 PM: Quarantining All Traces: adsincontext
11:38 PM: Quarantining All Traces: virtualbouncer
11:38 PM: Quarantining All Traces: wurldmedia
11:38 PM: Quarantining All Traces: ezula ilookup
11:38 PM: Quarantining All Traces: mirar webband
11:38 PM: Quarantining All Traces: surfsidekick
11:38 PM: Quarantining All Traces: elitemediagroup-mediamotor
11:38 PM: Quarantining All Traces: enbrowser
11:38 PM: Quarantining All Traces: blazefind
11:37 PM: Quarantining All Traces: maxifiles
11:37 PM: Quarantining All Traces: directrevenue-abetterinternet
11:37 PM: Quarantining All Traces: websearch toolbar
11:37 PM: Quarantining All Traces: trojan-downloader-ac2
11:37 PM: Quarantining All Traces: trojan-downloader-rmass
11:37 PM: Quarantining All Traces: 2nd-thought
11:37 PM: Removal process initiated
11:35 PM: Traces Found: 126
11:35 PM: Full Sweep has completed. Elapsed time 01:57:37
11:35 PM: HKU\S-1-5-21-1194005503-1203752577-514352727-1013\software\mytoolbar\ (ID = 1626571)
11:35 PM: HKLM\software\em\ (ID = 1556188)
11:35 PM: File Sweep Complete, Elapsed Time: 01:47:37
11:16 PM: Warning: Failed to access drive E:
11:16 PM: c:\windows\downloaded program files\winats.inf (ID = 208224)
11:16 PM: Warning: Failed to access drive D:
11:16 PM: C:\WINDOWS\INF\biini.inf (ID = 83199)
11:16 PM: Found Adware: directrevenue-abetterinternet
11:14 PM: C:\WINDOWS\coder.log (ID = 62064)
11:14 PM: Found Adware: hackerag dialer
11:11 PM: Warning: Failed to open file "c:\windows\temp\sqlite_sikf7hfxbb5m4eb". The operation completed successfully
11:11 PM: Warning: Failed to open file "c:\documents and settings\james\application data\mozilla\firefox\profiles\9z93h067.default\parent.lock". The operation completed successfully
11:11 PM: C:\WINDOWS\SYSTEM32\nsj2E.dll (ID = 347699)
11:10 PM: Warning: Failed to open file "c:\windows\temp\sqlite_vmybapiomm5h0hg". The operation completed successfully
11:08 PM: C:\Documents and Settings\James\Local Settings\Temp\win71A.tmp.exe (ID = 322373)
11:08 PM: C:\Program Files\Common Files\{9C572B2A-0702-1033-1207-011022010001}\Update.exe (ID = 320789)
11:07 PM: C:\Program Files\ToolBar888\Activate.exe (ID = 322316)
11:05 PM: C:\WINDOWS\uni_ehhhh.exe (ID = 344943)
10:53 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp (ID = 70014)
10:50 PM: C:\Documents and Settings\James\Local Settings\Temp\i14.tmp (ID = 253411)
10:42 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
10:41 PM: C:\WINDOWS\ss1205.exe (ID = 278244)
10:41 PM: Found Adware: surfsidekick
10:39 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp\bulldownload.exe (ID = 52017)
10:39 PM: Found Adware: bullguard popup ad
10:14 PM: C:\WINDOWS\Temp\edow_as2.exe (ID = 84879)
10:14 PM: Found Adware: websearch toolbar
10:12 PM: C:\WINDOWS\SYSTEM32\wiaaccmgr.exe (ID = 199752)
10:12 PM: Found Adware: adsincontext
10:10 PM: C:\Documents and Settings\James\Local Settings\Temp\aupd.exe (ID = 347697)
10:09 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\D17E6464-E5F1-4FDF-9E6C-BCF31A\8D3CC21F-6AF7-47B9-AA62-81D7A5 (ID = 82814)
10:09 PM: Found Adware: virtualbouncer
10:00 PM: Spy Installation Shield: found: Adware: elitemediagroup-mediamotor, version 1.0.0.0
9:55 PM: Spy Installation Shield: found: Adware: mirar webband, version 1.0.0.0
9:51 PM: C:\WINDOWS\ac3_0002.exe (ID = 336702)
9:51 PM: Found Trojan Horse: trojan-downloader-ac2
9:50 PM: C:\WINDOWS\em.ocx (ID = 307277)
9:50 PM: C:\WINDOWS\876057.exe (ID = 185463)
9:50 PM: C:\WINDOWS\Justin.exe (ID = 336857)
9:48 PM: C:\Program Files\ToolBar888 (2 subtraces) (ID = 2147528588)
9:47 PM: Starting File Sweep
9:47 PM: Warning: Failed to access drive A:
9:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
9:47 PM: c:\documents and settings\james\cookies\james@www.stopzilla[2].txt (ID = 3466)
9:47 PM: Found Spy Cookie: stopzilla cookie
9:47 PM: c:\documents and settings\james\cookies\james@www.burstnet[1].txt (ID = 2337)
9:47 PM: Found Spy Cookie: burstnet cookie
9:47 PM: c:\documents and settings\james\cookies\james@tribalfusion[1].txt (ID = 3589)
9:47 PM: Found Spy Cookie: tribalfusion cookie
9:47 PM: c:\documents and settings\james\cookies\james@trafficmp[2].txt (ID = 3581)
9:47 PM: Found Spy Cookie: trafficmp cookie
9:47 PM: c:\documents and settings\james\cookies\james@tacoda[1].txt (ID = 6444)
9:47 PM: c:\documents and settings\james\cookies\james@statcounter[2].txt (ID = 3447)
9:47 PM: Found Spy Cookie: statcounter cookie
9:47 PM: c:\documents and settings\james\cookies\james@realmedia[2].txt (ID = 3235)
9:47 PM: Found Spy Cookie: realmedia cookie
9:47 PM: c:\documents and settings\james\cookies\james@questionmarket[2].txt (ID = 3217)
9:47 PM: Found Spy Cookie: questionmarket cookie
9:47 PM: c:\documents and settings\james\cookies\james@msnportal.112.2o7[1].txt (ID = 1958)
9:47 PM: Found Spy Cookie: 2o7.net cookie
9:47 PM: c:\documents and settings\james\cookies\james@mediaplex[2].txt (ID = 6442)
9:47 PM: Found Spy Cookie: mediaplex cookie
9:47 PM: c:\documents and settings\james\cookies\james@findwhat[1].txt (ID = 2674)
9:47 PM: Found Spy Cookie: findwhat cookie
9:47 PM: c:\documents and settings\james\cookies\james@fastclick[2].txt (ID = 2651)
9:47 PM: Found Spy Cookie: fastclick cookie
9:47 PM: c:\documents and settings\james\cookies\james@counter.hitslink[2].txt (ID = 2790)
9:47 PM: Found Spy Cookie: hitslink cookie
9:47 PM: c:\documents and settings\james\cookies\james@casalemedia[1].txt (ID = 2354)
9:47 PM: Found Spy Cookie: casalemedia cookie
9:47 PM: c:\documents and settings\james\cookies\james@c.goclick[2].txt (ID = 2733)
9:47 PM: Found Spy Cookie: goclick cookie
9:47 PM: c:\documents and settings\james\cookies\james@c.enhance[1].txt (ID = 2614)
9:47 PM: Found Spy Cookie: enhance cookie
9:47 PM: c:\documents and settings\james\cookies\james@atwola[1].txt (ID = 2255)
9:47 PM: Found Spy Cookie: atwola cookie
9:47 PM: c:\documents and settings\james\cookies\james@atdmt[2].txt (ID = 2253)
9:47 PM: Found Spy Cookie: atlas dmt cookie
9:47 PM: c:\documents and settings\james\cookies\james@anad.tacoda[1].txt (ID = 6445)
9:47 PM: Found Spy Cookie: tacoda cookie
9:47 PM: c:\documents and settings\james\cookies\james@advertising[2].txt (ID = 2175)
9:47 PM: Found Spy Cookie: advertising cookie
9:47 PM: c:\documents and settings\james\cookies\james@ads.pointroll[2].txt (ID = 3148)
9:47 PM: Found Spy Cookie: pointroll cookie
9:47 PM: Starting Cookie Sweep
9:47 PM: Registry Sweep Complete, Elapsed Time:00:01:08
9:47 PM: HKU\S-1-5-21-1194005503-1203752577-514352727-1013\software\microsoft\internet explorer\toolbar\webbrowser\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
9:47 PM: HKU\S-1-5-21-1194005503-1203752577-514352727-1013\software\system\sysuid\ (ID = 731748)
9:47 PM: HKU\S-1-5-21-1194005503-1203752577-514352727-1013\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
9:47 PM: HKCR\clsid\{2cab0356-88e3-4902-a85d-379689c625e1}\inprocserver32\ (ID = 1626309)
9:47 PM: HKLM\software\classes\mezziacodec.chl\ (ID = 1588798)
9:47 PM: HKCR\mezziacodec.chl\ (ID = 1588797)
9:47 PM: Found Trojan Horse: trojan-downloader-rmass
9:47 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{746455fe-d059-47e7-af0e-140e03f5a447}\ (ID = 1586270)
9:47 PM: HKLM\software\classes\typelib\{fdb10602-aa12-4e76-aae2-2b328a3e950a}\ (ID = 1586223)
9:47 PM: HKLM\software\classes\crypt.core.1\ (ID = 1586219)
9:47 PM: HKLM\software\classes\crypt.core\ (ID = 1586213)
9:47 PM: HKLM\software\classes\clsid\{746455fe-d059-47e7-af0e-140e03f5a447}\ (ID = 1586201)
9:47 PM: HKLM\software\classes\clsid\{2cab0356-88e3-4902-a85d-379689c625e1}\ (ID = 1586189)
9:47 PM: HKCR\typelib\{fdb10602-aa12-4e76-aae2-2b328a3e950a}\ (ID = 1586179)
9:47 PM: HKCR\crypt.core.1\ (ID = 1586175)
9:47 PM: HKCR\crypt.core\ (ID = 1586169)
9:47 PM: HKCR\clsid\{746455fe-d059-47e7-af0e-140e03f5a447}\ (ID = 1586157)
9:47 PM: HKCR\clsid\{2cab0356-88e3-4902-a85d-379689c625e1}\ (ID = 1586145)
9:47 PM: HKCR\mm06ocx.mm06ocxf\ (ID = 1556189)
9:47 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\ (ID = 1538596)
9:47 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530992)
9:47 PM: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530980)
9:47 PM: HKLM\software\classes\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\ (ID = 1530968)
9:47 PM: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (ID = 1530936)
9:47 PM: HKCR\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\ (ID = 1530906)
9:47 PM: HKLM\software\classes\interface\{db312456-e762-4369-844a-aed9006b1b2f}\ (ID = 1502064)
9:47 PM: HKLM\software\classes\interface\{7682c1a6-c500-4c78-93b9-5a76a91520f8}\ (ID = 1502055)
9:47 PM: HKLM\software\classes\interface\{597aa130-f00b-40b8-adaf-529d4da9be52}\ (ID = 1502046)
9:47 PM: HKLM\software\classes\interface\{41e1565d-b7a8-4251-bd79-e6c5facb2b5f}\ (ID = 1502038)
9:47 PM: HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\ (ID = 1498367)
9:47 PM: HKLM\software\classes\mytoolbar.mytoolbarobj.1\ (ID = 1498211)
9:47 PM: HKLM\software\classes\mytoolbar.mytoolbarobj\ (ID = 1498205)
9:47 PM: HKCR\interface\{db312456-e762-4369-844a-aed9006b1b2f}\ (ID = 1497938)
9:47 PM: HKCR\interface\{7682c1a6-c500-4c78-93b9-5a76a91520f8}\ (ID = 1497902)
9:47 PM: HKCR\interface\{597aa130-f00b-40b8-adaf-529d4da9be52}\ (ID = 1497893)
9:47 PM: HKCR\interface\{41e1565d-b7a8-4251-bd79-e6c5facb2b5f}\ (ID = 1497876)
9:47 PM: HKCR\mytoolbar.mytoolbarobj.1\ (ID = 1497803)
9:47 PM: HKCR\mytoolbar.mytoolbarobj\ (ID = 1497797)
9:47 PM: HKLM\software\classes\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (ID = 1323842)
9:47 PM: HKLM\software\classes\clsid\{5526b4c6-63d6-41a1-9783-0fabf529859a}\ (ID = 1323818)
9:47 PM: HKLM\software\classes\mm06ocx.mm06ocxf\ (ID = 1323810)
9:47 PM: HKCR\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (ID = 1323794)
9:47 PM: HKCR\clsid\{5526b4c6-63d6-41a1-9783-0fabf529859a}\ (ID = 1323770)
9:47 PM: Found Adware: elitemediagroup-mediamotor
9:47 PM: HKLM\software\classes\onone.theimp.1\ (ID = 1221523)
9:47 PM: HKLM\software\classes\onone.theimp\ (ID = 1221515)
9:47 PM: HKCR\onone.theimp.1\ (ID = 1221367)
9:47 PM: HKCR\onone.theimp\ (ID = 1221362)
9:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (ID = 1066860)
9:47 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
9:47 PM: HKLM\software\system\sysold\ (ID = 926808)
9:47 PM: Found Adware: enbrowser
9:47 PM: HKCR\interface\{bc12b055-c9f5-407d-9b66-1851973f32af}\ (ID = 147569)
9:47 PM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (ID = 147565)
9:47 PM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (ID = 147536)
9:47 PM: HKCR\appid\sostatatl.exe\ (ID = 147535)
9:47 PM: Found Adware: wurldmedia
9:47 PM: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135122)
9:47 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135121)
9:47 PM: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135093)
9:47 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135092)
9:47 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (ID = 135091)
9:47 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (ID = 135090)
9:47 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (ID = 135089)
9:47 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (ID = 135088)
9:47 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135079)
9:47 PM: HKLM\software\classes\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135078)
9:47 PM: HKLM\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135077)
9:47 PM: HKCR\nn_bar_dummy.nn_bardummy\ (ID = 135076)
9:47 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (ID = 135075)
9:47 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135066)
9:47 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135065)
9:47 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135064)
9:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (ID = 104552)
9:46 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
9:46 PM: Found Adware: blazefind
9:46 PM: HKLM\software\classes\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (ID = 101996)
9:46 PM: HKCR\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (ID = 101981)
9:46 PM: Found Trojan Horse: 2nd-thought
9:46 PM: Starting Registry Sweep
9:46 PM: Memory Sweep Complete, Elapsed Time: 00:08:16
9:39 PM: The Spy Communication shield has blocked access to: CLICKFAST.BIZ
9:39 PM: The Spy Communication shield has blocked access to: CLICKFAST.BIZ
9:39 PM: The Spy Communication shield has blocked access to: CLICKFAST.BIZ
9:39 PM: The Spy Communication shield has blocked access to: CLICKFAST.BIZ
9:38 PM: Detected running threat: C:\WINDOWS\SYSTEM32\nsj2E.dll (ID = 347699)
9:38 PM: Starting Memory Sweep
9:38 PM: C:\WINDOWS\SYSTEM32\nsj2E.dll (ID = 1625910)
9:38 PM: HKCR\clsid\{746455fe-d059-47e7-af0e-140e03f5a447}\inprocserver32\ (ID = 1625910)
9:38 PM: Found Adware: ezula ilookup
9:38 PM: HKCR\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\inprocserver32\ (ID = 1537866)
9:38 PM: Found Adware: maxifiles
9:38 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
9:38 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
9:38 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
9:38 PM: Found Adware: mirar webband
9:38 PM: Sweep initiated using definitions version 757
9:38 PM: Spy Sweeper 5.0.5.1286 started
9:38 PM: | Start of Session, Friday, September 08, 2006 |
********
9:38 PM: | End of Session, Friday, September 08, 2006 |
9:37 PM: Your spyware definitions have been updated.
Operation: File Access
Target:
Source: C:\PROGRA~1\MCAFEE\VIRUSS~1\MCSHIELD.EXE
9:37 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:25 PM: Shield States
9:25 PM: Spyware Definitions: 691
9:16 PM: Spy Sweeper 5.0.5.1286 started
9:16 PM: Spy Sweeper 5.0.5.1286 started
9:16 PM: | Start of Session, Friday, September 08, 2006 |
********


and here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:42:45 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\James\Desktop\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [lfights.exe] C:\WINDOWS\System32\lfights.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [McLogLch_exe] "C:\Program Files\McAfee\MSC\McLogLch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1757bab2f62dbf4a3d19/netzip/RdxIE.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/253dc04125c7a1...ip/RdxIE601.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {A28ED82F-EB06-4FD7-80C2-07A38488CA60} (MediaProj.VerizonMediaControl) - http://a1040.g.akamai.net/f/1040/759/1h/20...vznmcplayer.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/.../yiebio4025.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tec...tionControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 09 September 2006 - 03:59 PM

You have multiple AV's - you should only have one active AV remove the others

==========
Please click here http://www.majorgeeks.com/Sun_Java_Runtime...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.
====================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [lfights.exe] C:\WINDOWS\System32\lfights.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1757bab2f62dbf4a3d19/netzip/RdxIE.cab

O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/253dc04125c7a1...ip/RdxIE601.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} –

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v5.cab

O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\System32\lfights.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 10 September 2006 - 04:48 PM

ok i didn't remove other older java things because i tried but then my computer froze up.

and i also wasn't sure what i do on the killbox.exe part.. was "C:\WINDOWS\System32\lfights.exe" the only thing i was suposed to type in and and remove with the red X thing?


Logfile of HijackThis v1.99.1
Scan saved at 4:46:03 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\James\Desktop\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [McLogLch_exe] "C:\Program Files\McAfee\MSC\McLogLch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O16 - DPF: {A28ED82F-EB06-4FD7-80C2-07A38488CA60} (MediaProj.VerizonMediaControl) - http://a1040.g.akamai.net/f/1040/759/1h/20...vznmcplayer.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/.../yiebio4025.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tec...tionControl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE



did i do everything correctly? and thanks for the help.

edit-- also after i get everything cleared, can i remove the spysweeper and mcafee trials? because i think those are slowing my computer down. [i'll just keep yahoo because i don't think that's a trial.. and i've got ad-aware..]

Edited by carstraft, 10 September 2006 - 06:56 PM.


#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 11 September 2006 - 04:59 PM

you can remove them now

Clean

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 carstraft

carstraft
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 September 2006 - 05:42 PM

ok cool, thanks alot!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users