1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: iworm_attck_v122.02a

Discussion in 'Virus & Other Malware Removal' started by james2523, Aug 4, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    this message keeps poping up on my computer saying that i have iworm_attck_v122.02a internet trojan. How do i get rid of it?
    heres my hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:31:36 PM, on 8/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\bcmntray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\AOL\1150599639\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\CoolMon\CoolMon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32\cool.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\IntCodec\isamonitor.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\Program Files\IntCodec\isamini.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150599639\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137968605125
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
     
  2. SouthParkXP101

    SouthParkXP101 Banned

    Joined:
    Jun 1, 2006
    Messages:
    7,107
    i reccomend you go here www.grisoft.com
    download thetrial of ewidoantispyware and run a scan and let ewido fix what it finds

    might help
     
  3. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    ill try that.
     
  4. SouthParkXP101

    SouthParkXP101 Banned

    Joined:
    Jun 1, 2006
    Messages:
    7,107
    ok its worth it ewido is a good program
     
  5. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:41:05 AM 8/5/2006

    + Scan result:



    HKU\S-1-5-21-3706950157-2154836867-1987978861-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    HKU\S-1-5-21-3706950157-2154836867-1987978861-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B8AEBC96-4A8A-46E8-8595-E090E3\FE80D6F4-AF48-4D1E-8197-D49AEA -> Adware.NewDotNet : No action taken.
    C:\Program Files\Microsoft AntiSpyware\Quarantine\E26BCC63-FF1A-4AA6-A817-8C0AFD\E53F1944-D6F5-4CE0-99FC-DA260F -> Adware.NewDotNet : No action taken.
    C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : No action taken.
    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
    C:\Program Files\themexp\Themexp.org File\VVSNInst.exe -> Adware.SaveNow : No action taken.
    C:\WINDOWS\system32\efcddbx.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\system32\vtutu.dll -> Adware.Virtumonde : No action taken.
    C:\WINDOWS\system32\ishost.exe -> Downloader.Zlob.aby : No action taken.
    C:\WINDOWS\system32\ismon.exe -> Downloader.Zlob.yj : No action taken.
    C:\Documents and Settings\james\Desktop\virus program removers\SmileyCentralSetup2.0.4.18.exe -> Dropper.Small : No action taken.
    C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7CCA48F8-044D-459E-8CB0-244C92.asq -> Dropper.VB.lu : No action taken.
    C:\Documents and Settings\james\Local Settings\Temp\tmp6B.tmp -> Not-A-Virus.Hoax.Win32.Renos.dp : No action taken.
    :mozilla.325:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
    :mozilla.326:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
    :mozilla.125:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.316:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.317:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.318:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.319:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.107:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.108:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.109:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.110:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.111:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.112:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.113:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.157:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.165:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.166:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
    :mozilla.134:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.135:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.136:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.139:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.140:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.141:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.328:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.329:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.330:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\james\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.94:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.95:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.96:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.97:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.29:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.30:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.32:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.36:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.38:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.273:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.274:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.275:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.276:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.302:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.303:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.101:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.102:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.103:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.104:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.105:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.293:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.294:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.295:C:\Documents and Settings\james\Application Data\Mozilla\Firefox\Profiles\l7d4jraw.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    C:\Documents and Settings\james\Local Settings\Temporary Internet Files\Content.IE5\GZ0JK3AH\bgates[2].exe -> Trojan.Dialer.pz : No action taken.
    C:\Documents and Settings\james\Local Settings\Temporary Internet Files\Content.IE5\GZ0JK3AH\srvlyd[1].exe -> Trojan.Dialer.qs : No action taken.
    C:\Documents and Settings\james\Local Settings\Temporary Internet Files\Content.IE5\WR4TI189\srvvti[1].exe -> Trojan.Dialer.qs : No action taken.
    C:\WINDOWS\system32\__delete_on_reboot__c_o_o_l_._e_x_e_ -> Trojan.Dialer.qs : No action taken.
    C:\Documents and Settings\james\Local Settings\Temporary Internet Files\Content.IE5\6GZI1BUD\srvmct[1].exe -> Trojan.Pakes : No action taken.
    C:\Documents and Settings\james\Local Settings\Temporary Internet Files\Content.IE5\I183GZUJ\srvsnf[1].exe -> Trojan.Pakes : No action taken.
    C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_1_4_F_._t_m_p_._e_x_e_ -> Trojan.Pakes : No action taken.
    C:\WINDOWS\Temp\win3F2.tmp.exe -> Trojan.Pakes : No action taken.
    C:\WINDOWS\Temp\win403.tmp.exe -> Trojan.Pakes : No action taken.


    ::Report end

    now what do i do? in the scan portion of ewido there are threats what should i do to them quarantine and delete?
     
  6. SouthParkXP101

    SouthParkXP101 Banned

    Joined:
    Jun 1, 2006
    Messages:
    7,107
    your not letting it fix whta it finds please do this

    go to the scanner icon then click setting and set How to act to to reccomended action

    run a scan again and post it here
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do this first

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
    =================================
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
    ============================


    · Clickon scanner
    · then select the "Settings" tab.
    · Once in the Settings screen click on "Recommended actions" and then select "Delete".
    · Under "Reports"
    · Select "Automatically generate report after every scan"
    · Un-Select "Only if threats were found"
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive

    Post the log and a new hijack log
     
  8. SouthParkXP101

    SouthParkXP101 Banned

    Joined:
    Jun 1, 2006
    Messages:
    7,107
    yes listen to mfd he is mre experienced with secruity than i am (y)
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706

    Good idea (y) That is why we folks, me included, leave the logs to those who study them every day. When there are 3 and 4 posts to security threads, it is assumed that people are receiving good help, and one of the pros may not step in right away ;)
     
  10. SouthParkXP101

    SouthParkXP101 Banned

    Joined:
    Jun 1, 2006
    Messages:
    7,107
  11. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    ok ill do what mfdnsc said and post back.
     
  12. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    heres the hijackthis log and rapport.

    SmitFraudFix v2.79

    Scan done at 12:27:02.23, Sat 08/05/2006
    Run from C:\Documents and Settings\james\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\viruxz.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\ishost.exe Deleted
    C:\WINDOWS\system32\ismon.exe Deleted
    C:\Program Files\IntCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:52 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\bcmntray.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\AOL\1150599639\ee\AOLSoftware.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\CoolMon\CoolMon.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis_199\HijackThis.exe

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150599639\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137968605125
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Did you run Vundo and Ewido where it delete what it found????

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS

    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe


    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\PROGRA~1\MYWEBS~1

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  14. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    sorry frogot to do the vundo but i will, do i do vundo in safe mode?
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You must have gotten the EWido report before you did the clean actions

    Run Ewido again and post its log and a new hijack log - make sure you do the fixes I outlined

    How is the system now?????????
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489506

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice