Can't get rid of this(RESOLVED)
-
Can't get rid of this(RESOLVED)
I unfortunately downloadd some type of spyware or adware......it hijacks my home page, highlights words on web pages and when you click on them takes you to another webpage........i am getting pop ups......and just making using the web annoying......any help would be appreciated.....i know one of them is qoolaid.....then i get popups from zeno........i have ran spybot and adaware but it hasn't cured it
Logfile of HijackThis v1.99.1
Scan saved at 2:52:10 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1128498511\ee\AOLSoftware.exe
C:\windows\winsysban3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\mwinnsap.exe
c:\windows\system32\dwdsregt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsx1C3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128498511\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [{E2-21-1A-A0-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinnsap.exe FI002
O4 - HKLM\..\RunOnce: [cleanup] cmd /c IF NOT EXIST "C:\Program Files\Jalmp\qlink32.dll" (IF EXIST "C:\Program Files\Jalmp\uninstall.exe" rmdir /s /q "C:\Program Files\Jalmp\")
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\rmdsrego.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107155515578
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
-
-
Hi and welcome to DAL,
You have to have patience, we do this for free and we have personal lives that need to be taken care of and we get to everybody as soon as possible so relax and your computer will be fixed free of charge but families do come first as well as jobs that we have to support those families.
Please download, install, and update the NEW free version of Ewido trojan scanner:
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please post the Ewido log and a new hijackthis log as well. Thanks.
-
No disrespect was ment....just didn't know if a mod was on here full time or not ....
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:20:18 PM, 1/26/2006
+ Report-Checksum: 45D36B8C
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Ignored
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Ignored
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Ignored
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Ignored
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Ignored
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Ignored
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Ignored
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Ignored
:mozilla.16:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\86qh9ztn.hammerpro\c ookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.18:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\86qh9ztn.hammerpro\c ookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.6:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.7:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.8:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.9:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.10:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\7V9VFPSG\stubNsbg[1].exe -> Spyware.Maxifiles : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1085031214-1078145449-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[1580] C:\windows\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
[2560] C:\WINDOWS\system32\mwinnsap.exe -> Adware.ZenoSearch : Cleaned with backup
[2784] c:\windows\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Justin Case\Application Data\Mozilla\Firefox\Profiles\mbytj45l.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@coxhsi.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@data4.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wfkospcpokq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wfkyuhc5sdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wfliwndjebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wfmywpdzekq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wgkoehazkcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjk4kidjsdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjk4kldpehq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkoaoajmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkokpdzofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkookcjafq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkownajoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkygld5oco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjkyqndjsfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjl4wpdjwkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjlygpcjsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjlysgdzaap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjlyujdjsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjmiepdpsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjmiklajiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjny-1jc5mf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjny-1mazac.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjnycpazaap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@e-2dj6wjnygmc5mlp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@metacafe.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@ostg.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@symantec.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Case\Cookies\justin case@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Justin Case\Desktop\2005 MUSIC\bootlegs\New Folder (2)\Xara Xtreme v2.0\Xara.Xtreme.v2.0.DL.Cracked-SSG.zip/patch_xara.exe -> Downloader.VB.ts : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temp\Cookies\justin case@e-2dj6wjkoomczccp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temp\D2D22DA.tmp/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\Justin Case\Local Settings\Temp\i22DF.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\2EC5E6RR\MTE3MTk6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\2EC5E6RR\winsysban3[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\2EC5E6RR\ZIFI002[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ABUXQ3UH\bag[1].htm -> Not-A-Virus.Exploit.JS.CVE20051790.j : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ABUXQ3UH\idlemg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ABWFED2H\876057[1].exe -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ABWFED2H\drsmartload[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\IJ23456P\regular_plugin[1].exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\IJ23456P\winsysban[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\LX5N6M3M\winsysupd3[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ML92B6X4\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\MZG1WN8Z\stub_109_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\ONH7A2J1\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\PK5HKQWP\emg2[1].exe -> Spyware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\PK5HKQWP\mediaview[1].cab/elite.ocx -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\RZL7RTKO\cygwid[1].exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\RZL7RTKO\NNSCAA638[1].EXE -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\UXT2VIPC\inst_0004[1].exe -> Downloader.Small.cam : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\UXT2VIPC\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\UXT2VIPC\winsysupd2[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\Justin Case\Local Settings\Temporary Internet Files\Content.IE5\W76T45GA\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Diet K\dk\dietk3.dat -> Spyware.Cydoor : Cleaned with backup
C:\Program Files\InetGet2\emg2.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\DH.dll_tobedeleted -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\irismon.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\irsmkwwq.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\mwinnsap.exe -> Adware.ZenoSearch : Cleaned with backup
-
part 2 of report
C:\Program Files\InetGet2\emg2.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\DH.dll_tobedeleted -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\irismon.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\irsmkwwq.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\mwinnsap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\rmdsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\winsysban2.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysupd2.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\WINDOWS\winsysupd3.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup
::Report End
-
Logfile of HijackThis v1.99.1
Scan saved at 9:22:45 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1128498511\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsx1C3.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128498511\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\RunOnce: [cleanup] cmd /c IF NOT EXIST "C:\Program Files\Jalmp\qlink32.dll" (IF EXIST "C:\Program Files\Jalmp\uninstall.exe" rmdir /s /q "C:\Program Files\Jalmp\")
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\rmdsrego.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107155515578
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
-
Hi, next step
Go into add/remove program and remove viewpoint and all related to viewpoint
Reboot if removed
Go here to learn how to show hidden files/folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Disable SpywareGuard by right clicking the icon down by the clock and select "exit". This excellent program could hinder the fix.
Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat
I need you to submit file(s) to see if it(they) are infected or legit:--http://virusscan.jotti.org/
Files:---c:\windows\myupdates.exe
If the above scanner finds the file to be infected fix it below please
Run hijackthis and click on scan button and put checks next to these items please:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsx1C3.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe---If above scanner says bad please fix
O4 - HKLM\..\RunOnce: [cleanup] cmd /c IF NOT EXIST "C:\Program Files\Jalmp\qlink32.dll" (IF EXIST "C:\Program Files\Jalmp\uninstall.exe" rmdir /s /q "C:\Program Files\Jalmp\")
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\rmdsrego.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
Nothing open but hijackthis and click "fix checked"
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Hunt for and delete if present:
C:\Program Files\Viewpoint < folder
c:\windows\myupdates.exe < file---If above scanner says bad please delete
C:\Program Files\Jalmp < folder
C:\WINDOWS\system32\rmdsrego.exe < file
C:\Program Files\Common Files\VCClient < folder
Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter at the prompts.
Then:
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter
Reboot
Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start
Post a new HJT log for further review
Last edited by Neal; 27-01-2006 at 10:28 PM.
-
Logfile of HijackThis v1.99.1
Scan saved at 4:34:03 AM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SGFyb2xk\command.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wgse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Common Files\AOL\1128498511\ee\aolsoftware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0o8w0lk0.dll] RUNDLL32.EXE 0o8w0lk0.dll,b 191615
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128498511\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107155515578
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs302972988.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\r0p80a7ued.dll
O20 - Winlogon Notify: winmkv32 - C:\WINDOWS\SYSTEM32\winmkv32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFyb2xk\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
-
Well my friend your computer has been infected by a bunch of new stuff, and I suggest that you do not do anything on the internet except to come here and to get the needed tools to fix your computer until we can get a handle on this.
First step:
Please download LSP-Fix from the following link and save it to a location you can find later if necessary. DESKTOP.
Download LSPfix here:
http://www.cexx.org/lspfix.htm
Or here:
http://www.snapfiles.com/get/lspfix.html
Download it and save it to your desktop. If we don't need it you can delete it. Once this tool is saved we can go after NewDotNet and Webhancer
This tool will restore your internet connection if you lose it while removing
NEWDOTNET/NEW.NET and WebHancer
If you do lose your internet connection run the tool and "click finish"
Do not run the tool unless you lose your internet connection
Go into add/remove program and remove IF FOUND
NEWDOTNET/NEW.NET
Webhancer
Reboot if removed
If New.Net/NewDotNet is not listed run the following uninstaller:
· From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_76.exe.
· Download and save uninstall6_76.exe to Local Disc C
· Click on Start.
· Click on Run.
· In the Open window type, http://www.new.net/support/uninstall6_90.exe.
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot if not prompted.
Then:
You have the latest version of VX2. Download L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.
if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
-
When attempting to dowload http://www.new.net/support/uninstall6_90.exe. it say connection refused.......now what?......before i proceed with what you said to do i will wait and see what you think i should do......i tried ie and firefox and both gave a message that connection was refused.......thanks for your help
