1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help with HijackThis / Clean up

Discussion in 'Virus & Other Malware Removal' started by Ophidian, Aug 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Hi everyone,

    My friend's computer has been having pop ups to the point where it makes it hard to use. I already went through using Ad-aware to clean up some of the system. Can anyone help me by looking over this HijackThis log and tell me what I should get rid of? Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 8:14:53 AM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\algm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\hkcmd.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Clean up Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\txbad.exe
    F2 - REG:system.ini: UserInit=userinit.exe,eshengy.exe
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [jwunafnA] C:\WINDOWS\jwunafnA.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R3JlYXREZWFscw\command.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,319
    you've got some stuff that needs to be examined, if not removed. Wait for an expert.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download Qoofix by Rubber Ducky to your desktop.
    • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
    • Close all windows and programs, including internet windows.
    • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
    • Click Begin Removal and wait for the scan to finish
    • If Qoofix finds an infection, select yes to restart your computer
    • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.
     
  4. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    I ran Qoofix... here are the contents of the log file:

    Qoofix v1.03 by http://www.malwarebytes.org
    Scan started on [8/11/2006] at [6:55:00 PM]
    -------------------------------------------------------------
    Terminated module: jvjvtjk.dll found in explorer.exe (1200)
    Terminated module: jvjvtjk.dll found in txbad.exe (1208)
    Terminated module: jvjvtjk.dll found in txbad.exe (1232)
    Terminated module: jvjvtjk.dll found in txbad.exe (1240)
    Terminated module: jvjvtjk.dll found in dojvdb.exe (1248)
    Terminated module: jvjvtjk.dll found in SynTPLpr.exe (1456)
    Terminated module: jvjvtjk.dll found in SynTPEnh.exe (468)
    Terminated module: jvjvtjk.dll found in realsched.exe (600)
    Terminated module: jvjvtjk.dll found in mcvsshld.exe (840)
    Terminated module: jvjvtjk.dll found in SM1bg.exe (1068)
    Terminated module: jvjvtjk.dll found in hkcmd.exe (988)
    Terminated module: jvjvtjk.dll found in mcagent.exe (1548)
    Terminated module: jvjvtjk.dll found in iTunesHelper.exe (1836)
    Terminated module: jvjvtjk.dll found in ViewMgr.exe (304)
    Terminated module: jvjvtjk.dll found in AOLHostManager.exe (2184)
    Terminated module: jvjvtjk.dll found in AOLServiceHost.exe (2276)
    -------------------------------------------------------------
    C:\WINDOWS\system32\dojvdb.exe will be deleted on reboot!
    C:\WINDOWS\system32\eshengy.exe will be deleted on reboot!
    C:\WINDOWS\system32\ilyyo.dat will be deleted on reboot!
    C:\WINDOWS\system32\jvjvtjk.dll will be deleted on reboot!
    C:\WINDOWS\system32\txbad.exe will be deleted on reboot!
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uvvwj.exe will be deleted on reboot!
    C:\WINDOWS\unwn.exe will be deleted on reboot!
    C:\WINDOWS\system32\dmonwv.dll will be deleted on reboot!

    User prompted YES to reboot, system now rebooting...
    -------------------------------------------------------------
    Scan COMPLETED SUCCESSFULLY on [8/11/2006] at [7:10:54 PM]

    Note: Some registry keys may have been removed.

    Thanks for the help by the way... so what do you recommend to do next?
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  6. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Here is the new HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:51:33 AM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Clean up Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [jwunafnA] C:\WINDOWS\jwunafnA.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R3JlYXREZWFscw\command.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)
     
  7. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Here are the Ewido scan results (Had to break into two parts since it was so long):
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:59:30 AM 8/12/2006

    + Scan result:



    C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Application Data\Αdobe\nslookup.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\!update.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
    C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\NDrv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\x3cqp0.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\D3DFD.tmp/ssn6tuu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\i100.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\owinlqez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\pkdsregn.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Local Settings\Temp\picture28.zip/picture28.pif -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0081765.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
    C:\dfndr.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081757.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\w0034465.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\w0038da0.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081487.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081751.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081752.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081753.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081754.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081755.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\f223931.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\hose.dll.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0079582.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\ac2_0004.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
    C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\hose.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0080490.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
    C:\bootconect.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0080492.exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
    C:\drsmartload1.exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
    C:\drsmartload849a.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
    C:\WINDOWS\ms0672646-200122006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
    C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
    C:\WINDOWS\win3208646-2001272.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
    C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
    C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
    C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
    C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\Program Files\wallpap.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
    C:\Program Files\wallpap.js -> Hijacker.Small.jf : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\D3DFD.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20A.tmp\opnste.dll -> Hijacker.VB.ep : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0080495.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
    :mozilla.227:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.119:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.120:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.121:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.123:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.124:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.125:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.126:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.127:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.128:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.129:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.130:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.131:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.135:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.137:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.138:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.307:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.323:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.354:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.472:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.486:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20E.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq267.tmp -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq211.tmp -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.275:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.276:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.277:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.278:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.279:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.280:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.230:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.231:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.43:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.44:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.46:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.47:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq217.tmp -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.40:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq218.tmp -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21A.tmp -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
    :mozilla.355:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21D.tmp -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.274:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    :mozilla.403:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.404:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq220.tmp -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq221.tmp -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq222.tmp -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq225.tmp -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq226.tmp -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
    :mozilla.175:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq229.tmp -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup (quarantined).
    :mozilla.501:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.503:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected]seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected]seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Euniverseads : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    :mozilla.108:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.439:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.440:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.32:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.36:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    :mozilla.429:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.132:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.133:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.134:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.136:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq228.tmp -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
    :mozilla.155:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.142:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.143:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.144:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.110:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.111:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21F.tmp -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.350:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq215.tmp -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq253.tmp -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.13:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.219:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.220:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.395:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
    :mozilla.282:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.105:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.106:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
     
  8. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    (Ewido results continued...)

    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.109:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.442:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.443:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.515:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.516:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.582:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.583:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.584:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.585:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.586:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.587:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.482:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.63:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.674:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.675:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.708:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.709:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    :mozilla.233:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.234:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.235:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.236:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.237:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.239:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.240:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.241:C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0081756.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\D3DFD.tmp/nr1rnqm8.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


    ::Report end
    ________________________________________________________________________
    And here are the Panda ActiveScan results:


    Incident Status Location

    Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
    Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
    Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
    Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
    Adware:adware/opensite Not disinfected Windows Registry
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\GreatDeals\Application Data\Mozilla\Firefox\Profiles\n3tnkc61.default\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][2].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt
    Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\GreatDeals\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\GreatDeals\Local Settings\Temp\Cookies\[email protected][1].txt
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We'll use it later.

    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C:) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with this yet!

    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.


    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon [​IMG] and select alcanshorty.bfu
    • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    Post a new Hijack This log.
     
  10. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Logfile of HijackThis v1.99.1
    Scan saved at 9:05:04 PM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Clean up Stuff\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [jwunafnA] C:\WINDOWS\jwunafnA.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)

    Ok that's the new HijackThis scan...
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [jwunafnA] C:\WINDOWS\jwunafnA.exe

    O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)


    Close Hijack This and boot into Safe Mode.

    * Double click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\WildTangent\
    C:\Program Files\Viewpoint\
    C:\WINDOWS\jwunafnA.exe
    c:\windows\keyboard1.dat
    c:\windows\uninstall_nmon.vbs
    c:\program files\common files\Download


    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History

    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Reboot, post a new Hijack This log.
     
  12. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Logfile of HijackThis v1.99.1
    Scan saved at 9:42:51 PM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Clean up Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find:

    Windows XP-SP2 FW

    Right click and choose "Properties".
    On the "General" tab under "Service Status" click the "Stop" button to stop the service.
    Beside "Startup Type" in the dropdown menu select "Disabled".
    Click Apply then OK.
    Exit the Services utility.

    Note: You may get an error here when trying to access the properties of the service.
    If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

    In Hijack This, click on the "Open Misc Tools section" button.
    Next click the "Delete an NT service" button.
    Copy and paste the following in that box:

    XP-P2FWD

    Click OK.

    Reboot, post new log.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 7.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-1_5_0_07-windowsi586-p.exe to install the newest version.
     
  14. Ophidian

    Ophidian Thread Starter

    Joined:
    Jul 14, 2001
    Messages:
    119
    Logfile of HijackThis v1.99.1
    Scan saved at 9:27:38 PM, on 8/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\SM1BG.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Program Files\Common Files\AOL\1130894603\ee\AOLServiceHost.exe
    C:\Clean up Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130894603\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How are things now?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491380

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice