1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Here's some fun stuff...

Discussion in 'Virus & Other Malware Removal' started by Daniel0000, Jan 22, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Logfile of HijackThis v1.99.1
    Scan saved at 2:40:52 PM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    G:\Download\eMule\eMule.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Daniel\Desktop\Security\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [$Volumouse$] "G:\Tools\volumouse\volumouse.exe" /nodlg
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O18 - Protocol: bw+0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {DB89B314-99E9-4610-837A-7A2D81B51A6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Daniel\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


    Trying to do some overall troubleshooting, got some graphics/crashing/speed problems.
    x800xt
    3.4ghz
    2xraptor raid0
    1gig mem
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Suggest you go into Add/remove programs and uninstall the Logitech Desktop Manager, this is an update thing for a Logitech device like mouse or keyboard etc you have, and is not needed.

    No malware spotted in the HJT log.

    Run hijackthis again after uninstalling LDM and see if the Backweb entries are gone, if not, you will have to manually "fix" them with HJT, put checks next to each of the 40 or so entries if they show back up, and with ALL other windows closed, click Fix Checked.

    Post a new HJT log just to see if everything is OK....

    I have seen McAfee get messed up, especially VirusScan 7.0 along with the firewall, but the firewall runs great alone...

    Are there any other antivirus programs installed, even tho they may be msconfig'd to not start up when the computer does? What exactly have you got msconfig'd off? Just a list of those things will do.
     
  3. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Had some problem uninstalling logitech messenger. Had to remove 78 entries manually :(
    Logfile of HijackThis v1.99.1
    Scan saved at 9:18:22 PM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    G:\Tools\volumouse\volumouse.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\PROGRA~1\INTERNET\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Daniel\Desktop\Security\HijackThis.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKCU\..\Run: [$Volumouse$] "G:\Tools\volumouse\volumouse.exe" /nodlg
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Daniel\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe




    AVG anti-virus was installed, but I have uninstalled that. Other than that, no real anti-virus suites. Just spyware blaster, ad-aware, s+d. God a bunch of startups disabled.
    Anti-Blaxx
    cli
    Ati2mdxx
    atiptaxx
    BacsTray
    CTDVDET
    ctfmon
    CTHELPER
    deamon
    daemon
    DMXLauncher
    DVDLauncher
    GoogleDesktop
    hpcmpmgr
    HPWuSchd
    hpztsb09
    iaanotif
    IntelMEM
    iTunesHelper
    dumprep 0 -k
    (blank??? just says blank, then program in the command line.
    LMonitor
    KHALMNPR
    Magnifying Glass
    mcagent
    mcupdate (odd since these tasks are also under the enabled list...)
    mmtask
    MpfTray
    mscifapp
    MskAgent
    MSKDetct
    reqsvr32 /s mqrt
    NeroCheck
    oasclnt
    PicasaMediaDetector
    Scheduled
    qttask
    TeaTimer
    Steam
    jusched
    realsched
    upd
    sgtray
    UpdReg (oooh this looks suspicious)
    mcvsshld
    mcmhdllr
    winampa
    WMCCFG
    Adobe Gamma Loader
    Adobe Reader Speed Launch
    Logitech Desktop Messenger
    Logitech SetPoint
    SpeedUpMyPC
    TV Remote Control
    WinTasks
    Wireless USB 2.0 WLAN Card Utility

    I can give you more info. on any of those if you're unsure as to what they are.
    I hate McAffee, and if you think I can disable some (or all) of it safely, I would absolutely do so.

    Thanks a bunch
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Well, McAfee is definitely running in your HJT log....isn't there an icon for it down in the tray bottom right?

    C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    :\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

    Looks like a version of McAfee Internet Security, you have the VirusShiled shut off in msconfig
    (mcvsshld) Looks to me anyway. But the file is running in the HJT log...?

    I really dont know what to do with all those items shut off, I recognize most of them

    This is a part of a sound card> UpdReg (oooh this looks suspicious)
    so, that is OK.

    Lots of double entries for the McAfee items, because of the RAID setup I would say. It also explains the enabled and disabled entries maybe.

    Really don't know a lot about RAID, except what it is...

    When McAfee gets messed up, the only thing I've been able to do is uninstall it, and sometimes it won't do that...there used to be a removal utility, but McAfee pulled it and I havent seen one available in a long time. Does it all seem to work, do you see firewall notices etc?

    How about the Updating part> they give a lot of updates for all the parts of the suite...
    Yesterday, I had a VirusScan v. 7.0 on an older HP machine in here, and that was screwy, simply uninstalled it and left the McAfee personal firewall, runs great now.

    That computer is probably networked and is a server? Most free antivirus progs are not network ready, but their pay-for versions usually are, like AVG Premium or business edition.

    Don't know if it is a good idea to disable this one:

    ctfmon--usually, that is legitimate, but have seen times it was not.

    Try any online scans yet?

    http://www.kaspersky.com/virusscanner
     
  5. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Yeah, McAffee Security Center. Includes FIrewall, Virus Scanner, Spam Killer and 'Privacy Service' which pissed me off, so I uninstalled it.

    Enabled under msconfig:
    mcupdate
    McAgent
    MskAgent
    CTSysVol (creative vol)
    volumouse (volume control tool)

    I think the McAfee products you listed are under services as opposed to startup. I see WSC Integration, Task Scheduler, Security Center, Debug Manager, Personal FIrewall, SPamkiller Server all under McAfee. It updates a lot, installs new things, tells me to purchase a renewal, but it never catches any viruses or anything. Does seem to block a lot with the firewall though. Spamkiller never blocks any bad e-mails, spybot ad-aware are better anyways and I have pop-up blockers already.

    You think I should just install all but the firewall?

    My computer is wired to my router, which transmits wirelessly to the other computers in my house. The wireless network shuts off multiple times a day, and is usually off when I wake up and when I get home from school. I just power cycle to fix it.

    Kaspersky found a lot! Not sure if it fixed them or just found them....?

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, January 23, 2006 18:57:57
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 23/01/2006
    Kaspersky Anti-Virus database records: 162168
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 278456
    Number of viruses found: 3
    Number of infected objects: 55
    Number of suspicious objects: 0
    Duration of the scan process: 10825 sec

    Infected Object Name - Virus Name
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe Infected: Trojan-Downloader.Win32.IstBar.ny

    Scan process completed.
    Didn't mention anything about fixing or quarantine or anything. Just gave me option for new scan.
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Kaspersky didn't remove anything it seems...

    If you want to make sure, get SpySweeper.

    SpySweeper HERE (It's a 2 week trial): Program keeps working but updates stop, you can purchase it for $20 using the discount people who use this trial version are offered.

    Click the Trial Download, middle on right of page...it's small but its there...

    Install it. Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Options on the left side.
    Click the Sweep Options tab.
    Under What to Sweep please put a check next to the following:
    Sweep Memory
    Sweep Registry
    Sweep Cookies
    Sweep All User Accounts
    Enable Direct Disk Sweeping
    Sweep Contents of Compressed Files
    Sweep for Rootkits-Make sure you DO check to do this one!
    Please UNCHECK Do not Sweep System Restore Folder.

    You should do the scan in Safe Mode-here is how:

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.



    Perform the following steps in safe mode:



    Click "Sweep Now" on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.
    Paste the contents of the session log you copied into your next reply along with a NEW Hijackthis log made after you run SpySweeper.



    After SpySweeper run this online scan:

    http://www.pandasoftware.com/produc...5D4-4DA2-B310-B1DBEC2971F2}&NRCACHEHINT=Guest

    Be sure to scan all hard (data) drives, and select to scan My Computer, It works the same way, you have to allow the Active X control, and the SP information bar popup to run the scan...it checks for updates, downloads those, then you can scan. Popup blockers, like Yahoo, can stop it from loading.

    This one should disinfect the files.

    You can stop the scan at any point and clean up to that point> I reccomend completing the full scan. Save the file called activescan.txt to your desktop, and copy/paste contents into your reply along with a new HJT log.
     
  7. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Ran a few times under safe mode and not.
    Panda found some cookies, but they weren't fixable under the trial mode.

    ********
    11:53 PM: | Start of Session, Monday, January 23, 2006 |
    11:53 PM: Spy Sweeper started
    11:53 PM: Sweep initiated using definitions version 605
    11:53 PM: Starting Memory Sweep
    11:57 PM: Memory Sweep Complete, Elapsed Time: 00:03:56
    11:57 PM: Starting Registry Sweep
    11:58 PM: Registry Sweep Complete, Elapsed Time:00:00:28
    11:58 PM: Starting Cookie Sweep
    11:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    11:58 PM: Starting File Sweep
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project.avp". Access is denied
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\settings\site_settings.avs". Access is denied
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project settings.avs". Access is denied
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin1\new project bin1.1". Access is denied
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin\new project bin.1". Access is denied
    12:00 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin2\new project bin2.1". Access is denied
    12:04 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin2\new project bin2.2". Access is denied
    12:06 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid users\daniel\mcstate". Access is denied
    12:06 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\settings\mcstate". Access is denied
    12:08 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin\new project bin.2". Access is denied
    12:20 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin1\new project bin1.2". Access is denied
    12:25 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin2.avb". Access is denied
    12:28 AM: Warning: Failed to read file "c:\program files\games\lucasarts\swkotor\streamwaves\m02ae\garo15\nm02aegaro15025_.wav". The process cannot access the file because another process has locked a portion of the file
    12:42 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin1.avb". Access is denied
    12:48 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin.avb". Access is denied
    12:48 AM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid users\daniel\daniel settings.avs". Access is denied
    1:53 AM: Found System Monitor: potentially rootkit-masked files
    1:53 AM: new project.avp (ID = 0)
    1:53 AM: new project settings.avs (ID = 0)
    1:53 AM: new project bin1.1 (ID = 0)
    1:53 AM: new project bin.1 (ID = 0)
    1:53 AM: new project bin2.1 (ID = 0)
    1:53 AM: new project bin2.2 (ID = 0)
    1:53 AM: mcstate (ID = 0)
    1:53 AM: new project bin.2 (ID = 0)
    1:53 AM: new project bin1.2 (ID = 0)
    1:53 AM: new project bin2.avb (ID = 0)
    1:53 AM: new project bin1.avb (ID = 0)
    1:53 AM: new project bin.avb (ID = 0)
    1:53 AM: daniel settings.avs (ID = 0)
    1:53 AM: appevent.log (ID = 0)
    1:53 AM: eventlog.log (ID = 0)
    1:53 AM: coreevent.log (ID = 0)
    1:53 AM: daniel.ave (ID = 0)
    1:53 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid file - not a PKZip file
    1:54 AM: Warning: Invalid Stream
    1:54 AM: Warning: Unhandled Archive Type
    2:06 AM: File Sweep Complete, Elapsed Time: 02:08:18
    2:06 AM: Full Sweep has completed. Elapsed time 02:12:45
    2:06 AM: Traces Found: 17
    7:34 AM: Removal process initiated
    7:34 AM: Quarantining All Traces: potentially rootkit-masked files
    7:34 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
    7:34 AM: new project.avp is in use. It will be removed on reboot.
    7:34 AM: new project settings.avs is in use. It will be removed on reboot.
    7:34 AM: new project bin1.1 is in use. It will be removed on reboot.
    7:34 AM: new project bin.1 is in use. It will be removed on reboot.
    7:34 AM: new project bin2.1 is in use. It will be removed on reboot.
    7:34 AM: new project bin2.2 is in use. It will be removed on reboot.
    7:34 AM: mcstate is in use. It will be removed on reboot.
    7:34 AM: new project bin.2 is in use. It will be removed on reboot.
    7:34 AM: new project bin1.2 is in use. It will be removed on reboot.
    7:34 AM: new project bin2.avb is in use. It will be removed on reboot.
    7:34 AM: new project bin1.avb is in use. It will be removed on reboot.
    7:34 AM: new project bin.avb is in use. It will be removed on reboot.
    7:34 AM: daniel settings.avs is in use. It will be removed on reboot.
    7:34 AM: appevent.log is in use. It will be removed on reboot.
    7:34 AM: eventlog.log is in use. It will be removed on reboot.
    7:34 AM: coreevent.log is in use. It will be removed on reboot.
    7:34 AM: daniel.ave is in use. It will be removed on reboot.
    7:34 AM: Preparing to restart your computer. Please wait...
    7:34 AM: Removal process completed. Elapsed time 00:00:13
    ********

    10:44 PM: File Sweep Complete, Elapsed Time: 00:48:58
    10:44 PM: Full Sweep has completed. Elapsed time 00:50:20
    10:44 PM: Traces Found: 1
    11:37 PM: Removal process initiated
    11:37 PM: Quarantining All Traces: tibs dialer
    11:37 PM: Removal process completed. Elapsed time 00:00:11
    11:40 PM: Processing Startup Alerts
    11:40 PM: Removed Startup entry: QuickTime Task
    11:40 PM: Processing Internet Explorer Favorites Alerts
    11:40 PM: Allowed IE Favorite: SPYTECH RECORDS
    11:44 PM: | End of Session, Monday, January 23, 2006 |
    ********
    9:12 PM: | Start of Session, Monday, January 23, 2006 |
    9:12 PM: Spy Sweeper started
    9:13 PM: Your spyware definitions have been updated.
    9:14 PM: IE Tracking Cookies Shield: Removed go.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed about cookie
    9:14 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
    9:14 PM: IE Tracking Cookies Shield: Removed adecn cookie
    9:14 PM: IE Tracking Cookies Shield: Removed adknowledge cookie
    9:14 PM: IE Tracking Cookies Shield: Removed adlegend cookie
    9:14 PM: IE Tracking Cookies Shield: Removed cd freaks cookie
    9:14 PM: IE Tracking Cookies Shield: Removed askmen cookie
    9:14 PM: IE Tracking Cookies Shield: Removed ask cookie
    9:14 PM: IE Tracking Cookies Shield: Removed belnk cookie
    9:14 PM: IE Tracking Cookies Shield: Removed atwola cookie
    9:14 PM: IE Tracking Cookies Shield: Removed bannerspace cookie
    9:14 PM: IE Tracking Cookies Shield: Removed belnk cookie
    9:14 PM: IE Tracking Cookies Shield: Removed bizrate cookie
    9:14 PM: IE Tracking Cookies Shield: Removed burstnet cookie
    9:14 PM: IE Tracking Cookies Shield: Removed ccbill cookie
    9:14 PM: IE Tracking Cookies Shield: Removed cd freaks cookie
    9:14 PM: IE Tracking Cookies Shield: Removed cd freaks cookie
    9:14 PM: IE Tracking Cookies Shield: Removed counter cookie
    9:14 PM: IE Tracking Cookies Shield: Removed 360i cookie
    9:14 PM: IE Tracking Cookies Shield: Removed customer cookie
    9:14 PM: IE Tracking Cookies Shield: Removed clickzs cookie
    9:14 PM: IE Tracking Cookies Shield: Removed webtrendslive cookie
    9:14 PM: IE Tracking Cookies Shield: Removed did-it cookie
    9:14 PM: IE Tracking Cookies Shield: Removed directtrack cookie
    9:14 PM: IE Tracking Cookies Shield: Removed belnk cookie
    9:14 PM: IE Tracking Cookies Shield: Removed gamespy cookie
    9:14 PM: IE Tracking Cookies Shield: Removed go.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed starware.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed clickandtrack cookie
    9:14 PM: IE Tracking Cookies Shield: Removed kmpads cookie
    9:14 PM: IE Tracking Cookies Shield: Removed linkexchange cookie
    9:14 PM: IE Tracking Cookies Shield: Removed directtrack cookie
    9:14 PM: IE Tracking Cookies Shield: Removed partypoker cookie
    9:14 PM: IE Tracking Cookies Shield: Removed pricegrabber cookie
    9:14 PM: IE Tracking Cookies Shield: Removed rc cookie
    9:14 PM: IE Tracking Cookies Shield: Removed realmedia cookie
    9:14 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
    9:14 PM: IE Tracking Cookies Shield: Removed reunion cookie
    9:14 PM: IE Tracking Cookies Shield: Removed rn11 cookie
    9:14 PM: IE Tracking Cookies Shield: Removed adjuggler cookie
    9:14 PM: IE Tracking Cookies Shield: Removed go.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed tvguide cookie
    9:14 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
    9:14 PM: IE Tracking Cookies Shield: Removed server.iad.liveperson cookie
    9:14 PM: IE Tracking Cookies Shield: Removed web-stat cookie
    9:14 PM: IE Tracking Cookies Shield: Removed dealtime cookie
    9:14 PM: IE Tracking Cookies Shield: Removed statcounter cookie
    9:14 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    9:14 PM: IE Tracking Cookies Shield: Removed about cookie
    9:14 PM: IE Tracking Cookies Shield: Removed tvguide cookie
    9:14 PM: IE Tracking Cookies Shield: Removed videodome cookie
    9:14 PM: IE Tracking Cookies Shield: Removed burstbeacon cookie
    9:14 PM: IE Tracking Cookies Shield: Removed myaffiliateprogram.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed starpulse cookie
    9:14 PM: IE Tracking Cookies Shield: Removed starware.com cookie
    9:14 PM: IE Tracking Cookies Shield: Removed xiti cookie
    9:14 PM: IE Tracking Cookies Shield: Removed yadro cookie
    9:14 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
    9:54 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 605
    9:54 PM: | End of Session, Monday, January 23, 2006 |

    When restarting, it was trying to delete those avid rootkits. Said delete was unsuccesful....

    hJT

    Logfile of HijackThis v1.99.1
    Scan saved at 7:41:32 AM, on 1/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
    C:\PROGRA~1\mcafee.com\agent\McAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Security\Webroot\Spy Sweeper\SpySweeper.exe
    G:\Tools\volumouse\volumouse.exe
    C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Security\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\PROGRA~1\INTERNET\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Daniel\Desktop\Security\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Security\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [$Volumouse$] "G:\Tools\volumouse\volumouse.exe" /nodlg
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Daniel\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Security\Webroot\Spy Sweeper\WRSSSDK.exe

    Note, kaspersky found these...

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, January 23, 2006 18:57:57
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 23/01/2006
    Kaspersky Anti-Virus database records: 162168
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 278456
    Number of viruses found: 3
    Number of infected objects: 55
    Number of suspicious objects: 0
    Duration of the scan process: 10825 sec

    Infected Object Name - Virus Name
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\Deutsch The Matrix Path of Neo crack.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\The Matrix Path of Neo cracked.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\My Downloads\US The Matrix Path of Neo crack.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079274.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079275.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079276.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079277.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP242\A0079278.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079441.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079450.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP250\A0079452.exe Infected: Trojan-Downloader.Win32.IstBar.ny

    Scan process completed.


    Thanks,
    ~D
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I am going to have to ask someone with good experience about those avid items> never run into something like that! Be just a sec, if they are online that is...

    They are being shown as adware ISTBar, and in SpySweeper as a possible rootkit....there was removal tool for ISTBaR
    at one point...and there are Rootkit revealers, however I don't toy with those! Since these are downloaded videos, they may have come in with eMule> I advise whoever uses that P2P program to dump it, as it is likely the source of your main problems. It may have been uninstalled but left some things hanging. eMule was showing in some of the older HJT logs, but does not show now.

    The rootkit detection reminds me of some things going on like the SONY copyright protection rootkit events just a month or so ago....but, since I have never worked on that, I am only speculating.
    And I don't see any indication of Sony products. More than likely, they are infected files unless it's copyright protection or false detections. There are a few people here who can probably tell you how to proceed, just a matter of when they can reply to you.

    A rootkit by nature is totally hidden to us, so I don't think you will even see or have access to those files except with an advanced tool and then maybe not at all.

    The items in System Restore can be easily taken care of, but right now I hesitate to have you turn off Restore, I assume you understand-

    I have asked someone to take a look. Depending on what happens, you may have some luck tonite, or tomorrow.
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The stuff in the "system volume information" archive you don't have to worry about for now. Those will be delete when you purge the System Restore archive.

    These you should try to manually delete in Safe Mode using the "killbox"

    http://www.downloads.subratam.org/KillBox.zip

    You can try the "standard file delete" option in the killbox and browse to and select the items one at a time. If that doesn't work, use "delete on reboot" you can add each sequentially to the list of items it will delete, you should only have to reboot once.

    I would then followup by installing and running the beta version of Blacklight from F-secure to deal with the items identified as "rootkits"

    http://www.f-secure.com/blacklight/
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Rog- Thank you!
     
  11. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Thanks very much Roger.
    Killbox worked fine.
    When I run BlackLight, it finds nothing in its scan....
     
  12. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I would like to see a SpySweeper fresh log made from Safe Mode

    Check that all the Sweep Options are enabled, scan, save the results and post please.
     
  13. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    ********
    4:31 PM: | Start of Session, Wednesday, January 25, 2006 |
    4:31 PM: Spy Sweeper started
    4:31 PM: Sweep initiated using definitions version 605
    4:31 PM: Starting Memory Sweep
    4:32 PM: Memory Sweep Complete, Elapsed Time: 00:00:57
    4:32 PM: Starting Registry Sweep
    4:32 PM: Registry Sweep Complete, Elapsed Time:00:00:22
    4:32 PM: Starting Cookie Sweep
    4:32 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    4:32 PM: Starting File Sweep
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project.avp". Access is denied
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\settings\site_settings.avs". Access is denied
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project settings.avs". Access is denied
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin1\new project bin1.1". Access is denied
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin\new project bin.1". Access is denied
    4:33 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin2\new project bin2.1". Access is denied
    4:35 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin2\new project bin2.2". Access is denied
    4:37 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid users\daniel\mcstate". Access is denied
    4:37 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\settings\mcstate". Access is denied
    4:38 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin\new project bin.2". Access is denied
    4:44 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid attic\new project\bins\new project bin1\new project bin1.2". Access is denied
    4:46 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin2.avb". Access is denied
    4:57 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin1.avb". Access is denied
    5:00 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid projects\new project\new project bin.avb". Access is denied
    5:00 PM: Warning: Failed to open file "c:\program files\film\avid\avid xpress pro\avid users\daniel\daniel settings.avs". Access is denied
    5:22 PM: File Sweep Complete, Elapsed Time: 00:49:16
    5:22 PM: Full Sweep has completed. Elapsed time 00:50:38
    5:22 PM: Traces Found: 0
    ********


    Same files.
    The blacklight program still scans and finds nothing.
    Those files are still there...

    Windows Explorere now crashes 'encountered a problem and needs to close. We are sorry for the inconvenience.' It crashes and then restarts and then crashes again.

    Hmmm...
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well, Avid Xpress pro is certainly not a root kit. Why the scanner cannot open them I don't know -- but I don't think you have any worries there.

    When is this Explorer error occuring, is there any pattern to it? Does it occur in Safe Mode, or if you log into another User Account? You can test by enabling the Guest Account if necessary.
     
  15. Daniel0000

    Daniel0000 Thread Starter

    Joined:
    Aug 29, 2004
    Messages:
    92
    Only happened for the first restart after using safe mode. Never seen it before. Working fine now.
    Under safe mode it listed an Administrator and Daniel. Assuming I'm the administrator-I logged into myself. Not sure if that's related.
    Well everything looks clean then, or mostly. Still getting some strange graphics crashing problems. Can link you go that forum.
    http://forums.techguy.org/games/436284-sound-loop-strange-crashing.html#post3311888
    Thanks,
    ~D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436281

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice