1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: all kinds of popups and problems!

Discussion in 'Virus & Other Malware Removal' started by muddog23, Jul 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    I've ran ewido in safe mode, adaware on safe mode and spybot in safemode. I've reset system restore. And I have ran the vundo fix and it comes up negative. In safe mode everything cleans up but it still keeps coming back. I think the problem is the sgnkk.exe and cvwgkk.exe but I cant find anything on how to fix them. If someone could give a look at this, I would be forever in your debt. Here is a hijack this log and a panda log.
    Logfile of HijackThis v1.99.1
    Scan saved at 5:41:49 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Michael Mudd\Desktop\utorrent.exe
    C:\Documents and Settings\Michael Mudd\My Documents\spyware removal\abx.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stech.web-nexus.net/sp.php/7246/60796/295/11361979/527/r=msnhome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sgnkk.exe
    F2 - REG:system.ini: UserInit=userinit.exe,ebunupp.exe
    O2 - BHO: EffBarBHO - {15E38167-B065-4BB5-B987-9F04B1E85AEA} - C:\Program Files\EngageSidebar\EffBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
    O4 - HKLM\..\Run: [cnbwki] C:\WINDOWS\system32\cvwgkk.exe reg_run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [xkiyl] C:\WINDOWS\system32\cvwgkk.exe reg_run
    O4 - Global Startup: uejhq.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O20 - AppInit_DLLs: logonui.dll C:\WINDOWS\system32\msconfig.dll
    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Here is the Panda scan:
    Incident Status Location

    Spyware:spyware/surfsidekick Not disinfected c:\windows\system32\bk.exe
    Adware:adware/superspider Not disinfected c:\windows\system32\d2kpax.dll
    Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USDR6_0001_D08M0404NetInstaller.exe
    Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
    Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
    Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Michael Mudd\Application Data\Lycos
    Adware:adware/look2me Not disinfected Windows Registry
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Adware:adware/dyfuca Not disinfected Windows Registry
    Adware:adware/wupd Not disinfected Windows Registry
    Virus:Bck/Afcore.AS Disinfected C:\4534234.cmd
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael Mudd\Cookies\michael [email protected][2].txt
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.malwarebytes.org/Qoofix.zip to your desktop. Qoofix by Rubber Ducky
    · Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
    · Close all windows and programs, including internet windows.
    · Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
    · Click Begin Removal and wait for the scan to finish
    · If Qoofix finds an infection, select yes to restart your computer
    · You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.
    =============

    Make sure you have updated Spysweeper and run it

    Get V4 of Ewido and run it - http://www.ewido.net/en/download/
     
  3. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    Qoofix v1.02 by http://www.malwarebytes.org
    Scan started on [7/27/2006] at [5:55:43 PM]
    -------------------------------------------------------------
    No malicious modules found!
    -------------------------------------------------------------
    Here's what it found


    No Qoologic infected files found!
    -------------------------------------------------------------
    Scan COMPLETED SUCCESSFULLY on [7/27/2006] at [5:58:12 PM]

    Note: Some registry keys may have been removed.

    wido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:05:25 PM 7/27/2006

    + Scan result:



    C:\Documents and Settings\Michael Mudd\Desktop\backups\backup-20060629-200807-826.dll -> Adware.Agent : Cleaned.
    C:\Documents and Settings\Michael Mudd\Desktop\backups\backup-20060710-145206-679.dll -> Adware.Agent : Cleaned.
    C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001911.dll -> Adware.Agent : Cleaned.
    C:\WINDOWS\SYSTEM32\Ldresb\Ldresb.exe -> Adware.Agent : Cleaned.
    C:\WINDOWS\SYSTEM32\Shlesb.dll -> Adware.Agent : Cleaned.
    [2200] C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned.
    [3208] C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned.
    C:\WINDOWS\SYSTEM32\nodeipproc.dll -> Adware.BHO : Cleaned.
    C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Cleaned.
    C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Cleaned.
    C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned.
    C:\WINDOWS\SYSTEM32\nsv25.dll -> Adware.Ezula : Cleaned.
    C:\WINDOWS\SYSTEM32\rrk88934.dll -> Adware.IEHelper : Cleaned.
    C:\WINDOWS\SYSTEM32\ftuninst.exe -> Adware.Linkmaker : Cleaned.
    C:\WINDOWS\system32ftuninst.exe -> Adware.Linkmaker : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{7DF02D91-3EA2-4F8C-8A75-ED2A2F38A28B}.ocx/{7DF02D91-3EA2-4F8C-8A75-ED2A2F38A28B}.ocx -> Adware.MediaMotor : Cleaned.
    C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned.
    C:\WINDOWS\SYSTEM32\tfthot.exe -> Adware.SearchAssistant : Cleaned.
    C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/ssn6tuu.exe -> Adware.Suggestor : Cleaned.
    C:\WINDOWS\SYSTEM32\gbe90qs.exe -> Adware.Suggestor : Cleaned.
    C:\WINDOWS\SYSTEM32\ssn6tuu.exe -> Adware.Suggestor : Cleaned.
    C:\WINDOWS\SYSTEM32\x3cqp0.dll -> Adware.Suggestor : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{947994BC-65BF-4C37-8ACE-30FAC48D3C56}.tmp/{947994BC-65BF-4C37-8ACE-30FAC48D3C56}.tmp -> Adware.SurfSide : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{CE411AC9-FF3A-4000-BF69-71AD8EB90BC3}.tmp/{CE411AC9-FF3A-4000-BF69-71AD8EB90BC3}.tmp -> Adware.SurfSide : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001418.cmd -> Backdoor.Afcore.cq : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{D95245C4-B1D8-45BD-B4CA-DF0BE3F12627}\{5AEC6260-0CA5-4010-AF50-254FBD9F9CCF}.dll/{5AEC6260-0CA5-4010-AF50-254FBD9F9CCF}.dll -> Backdoor.Afcore.cr : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0004004.dll -> Backdoor.Afcore.cr : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001935.exe -> Downloader.Adload.cn : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001939.exe -> Downloader.Agent.ala : Cleaned.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\__delete_on_reboot__u_e_j_h_q_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{38CFA642-A72C-4FC9-8FCB-D3F506E7D776}\{E8B63952-25FA-424A-8DE8-6F5C6F4E3F4E}.dat/{E8B63952-25FA-424A-8DE8-6F5C6F4E3F4E}.dat -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000433.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000441.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0002304.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0004001.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0004002.dll -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0004005.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0004055.exe -> Downloader.Qoologic.bj : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__i_e_w_g_c_s_b_._d_l_l_ -> Downloader.Qoologic.bj : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__s_g_n_k_k_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned.
    C:\WINDOWS\SYSTEM32\itljw.dat -> Downloader.Qoologic.bj : Cleaned.
    [2296] C:\WINDOWS\system32\iewgcsb.dll -> Downloader.Qoologic.bj : Error during cleaning.
    [3480] C:\WINDOWS\system32\iewgcsb.dll -> Downloader.Qoologic.bj : Error during cleaning.
    [3732] C:\WINDOWS\system32\iewgcsb.dll -> Downloader.Qoologic.bj : Error during cleaning.
    [3756] C:\WINDOWS\system32\iewgcsb.dll -> Downloader.Qoologic.bj : Error during cleaning.
    [3780] C:\WINDOWS\system32\iewgcsb.dll -> Downloader.Qoologic.bj : Error during cleaning.
    C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned.
    C:\WINDOWS\SYSTEM32\w4f1e6bd.dll -> Downloader.Small : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001965.exe -> Downloader.Small.ajc : Cleaned.
    C:\Program Files\Common Files\mebo.dll -> Downloader.Small.ctp : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001420.exe -> Downloader.Small.cyh : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001987.exe -> Downloader.VB.aga : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001938.exe -> Downloader.VB.agi : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001417.exe -> Downloader.VB.nw : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001419.exe -> Dropper.Mudrop.bq : Cleaned.
    C:\Documents and Settings\Michael Mudd\Local Settings\Temporary Internet Files\Content.IE5\KXEB45QR\popup[1].html -> Hijacker.Agent.a : Cleaned.
    C:\Documents and Settings\Michael Mudd\Local Settings\Temporary Internet Files\Content.IE5\OLUZW5UJ\popup[1].html -> Hijacker.Agent.a : Cleaned.
    C:\Documents and Settings\Michael Mudd\Local Settings\Temporary Internet Files\Content.IE5\OLUZW5UJ\popup[2].html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{50FEE9B5-8DC2-40D6-A3BF-C1236C20DCDB}.html/{50FEE9B5-8DC2-40D6-A3BF-C1236C20DCDB}.html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{5EE1292B-33A8-47B3-A9C4-0FB1FDE37B83}.html/{5EE1292B-33A8-47B3-A9C4-0FB1FDE37B83}.html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{6DC1F5C3-36B5-4F65-A39A-94230EF3BB04}.html/{6DC1F5C3-36B5-4F65-A39A-94230EF3BB04}.html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{9F222818-1184-492F-B330-6CDA8FB1F3D2}.html/{9F222818-1184-492F-B330-6CDA8FB1F3D2}.html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{C43E497D-625E-4706-BB96-947ADD4C4510}.html/{C43E497D-625E-4706-BB96-947ADD4C4510}.html -> Hijacker.Agent.a : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{F5BFE25C-E8F5-4428-9F5B-B7567A9E90F3}.exe/{F5BFE25C-E8F5-4428-9F5B-B7567A9E90F3}.exe -> Hijacker.IntelliAdvert : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0002725.exe -> Hijacker.StartPage.ajj : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001936.exe -> Hijacker.VB.fc : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001961.exe -> Hijacker.VB.ij : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{7134C341-E607-48F9-A651-BACAA9ED8132}.exe/{7134C341-E607-48F9-A651-BACAA9ED8132}.exe -> Hijacker.VB.lb : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001937.exe -> Hijacker.VB.lb : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{D33D1B96-A7DE-4FB8-B395-AF2E3C7C7FF8}.exe/{D33D1B96-A7DE-4FB8-B395-AF2E3C7C7FF8}.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
    :mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    :mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    :mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    :mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    :mozilla.81:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.82:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.83:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.83:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.84:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.84:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.85:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.87:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Abetterinternet : Error during cleaning.
    :mozilla.58:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
    :mozilla.59:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
    :mozilla.60:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
    :mozilla.15:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
    :mozilla.36:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Bluestreak : Error during cleaning.
    :mozilla.47:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Burstbeacon : Error during cleaning.
    :mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
    :mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
    :mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Centrport : Error during cleaning.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\497_5f37074f1_/cookies.txt -> TrackingCookie.Centrport : Error during cleaning.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\546_5558a5306_/cookies.txt -> TrackingCookie.Centrport : Error during cleaning.
    :mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Cliks : Error during cleaning.
    :mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Com : Error during cleaning.
    :mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Com : Error during cleaning.
    :mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{15138762-2F79-4033-85DD-4D59110F5166}.txt/{15138762-2F79-4033-85DD-4D59110F5166}.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.17:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.34:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
    :mozilla.32:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning.
    :mozilla.62:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
    :mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
    :mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
    :mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning.
    :mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
    :mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.71:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.72:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.73:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.75:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.76:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.77:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.78:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.79:C:\Program Files\Support.com\backup\Co\cookies.txt\9880_55c04932e_/cookies.txt -> TrackingCookie.Trafficmp : Error during cleaning.
    :mozilla.49:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
    :mozilla.50:C:\Program Files\Support.com\backup\Co\cookies.txt\10674_5794bb9ea_/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{CE82459B-0D2C-46D7-BDFF-DFBE589CBD7F}.exe/{CE82459B-0D2C-46D7-BDFF-DFBE589CBD7F}.exe -> Trojan.PurityAd : Cleaned.
    C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{C9EC9D23-3A2E-4BEE-B397-5BF8E0EE9D7D}\{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/{0A5E0A92-FB9B-48A2-B238-BB1B7A1EBBF5}.tmp/nr1rnqm8.exe -> Trojan.Runner.j : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0002890.exe -> Trojan.Runner.j : Cleaned.


    ::Report end
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    New hijack log pls

    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ===============
    In firefox - TOOLS - OPTIONS - PRIVACY - COOKIES - Check originating site only
     
  5. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    Here is the new hijack this log. My third party cookie settings were already set like you said. Also, shen I scanned with ewido and spy sweeper I wasnt in safe mode. Is that a problem?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:12:43 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uejhq.exe
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\system32\sgnkk.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Michael Mudd\My Documents\spyware removal\abx.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sgnkk.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,ebunupp.exe
    O2 - BHO: EffBarBHO - {15E38167-B065-4BB5-B987-9F04B1E85AEA} - C:\Program Files\EngageSidebar\EffBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
    O4 - HKLM\..\Run: [cnbwki] C:\WINDOWS\system32\cvwgkk.exe reg_run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Global Startup: __delete_on_reboot__u_e_j_h_q_._e_x_e_
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O20 - AppInit_DLLs: logonui.dll C:\WINDOWS\system32\msconfig.dll
    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sgnkk.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,ebunupp.exe

    O2 - BHO: EffBarBHO - {15E38167-B065-4BB5-B987-9F04B1E85AEA} - C:\Program Files\EngageSidebar\EffBar.dll

    O4 - HKLM\..\Run: [cnbwki] C:\WINDOWS\system32\cvwgkk.exe reg_run

    O4 - Global Startup: __delete_on_reboot__u_e_j_h_q_._e_x_e_

    O20 - AppInit_DLLs: logonui.dll C:\WINDOWS\system32\msconfig.dll

    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\


    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\EngageSidebar
    C:\WINDOWS\system32\sgnkk.exe
    C:\WINDOWS\system32\msconfig.dll
    C:\WINDOWS\system32\cvwgkk.exe


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    I went into safe mode and I deleted the items in hijack and I forgot to download killbox. So I went into normal mode and as soon as I started it ewido gave me all kinds of warnings about sgnkk.exe and cvwgkk.exe. So I downloaded killbox and went back into safe mode and deleted what you told me to do. So when I started it this time, there were no warning sform ewido and I don't see sgnkk.exe on the log. Let me know if I'm good yet. Thank you so much

    ogfile of HijackThis v1.99.1
    Scan saved at 9:15:16 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\Michael Mudd\My Documents\spyware removal\abx.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O20 - AppInit_DLLs: logonui.dll C:\WINDOWS\system32\msconfig.dll
    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  8. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    oops it looks like I forgot to delete the winn temp files...Sorry!!
     
  9. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    another problem I'm having is that when I try to play any type of game i.e. Hoyle card games or Battlefield2, I always get kicked back to the desktop and after I get kicked back to the desktop nothing is opened up. I don't know if that is relevant but I just checked and it is still happening, but as of now I have had no popups
     
  10. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    still gettinh the winantivirus pops. I had three of them popupp overnight. Also I get a popup that says the macromedia flash player could not be found, but I go to the flash player site and it says the player has been downloaded.
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O20 - AppInit_DLLs: logonui.dll C:\WINDOWS\system32\msconfig.dll

    O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\msconfig.dll

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  12. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    did everything you said to do in safe mode. As soon as I rebooted I had the winantivirus pop up and I had a dish tv popup. Here is the Hijack this log. Thanks for all your help!
    One more thing. As soon as I restarted I go the windows blue screen of death, which said that a fatal error had occurred. But I restarted it normall and everything was ok, except for the popups
    Logfile of HijackThis v1.99.1
    Scan saved at 2:35:23 PM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Michael Mudd\My Documents\spyware removal\abx.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Kill Windows Messenger - http://vlaurie.com/computers2/Articles/messenger.htm

    =====================

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
    =================

    Run panda again and post its log
     
  14. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    running panda here is the smith log
    SmitFraudFix v2.76

    Scan done at 15:02:13.15, Fri 07/28/2006
    Run from C:\Documents and Settings\Michael Mudd\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\keyboard1.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael Mudd\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHAE~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="C:\\Program Files\\Internet Explorer\\pojozase.html"
    "SubscribedURL"=""
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="C:\\Program Files\\MSN Gaming Zone\\mege.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="http://i23.photobucket.com/albums/b384/AdrianCoyote/Cardinals/20060416.jpg"
    "SubscribedURL"="http://i23.photobucket.com/albums/b384/AdrianCoyote/Cardinals/20060416.jpg"
    "FriendlyName"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. muddog23

    muddog23 Thread Starter

    Joined:
    Nov 22, 2004
    Messages:
    42
    messenger was already stopped. Here is the Panda report

    Incident Status Location

    Spyware:spyware/surfsidekick Not disinfected c:\windows\system32\bk.exe
    Adware:adware/superspider Not disinfected c:\windows\system32\d2kpax.dll
    Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
    Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
    Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Michael Mudd\Application Data\Lycos
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Adware:adware/dyfuca Not disinfected Windows Registry
    Adware:adware/wupd Not disinfected Windows Registry
    Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Administrator\Desktop\spyware removal\backups\backup-20060727-211038-351-uejhq.exe
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael Mudd\Cookies\michael [email protected][2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael Mudd\Cookies\michael [email protected][2].txt
    Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Michael Mudd\Cookies\michael [email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael Mudd\Desktop\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael Mudd\Local Settings\Temporary Internet Files\Content.IE5\GH0JKL4N\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487004

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice