1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

medic! medic!

Discussion in 'Virus & Other Malware Removal' started by rockstar7rebel, Jun 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. rockstar7rebel

    rockstar7rebel Thread Starter

    Joined:
    Jun 9, 2006
    Messages:
    18
    hello there,

    i've been ambushed by spyware and need your wisdom and benevolence... :)
    here is a copy of my hijackthis.log

    thank you guys so much.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:06:26 PM, on 6/9/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\users32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\qjrkvy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    is there any hope for me?
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. rockstar7rebel

    rockstar7rebel Thread Starter

    Joined:
    Jun 9, 2006
    Messages:
    18
    ********
    5:29 PM: | Start of Session, Friday, June 09, 2006 |
    5:29 PM: Spy Sweeper started
    5:29 PM: Sweep initiated using definitions version 696
    5:29 PM: Starting Memory Sweep
    5:33 PM: Memory Sweep Complete, Elapsed Time: 00:04:36
    5:33 PM: Starting Registry Sweep
    5:33 PM: Found Adware: blazefind
    5:33 PM: HKCR\bridge.brdg\ (1 subtraces) (ID = 104437)
    5:33 PM: HKCR\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104449)
    5:33 PM: HKCR\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104459)
    5:33 PM: HKCR\jao.jao\ (1 subtraces) (ID = 104463)
    5:33 PM: HKLM\software\classes\bridge.brdg\ (1 subtraces) (ID = 104468)
    5:33 PM: HKLM\software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104482)
    5:33 PM: HKLM\software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104491)
    5:33 PM: HKLM\software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104501)
    5:33 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\ (1 subtraces) (ID = 104519)
    5:33 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bridge\ (1 subtraces) (ID = 104547)
    5:33 PM: HKCR\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104567)
    5:33 PM: Found Adware: cws_tiny0
    5:33 PM: HKCR\clsid\{bfb13f83-4e3b-a3c3-d100-fee3424cd9c0}\ (6 subtraces) (ID = 123985)
    5:33 PM: HKLM\software\classes\clsid\{bfb13f83-4e3b-a3c3-d100-fee3424cd9c0}\ (6 subtraces) (ID = 124214)
    5:33 PM: Found Adware: daily toolbar
    5:33 PM: HKCR\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124556)
    5:33 PM: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124557)
    5:33 PM: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124560)
    5:33 PM: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124561)
    5:33 PM: HKCR\dailytoolbar.ieband\ (1 subtraces) (ID = 124562)
    5:33 PM: HKCR\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124564)
    5:33 PM: HKCR\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124565)
    5:33 PM: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124566)
    5:33 PM: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124567)
    5:33 PM: HKLM\software\classes\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124576)
    5:33 PM: HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124577)
    5:33 PM: HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124587)
    5:33 PM: HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124588)
    5:33 PM: HKLM\software\classes\dailytoolbar.ieband\ (1 subtraces) (ID = 124590)
    5:33 PM: HKLM\software\classes\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124592)
    5:33 PM: HKLM\software\classes\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124593)
    5:33 PM: HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124594)
    5:33 PM: HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124595)
    5:33 PM: HKLM\software\dailytoolbar\ (1 subtraces) (ID = 124601)
    5:33 PM: HKLM\software\nix solutions\dailytoolbar\ (1 subtraces) (ID = 124641)
    5:33 PM: Found Adware: purityscan
    5:33 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
    5:33 PM: Found Adware: tubby toolbar
    5:33 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
    5:34 PM: Found Trojan Horse: trojan-downloader-wstart
    5:34 PM: HKCR\appid\wstart.dll\ (1 subtraces) (ID = 144900)
    5:34 PM: HKCR\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144901)
    5:34 PM: HKCR\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144902)
    5:34 PM: HKLM\software\classes\appid\wstart.dll\ (1 subtraces) (ID = 144903)
    5:34 PM: HKLM\software\classes\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144904)
    5:34 PM: HKLM\software\classes\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144905)
    5:34 PM: HKLM\software\classes\wstart.whttphelper.1\ (1 subtraces) (ID = 144906)
    5:34 PM: HKLM\software\classes\wstart.whttphelper\ (1 subtraces) (ID = 144907)
    5:34 PM: HKLM\software\wsoft\ (1 subtraces) (ID = 144909)
    5:34 PM: HKCR\wstart.whttphelper.1\ (1 subtraces) (ID = 144910)
    5:34 PM: HKCR\wstart.whttphelper\ (1 subtraces) (ID = 144911)
    5:34 PM: Found Adware: directrevenue-abetterinternet
    5:34 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200}\ (1 subtraces) (ID = 145924)
    5:34 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000}\ (1 subtraces) (ID = 145925)
    5:34 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}\ (1 subtraces) (ID = 145927)
    5:34 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ (1 subtraces) (ID = 145940)
    5:34 PM: HKLM\software\respondmiter\ (1 subtraces) (ID = 146128)
    5:34 PM: Found Adware: cws_popkillerfilter
    5:34 PM: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 1073250)
    5:34 PM: Registry Sweep Complete, Elapsed Time:00:00:30
    5:34 PM: Starting Cookie Sweep
    5:34 PM: Found Spy Cookie: 2o7.net cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 1957)
    5:34 PM: Found Spy Cookie: websponsors cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 3665)
    5:34 PM: Found Spy Cookie: adknowledge cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 2072)
    5:34 PM: Found Spy Cookie: pointroll cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 3148)
    5:34 PM: Found Spy Cookie: advertising cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2175)
    5:34 PM: Found Spy Cookie: ask cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2245)
    5:34 PM: Found Spy Cookie: atlas dmt cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 2253)
    5:34 PM: Found Spy Cookie: atwola cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2255)
    5:34 PM: Found Spy Cookie: belnk cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2292)
    5:34 PM: Found Spy Cookie: casalemedia cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2354)
    5:34 PM: some1 less [email protected][2].txt (ID = 2293)
    5:34 PM: Found Spy Cookie: ru4 cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 3269)
    5:34 PM: Found Spy Cookie: fastclick cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 2651)
    5:34 PM: Found Spy Cookie: findwhat cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2674)
    5:34 PM: Found Spy Cookie: mediaplex cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 6442)
    5:34 PM: some1 less [email protected][1].txt (ID = 1958)
    5:34 PM: Found Spy Cookie: nextag cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 5014)
    5:34 PM: Found Spy Cookie: questionmarket cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 3217)
    5:34 PM: Found Spy Cookie: realmedia cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 3235)
    5:34 PM: Found Spy Cookie: tacoda cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 6444)
    5:34 PM: Found Spy Cookie: trafficmp cookie
    5:34 PM: some1 less [email protected][2].txt (ID = 3581)
    5:34 PM: Found Spy Cookie: tribalfusion cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 3589)
    5:34 PM: Found Spy Cookie: burstbeacon cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 2335)
    5:34 PM: Found Spy Cookie: zedo cookie
    5:34 PM: some1 less [email protected][1].txt (ID = 3762)
    5:34 PM: [email protected][1].txt (ID = 1957)
    5:34 PM: [email protected][1].txt (ID = 2175)
    5:34 PM: [email protected][2].txt (ID = 2253)
    5:34 PM: [email protected][1].txt (ID = 2255)
    5:34 PM: [email protected][2].txt (ID = 3269)
    5:34 PM: Found Spy Cookie: statcounter cookie
    5:34 PM: [email protected][2].txt (ID = 3447)
    5:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    5:34 PM: Starting File Sweep
    5:34 PM: a0017158.pif:dkditu (ID = 200)
    5:34 PM: Found Trojan Horse: trojan-backdoor-securemulti
    5:34 PM: a0017178.exe (ID = 278247)
    5:34 PM: ipqp.exe (ID = 201)
    5:34 PM: mfcjr32.exe (ID = 201)
    5:34 PM: a0017158.pif:maggxx (ID = 200)
    5:34 PM: a0017174.pif:dkditu (ID = 200)
    5:35 PM: a0017174.pif:maggxx (ID = 200)
    5:38 PM: d3xt.exe (ID = 200)
    5:39 PM: a0017174.pif:ljldzk (ID = 201)
    5:39 PM: a0017174.pif:uzvbuv (ID = 201)
    5:44 PM: orclrkhk.exe (ID = 297738)
    5:45 PM: a0017179.dll (ID = 271080)
    5:47 PM: a0017158.pif:uzvbuv (ID = 201)
    5:47 PM: javaep32.exe (ID = 201)
    5:48 PM: lxznbrcm.exe (ID = 297738)
    5:48 PM: taskdir~.exe (ID = 278247)
    5:48 PM: a0017158.pif:ljldzk (ID = 201)
    5:48 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_ntuser_s-1-5-19". The system cannot find the path specified
    5:48 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_usrclass_s-1-5-21-789336058-1682526488-854245398-1004". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_machine_security". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\repository\fs\objects.map". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_ntuser_s-1-5-18". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_machine_sam". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_.default". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_usrclass_s-1-5-20". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\change.log.1". The system cannot find the path specified
    5:50 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\comdb.dat". The system cannot find the path specified
    5:52 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\repository\fs\index.btr". The system cannot find the path specified
    5:53 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_machine_system". The system cannot find the path specified
    5:53 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_user_ntuser_s-1-5-21-789336058-1682526488-854245398-1004". The system cannot find the path specified
    5:53 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\_registry_machine_software". The system cannot find the path specified
    5:53 PM: Warning: Failed to open file "c:\system volume information\_restore{a9dfb560-c32e-4538-80a8-2e4f9b3fe45e}\rp107\snapshot\repository\fs\objects.data". The system cannot find the path specified
    5:56 PM: jdwilpqh.exe (ID = 297738)
    5:56 PM: File Sweep Complete, Elapsed Time: 00:22:24
    5:56 PM: Full Sweep has completed. Elapsed time 00:27:40
    5:56 PM: Traces Found: 161
    11:20 PM: Removal process initiated
    11:21 PM: Quarantining All Traces: directrevenue-abetterinternet
    11:21 PM: Quarantining All Traces: purityscan
    11:21 PM: Quarantining All Traces: trojan-backdoor-securemulti
    11:21 PM: Quarantining All Traces: blazefind
    11:21 PM: Quarantining All Traces: cws_popkillerfilter
    11:21 PM: Quarantining All Traces: cws_tiny0
    11:21 PM: Quarantining All Traces: daily toolbar
    11:21 PM: Quarantining All Traces: trojan-downloader-wstart
    11:21 PM: Quarantining All Traces: tubby toolbar
    11:21 PM: Quarantining All Traces: 2o7.net cookie
    11:21 PM: Quarantining All Traces: adknowledge cookie
    11:21 PM: Quarantining All Traces: advertising cookie
    11:21 PM: Quarantining All Traces: ask cookie
    11:21 PM: Quarantining All Traces: atlas dmt cookie
    11:21 PM: Quarantining All Traces: atwola cookie
    11:21 PM: Quarantining All Traces: belnk cookie
    11:21 PM: Quarantining All Traces: burstbeacon cookie
    11:21 PM: Quarantining All Traces: casalemedia cookie
    11:21 PM: Quarantining All Traces: fastclick cookie
    11:21 PM: Quarantining All Traces: findwhat cookie
    11:21 PM: Quarantining All Traces: mediaplex cookie
    11:21 PM: Quarantining All Traces: nextag cookie
    11:21 PM: Quarantining All Traces: pointroll cookie
    11:21 PM: Quarantining All Traces: questionmarket cookie
    11:21 PM: Quarantining All Traces: realmedia cookie
    11:21 PM: Quarantining All Traces: ru4 cookie
    11:21 PM: Quarantining All Traces: statcounter cookie
    11:21 PM: Quarantining All Traces: tacoda cookie
    11:21 PM: Quarantining All Traces: trafficmp cookie
    11:21 PM: Quarantining All Traces: tribalfusion cookie
    11:21 PM: Quarantining All Traces: websponsors cookie
    11:21 PM: Quarantining All Traces: zedo cookie
    11:22 PM: Removal process completed. Elapsed time 00:01:21
    ********
    5:26 PM: | Start of Session, Friday, June 09, 2006 |
    5:26 PM: Spy Sweeper started
    5:27 PM: Your spyware definitions have been updated.
    5:29 PM: | End of Session, Friday, June 09, 2006 |

    Logfile of HijackThis v1.99.1
    Scan saved at 11:24:19 PM, on 6/9/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\users32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\qjrkvy.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    how's it look doc?
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    DownLoad http://www.intermute.com/spysubtract/cwshredder_download.html
    Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"


    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe

    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\susp.exe
    C:\WINDOWS\System32\runsrv32.exe
    C:\WINDOWS\System32\adobepnl.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/474003

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice