mysearchnow virus & hijackthis report

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
hey peepz
i picked up a mysearchnow virus =\... it puts a toolbar on my webpage and gives my lotsa pop ups.. closing games etc jst to show.. i ran ad-aware and few other programs but wtih no luck. i gotta hijackthis report if u can check this out for me that wud b great.

Logfile of HijackThis v1.99.1
Scan saved at 02:48:06, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mqbtlkubpaehdyabxgfev.us...RAhb91rZwltzU57MvD9OtkYNh7O3poGSA3sASpw2A.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {108B66D5-A29A-AF75-C1A4-D9356DC1647D} - C:\DOCUME~1\Alison\APPLIC~1\NOUNER~1\GreyTrans.exe
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LogDupeAtomView] C:\Documents and Settings\All Users\Application Data\Axis keep log dupe\wipe4.exe
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Roam enc] C:\DOCUME~1\Adrian\APPLIC~1\MAILBI~1\camp slow.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8253ABF-E5C2-41BD-9EDF-79A6C0ABB7E0}: NameServer = 212.159.13.49 212.159.13.50
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

thx
 
Joined
Sep 7, 2004
Messages
49,014
You prolly got what u have from Messenger Plus 3 - remove it in add remove programs

Lop Uninstaller at this link

DL http://www.thespykiller.co.uk/downloads.htm

Close all browser windows and run the uninstaller.

Get all of these

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/...A8BD-DBF62EDA9671&displaylang=en&Hash=RDXMHB6 (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

In HJT mark this, close IE and click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mqbtlkubpaehdyabxgfev.us...GSA3sASpw2A.htm

Boot and post a new log
 

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
hey i did that spyware doctor scan and it ses i need to register b4 i can delete files etc. wat looks worryin tho is 1 infected file is a "keylogger" which can record credit card number etc. (pc police) is ther a way i can get rid of these or do i need to register??
 

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
ok ive dun all that but still it hasnt gone :\

heres my new hijackthis log after reboot

Logfile of HijackThis v1.99.1
Scan saved at 04:40:02, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {108B66D5-A29A-AF75-C1A4-D9356DC1647D} - C:\DOCUME~1\Alison\APPLIC~1\NOUNER~1\GreyTrans.exe
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LogDupeAtomView] C:\Documents and Settings\All Users\Application Data\Axis keep log dupe\wipe4.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Roam enc] C:\DOCUME~1\Adrian\APPLIC~1\MAILBI~1\camp slow.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8253ABF-E5C2-41BD-9EDF-79A6C0ABB7E0}: NameServer = 212.159.13.49 212.159.13.50
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe


i also notice btw that i get pop ups which are blanc...

thx
 
Joined
Sep 7, 2004
Messages
49,014
For get spyware Doctor - the tools I gave you are better

Please type out full words, I don't read blog speak well.

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:


Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your desktop
This will take some time to run!
Post that log and a new HiJack log
 

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
hey this is my report in safe mode

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 02:44:02, 12/07/2005
+ Report-Checksum: 35589F7C

+ Scan result:

:mozilla.38:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.39:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.40:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.41:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.42:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.43:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.44:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.45:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.46:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.47:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.48:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.49:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.50:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.68:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.75:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
:mozilla.84:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.113:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.115:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.116:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.121:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.122:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.144:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.145:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.147:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned without backup
:mozilla.148:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned without backup
:mozilla.151:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned without backup
:mozilla.155:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned without backup
:mozilla.157:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned without backup
:mozilla.158:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned without backup
:mozilla.174:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.179:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned without backup
:mozilla.180:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned without backup
:mozilla.181:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.190:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.191:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.205:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.246:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.247:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.248:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.249:C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\h7ctlef4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.6:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.10:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.14:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.15:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.16:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.17:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.32:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.33:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.46:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.59:C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\9uw4vk9h.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.6:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.10:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.14:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.15:C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\4x7vq6qc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Grace\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Program Files\Voyager 105 ADSL Modem\DslDrv\UserDiag.exe -> Heuristic.Win32.Dialer : Cleaned without backup


::Report End


here is my new hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 02:50:59, on 12/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {108B66D5-A29A-AF75-C1A4-D9356DC1647D} - C:\DOCUME~1\Alison\APPLIC~1\NOUNER~1\GreyTrans.exe (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LogDupeAtomView] C:\Documents and Settings\All Users\Application Data\Axis keep log dupe\wipe4.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Roam enc] C:\DOCUME~1\Adrian\APPLIC~1\MAILBI~1\camp slow.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8253ABF-E5C2-41BD-9EDF-79A6C0ABB7E0}: NameServer = 212.159.13.49 212.159.13.50
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe


hmm i still hav got that mysearchnow virus.. so im not sure what to do?
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HJT

O2 - BHO: (no name) - {108B66D5-A29A-AF75-C1A4-D9356DC1647D} - C:\DOCUME~1\Alison\APPLIC~1\NOUNER~1\GreyTrans.exe (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [LogDupeAtomView] C:\Documents and Settings\All Users\Application Data\Axis keep log dupe\wipe4.exe

O4 - HKCU\..\Run: [Roam enc] C:\DOCUME~1\Adrian\APPLIC~1\MAILBI~1\camp slow.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net

O20 - AppInit_DLLs: MsgPlusLoader.dll

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\Documents and Settings\All Users\Application Data\Axis keep log dupe

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!


Please give feedback on what worked/didn’t work and the current status of your system
 

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
hmm i deleted most things in the %temp% folder except these files which wudnt delete:


~DF57AC.tmp
~DFF6B1.tmp
CmdLineExt02.dll
 

iLLegaL89

Thread Starter
Joined
Jan 27, 2005
Messages
244
ok ive just rebooted my computer... and i got a message frm microsoft windows :

to hlpe protect your computer, windows has closed this program.
name: generic host process for win32 services
publisher: microsoft coporation


however on a good note.. when i opened favourites the added links by the mysearchnow has gone :D .

ok by further inspection it looks to have gone all togeather :D yay!

im just going to run that other program you suggested and ill post on the final outcome.
thx!

ok now that its gone do i have to use that other program cause i really dont no how to! :(


-----------------------------------------------------------------------
1 more thing: can you suggest a good method of keeping your computer clean : i.e i hav mcaffee, so should i run 1) disc defragmentor 2) mcaffe 3) ad-aware 4) spyblaster etc etc. which order do you guys do it in?!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top