1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Trojans found please check logs

Discussion in 'Virus & Other Malware Removal' started by msbatt2, Aug 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. msbatt2

    msbatt2 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    88
    Was playing game on pogo.com and it closed out on me. Said there wasn't enough memory. I've played this site since February and this is a first. I ran adaware, spybot, windows anti-virus and nothing found. Opened task mgr. and when I'm online my CPU usage in IEXPLORE.EXE was running at 100% sporadically. I decided to ewido online scan and it found several trojan downloaders but before I could do any fix internet explorer closed on me. I then disabled microsofts anti-virus and downloaded AVG and ran scan it also found these trojans but reported it couldn't heal, delete or quarantine them. Removed AVG and downloaded Ewido to computer and ran scan and it showed trojans also. It let me quarantine them but it said it was embedded and I would have to quarantine the whole archive file. Here is ewido report and HJT log, if you would look over for me and advise. Is windows anti-virus useless or does it not recognize trojans?

    Logfile of HijackThis v1.99.1
    Scan saved at 9:27:46 PM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\Margie\My Documents\security\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SaveWealth
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com/
    O15 - Trusted Zone: *.pogo
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/omaha/omaha-en_US.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.5.1.24/aces/aces-en_US.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.5.1.24/slots/alibaba-en_US.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.7.1.33/backgammon/backgammon-en_US.cab
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.5.3.37/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.5.2.26/roulette/roulette-en_US.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.5.3.37/blackjack/blackjack-en_US.cab
    O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.7.1.33/cascade/cascade-en_US.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.7.1.33/videoblackjack/videoblackjack-en_US.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.4.34/canasta/canasta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.2.33/checkers2/checkers-en_US.cab
    O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.2.24/ytz/ytz-en_US.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.7.1.23/checkeredflag/checkeredflag-en_US.cab
    O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/doubledeuce-en_US.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab
    O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.2.33/bingo/bingoe-en_US.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.29/firstclass2/firstclass2-en_US.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.3.44/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.5.3.37/harvest/harvest-en_US.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.2.26/hearts/hearts-en_US.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/drawpoker/drawpoker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.5.3.37/pool2/pool-en_US.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.1.33/jigsaw/jigsaw-en_US.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/jokerswild-en_US.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.3.37/gin/gin-en_US.cab
    O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.2.26/keno/keno-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.2.24/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.1.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.4.34/mahjong/mahjong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.33/mlslots/mlslots-en_US.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.5.2.26/paigow/paigow-en_US.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.3.44/freecell/freecell-en_US.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.24/penguins/penguins-en_US.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/waterwheel/waterwheel-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.1.33/flinger/flinger-en_US.cab
    O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.5.3.37/piratesgold/piratesgold-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.5.3.37/popfu/popfu-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/poppazoppa/poppazoppa-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.1.33/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.3.37/hotstreak/hotstreak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.3.37/squares/squares-en_US.cab
    O16 - DPF: Ricochet by pogo - http://game1.pogo.com/applet-6.5.3.37/ricochet/ricochet-en_US.cab
    O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.37/ride/ride-en_US.cab
    O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.5.2.26/slots/scifi-en_US.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.5.3.37/slots/showbiz2-en_US.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.5.2.26/slots/showbiz-en_US.cab
    O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.1.23/puck/puck-en_US.cab
    O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.4.27/spades2/spades2-en_US.cab
    O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.3.37/spades/spades-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.37/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.3.44/squelchies/squelchies-en_US.cab
    O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.3.44/stax/stax-en_US.cab
    O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.2.24/sweeper/sweeper-en_US.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.5.2.26/sweettooth/sweettooth-en_US.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.4.29/holdem/holdem-en_US.cab
    O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.5.3.37/simball/simball-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.4.27/peaks/peaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.37/jumbee/jumbee-en_US.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.5.2.33/turbo21/turbo21-en_US.cab
    O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/videopoker-en_US.cab
    O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.5.2.33/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.5.1.24/whackdown/whackdown-en_US.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.5.0.45/wordjong/wordjong-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.fastaccesstools.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://aol.skilljam.com/ssp/SkillJamLoader.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/0.8.0794.38/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123855798609
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Fix-It Task Manager - Unknown owner - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: TrackingCookie.Statcounter
    Path: C:\Documents and Settings\Margie\Cookies\[email protected][2].txt
    Risk: Medium

    Name: Trojan.Agent.qe
    Path: C:\WINDOWS\system32\jdjiozkd.hcc
    Risk: High

    Name: Trojan.NSAnti.A
    Path: C:\WINDOWS\system32\A Secret.scr
    Risk: High

    Name: Not-A-Virus.Hoax.Win32.Renos.du
    Path: C:\WINDOWS\system32\vwlummc.dll
    Risk: Low

    Name: Not-A-Virus.Hoax.Win32.Renos.ec
    Path: C:\Documents and Settings\Jeremy\Local Settings\Temp\tmp9.tmp
    Risk: Low

    Name: TrackingCookie.Wegcash
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Masterstats
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Starware
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Yadro
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Starware
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Yieldmanager
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Overture
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Specificclick
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.2o7
    Path: C:\Documents and Settings\Jeremy\Cookies\[email protected][1].txt
    Risk: Medium

    Name: Adware.180Solutions
    Path: C:\Documents and Settings\Margie\Local Settings\Temp\ICD1.tmp\SAIX.dll
    Risk: Medium

    Name: TrackingCookie.Burstnet
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Burstbeacon
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Esomniture
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Esomniture
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Esomniture
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Esomniture
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Esomniture
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Burstnet
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Aavalue
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][2].txt
    Risk: Medium

    Name: TrackingCookie.Aavalue
    Path: C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.2o7
    Path: C:\Documents and Settings\Madison\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Doubleclick
    Path: C:\Documents and Settings\Madison\Cookies\[email protected][1].txt
    Risk: Medium

    Name: TrackingCookie.Tacoda
    Path: C:\Documents and Settings\Madison\Cookies\[email protected][1].txt
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018018.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018018.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018359.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018359.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018423.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0018423.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019601.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019601.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019640.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019640.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019960.exe/uninstall.exe
    Risk: Medium

    Name: Adware.VMN
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP149\A0019960.exe/uninstall.exe
    Risk: Medium

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027644.exe
    Risk: High

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027645.exe
    Risk: High

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027648.exe
    Risk: High

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027649.exe
    Risk: High

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027650.exe
    Risk: High

    Name: Downloader.Zlob.acy
    Path: C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027651.dll
    Risk: High
     
  2. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    You already have Ewido installed, so you can scan with it offline.. Let''s use it:

    You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

    =====================================

    Update Ewido Anti-Malware
    • Open Ewido Anti-Spyware.
    • On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed close Ewido.
    =====================================

    Download ATF Cleaner
    • Save it to your Desktop.
    • Do not run it yet. We will use this later.
    =====================================

    Reboot into Safe Mode
    • Restart your computer.
    • Before the Windows logo appear, tap F8 repeatedly.
    • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
    • This will take a while than usual, so just wait.
    =====================================

    Run ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    If you use Firefox browser, do this also:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser, do this also:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    =====================================

    Run Ewido Anti-Spyware
    • Please close all Windows, Programs or Browsers.
    • Open Ewido.
    • Click on Scanner
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When scan has finished, at bottom of the screen click Apply all Actions.
    • Click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    =====================================

    Restart your computer

    =====================================

    In your next reply, please include these log(s):
    • HijackThis log (new)
    • Ewido
     
  3. msbatt2

    msbatt2 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    88
    Ran scans as you requested, here are the new logs, thank you so much for checking this for me, I appreciate it very much!

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:44:05 PM 8/11/2006

    + Scan result:



    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027644.exe -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027645.exe -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027648.exe -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027649.exe -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027650.exe -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP220\A0027651.dll -> Downloader.Zlob.acy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{48902E0E-A43B-4F4B-9B64-33A54D5DA0D9}\RP254\A0028802.dll -> Not-A-Virus.Hoax.Win32.Renos.du : Ignored.


    ::Report end


    Logfile of HijackThis v1.99.1
    Scan saved at 1:51:16 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Margie\My Documents\security\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SaveWealth
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com/
    O15 - Trusted Zone: *.pogo
    O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.5.3.37/omaha/omaha-en_US.cab
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.5.1.24/aces/aces-en_US.cab
    O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.5.1.24/slots/alibaba-en_US.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.7.1.33/backgammon/backgammon-en_US.cab
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.5.3.37/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.5.2.26/roulette/roulette-en_US.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.5.3.37/blackjack/blackjack-en_US.cab
    O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.7.1.33/cascade/cascade-en_US.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.7.1.33/videoblackjack/videoblackjack-en_US.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.5.4.34/canasta/canasta-en_US.cab
    O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.2.33/checkers2/checkers-en_US.cab
    O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.2.24/ytz/ytz-en_US.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.7.1.23/checkeredflag/checkeredflag-en_US.cab
    O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/doubledeuce-en_US.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab
    O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.5.2.33/bingo/bingoe-en_US.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.4.29/firstclass2/firstclass2-en_US.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.3.44/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.5.3.37/harvest/harvest-en_US.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.5.2.26/hearts/hearts-en_US.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/drawpoker/drawpoker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.5.3.37/pool2/pool-en_US.cab
    O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.1.33/jigsaw/jigsaw-en_US.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/jokerswild-en_US.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.3.37/gin/gin-en_US.cab
    O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.5.2.26/keno/keno-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.7.2.24/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.7.1.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.4.34/mahjong/mahjong-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.33/mlslots/mlslots-en_US.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.5.2.26/paigow/paigow-en_US.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.5.3.44/freecell/freecell-en_US.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.24/penguins/penguins-en_US.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.44/waterwheel/waterwheel-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.7.1.33/flinger/flinger-en_US.cab
    O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.5.3.37/piratesgold/piratesgold-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.5.3.37/popfu/popfu-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/poppazoppa/poppazoppa-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.1.33/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.3.37/hotstreak/hotstreak-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.3.37/squares/squares-en_US.cab
    O16 - DPF: Ricochet by pogo - http://game1.pogo.com/applet-6.5.3.37/ricochet/ricochet-en_US.cab
    O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.3.37/ride/ride-en_US.cab
    O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.5.2.26/slots/scifi-en_US.cab
    O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.5.3.37/slots/showbiz2-en_US.cab
    O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.5.2.26/slots/showbiz-en_US.cab
    O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.1.23/puck/puck-en_US.cab
    O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.4.27/spades2/spades2-en_US.cab
    O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.3.37/spades/spades-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.5.3.37/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.3.44/squelchies/squelchies-en_US.cab
    O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.3.44/stax/stax-en_US.cab
    O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.7.2.24/sweeper/sweeper-en_US.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.5.2.26/sweettooth/sweettooth-en_US.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.4.29/holdem/holdem-en_US.cab
    O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.5.3.37/simball/simball-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.4.27/peaks/peaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.5.3.37/jumbee/jumbee-en_US.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.5.2.33/turbo21/turbo21-en_US.cab
    O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.5.3.44/videopoker2/videopoker-en_US.cab
    O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.5.2.33/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.5.1.24/whackdown/whackdown-en_US.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.5.0.45/wordjong/wordjong-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.fastaccesstools.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} (SkillJamLoader Class) - http://aol.skilljam.com/ssp/SkillJamLoader.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/0.8.0794.38/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123855798609
    O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
    O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2918.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Fix-It Task Manager - Unknown owner - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
     
  4. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    It just found some infected system restore points.. Let's empty it.

    Clear & Reset System Restore's Cache
    • Click Start » Run » type: control sysdm.cpl,,4 » OK
    • Tick on the checkbox - Turn off System Restore on all drives.
    • Click Apply.
    • Then tick the checkbox again to turn on System Restore.
    • Click Apply, then OK.
    ==

    Other than that, your log looks clean.. Do you still have other problems? :)
     
  5. msbatt2

    msbatt2 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    88
    Thank you so much for your help. Everything sems to be doing ok so. I do have 2 boys ages 21 and 26 who are limited users but they still manage to change the internet security changes I keep setting for them is there a way to block them from changing internet explorer settings?
     
  6. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    Glad to hear that. :)

    About the security settings, yes they can change that even if they're just limited users. But, you can try this :

    Open IE > Internet Options > Content [tab] > Content Advisor > Enable.
    From here, you can block sites, set approved sites, etc..
    You can also set a password for it so you're the only who can access it:

    Open Content Advisor again and then click the General [tab].
    Under "Supervisor Password", click "Create Password".
    After that, click OK. Next time Content Advisor will be open, you'll be asked for the password. :)
     
  7. msbatt2

    msbatt2 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    88
    Thanks so much jag, you've been a big help. Definitly the best site to donate to. You all are GREAT!!!(y)
     
  8. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    It's my pleasure msbatt2! :)

    Now that you're clean, please follow these simple steps in order to keep your computer clean and secure:

    1.) Re-Hide System Files and Folders:
    • Click Start
    • Open My Computer
    • Select the Tools menu and click Folder Options
    • Select the View tab
    • Deselect the Show hidden files and folders option
    • Select the Hide protected operating system files option
    • Click Yes to confirm
    • Click OK
    2.) Reset and Re-enable your System Restore

    We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    • Click Start » Run » ( type: SYSDM.CPL ) » OK
    • Click the System Restore tab.
    • Check - Turn off System Restore.
    • Click Apply.
    • Uncheck - Turn off System Restore.
    • Click OK.
    You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.
    • Go to Start » All Programs » Accessories » System Tools, and select System Restore
    • In the System Restore prompt, select: Create a restore point
    • Click Next
    • Give a description to the new Restore Point. (Something like: Clean PC)
    • Click Create
    • Then close the window
    3.) How to Prevent Re-Infection

    Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    • Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools » Windows Update, and follow the online instructions from there.
    • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    • Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
    • Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
      Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491300

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice