1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WinAntiVirus Pro 2007 Removal

Discussion in 'Virus & Other Malware Removal' started by doubleg206, Sep 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Please help, my computer has been infected with WinAntiVirus. Have run SpySweeper and McAfee with no luck. I have included my Hijack this file below. Any assistance on this matter will be greatly appreciated. Thanks!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:26:36 PM, on 9/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {000DFE19-576D-411C-9E8A-093C45C92C22} - C:\WINDOWS\system32\pmkhi.dll
    O2 - BHO: 0 - {040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0} - C:\Program Files\Online Services\lawuhet581.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)
    O2 - BHO: MSVPS System - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - C:\WINDOWS\nsduo.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185328051687
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: msmdev - {31C25F96-4A5B-4F01-8961-8C3D776D8F24} - C:\WINDOWS\msmdev.dll
    O21 - SSODL: msmhost - {6169B3C0-CD5F-4414-B89F-8739ADD758C7} - C:\WINDOWS\msmhost.dll
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kykeiyol.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have multiple problems - Do ALL of the following


    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    =====================

    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt – Even if it does not find anything.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  3. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Thank you for your assistance.....:)

    Please find below the SDfix and the Hijack this log. I am running vundofix as we speak.


    SDFix: Version 1.104

    Run by netty on Sat 09/15/2007 at 10:08 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    DomainService
    Network Monitor

    ImagePath:
    C:\WINDOWS\system32\kykeiyol.exe /service
    C:\Program Files\Network Monitor\netmon.exe service

    DomainService - Deleted
    Network Monitor - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default HomePage
    Restoring Default Desktop Components Value
    Restoring Missing Security Center Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\netty\Desktop\Error Cleaner.url - Deleted
    C:\Documents and Settings\netty\Favorites\Error Cleaner.url - Deleted
    C:\Documents and Settings\netty\Desktop\Privacy Protector.url - Deleted
    C:\Documents and Settings\netty\Favorites\Privacy Protector.url - Deleted
    C:\Documents and Settings\netty\Desktop\Spyware&Malware Protection.url - Deleted
    C:\Documents and Settings\netty\Favorites\Spyware&Malware Protection.url - Deleted
    C:\WINDOWS\privacy_danger\index.htm - Deleted
    C:\Program Files\InetGet2\WinTouchInstaller_channel1.exe.lzma - Deleted
    C:\Program Files\VideoAccessCodec\install.ico - Deleted
    C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
    C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted
    C:\WINDOWS\b128.exe - Deleted
    C:\WINDOWS\b138.exe - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\main_uninstaller.exe - Deleted
    C:\WINDOWS\msmdev.dll - Deleted
    C:\WINDOWS\msmhost.dll - Deleted
    C:\WINDOWS\nsduo.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\system32KBRunOnce2.tm_ - Deleted
    C:\WINDOWS\system32KBRunOnce2.t__ - Deleted
    C:\WINDOWS\system32\delFSF.bat - Deleted
    C:\WINDOWS\system32\KBRunOnce2.t__ - Deleted


    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\VideoAccessCodec - Removed
    Folder C:\Temp\fse - Removed
    Folder C:\WINDOWS\privacy_danger - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------


    Rootkit Srizbi/Agent.EA Registry Value Detected, Use a Rootkit scanner !

    catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-15 10:14:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden files ...

    C:\WINDOWS\system32\drivers\Nxlb54.sys
    C:\WINDOWS\system32\drivers\symavc32.sys

    scan completed successfully
    hidden files: 2


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\DOCUME~1\\netty\\LOCALS~1\\Temp\\0.exe"="C:\\DOCUME~1\\netty\\LOCALS~1\\Temp\\0.exe:*:Enabled:Enabled"
    "C:\\WINDOWS\\system32\\kykeiyol.exe"="C:\\WINDOWS\\system32\\kyk"
    "C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"="C:\\Program Files\\McAfee\\MWL\\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\ihkmp.tmp

    Finished!


    Hijack This Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:18:32 AM, on 9/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\SDFix\SDFix\catchme.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: 0 - {040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0} - C:\Program Files\Online Services\lawuhet581.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {0ADCB677-9390-4C6C-AE6D-FCD7EC341F5A} - C:\WINDOWS\system32\pmkhi.dll
    O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185328051687
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    keep going - do it ALL
     
  5. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Here are the results after running vundofix:


    VundoFix V6.5.8

    Checking Java version...

    Sun Java not detected
    Scan started at 10:49:24 AM 9/15/2007

    Listing files found while scanning....

    No infected files were found.


    Now running Superantispyware.....will let know the results.
     
  6. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Here is the Superantispyware and the final Hijack this log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/15/2007 at 10:59 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3143
    Trace Rules Database Version: 1159

    Scan type : Complete Scan
    Total Scan Time : 00:03:21

    Memory items scanned : 352
    Memory threats detected : 0
    Registry items scanned : 3115
    Registry threats detected : 0
    File items scanned : 745
    File threats detected : 0

    ---------------------------------------------------------------
    ----------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:53 AM, on 9/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\PROGRA~1\mcafee\msc\mcshell.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    C:\Program Files\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: 0 - {040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0} - C:\Program Files\Online Services\lawuhet581.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)
    O2 - BHO: (no name) - {6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188} - C:\WINDOWS\SYSTEM32\PMKHI.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185328051687
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go back and re-read the SuperAnti instructions

    File items scanned : 745 - you have way more files than that
     
  8. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Not sure what happened the first time, but here are the new logs for SuperAntiSpyware and Hijack this:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/15/2007 at 12:15 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:33:34

    Memory items scanned : 366
    Memory threats detected : 1
    Registry items scanned : 3116
    Registry threats detected : 64
    File items scanned : 28855
    File threats detected : 85

    Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\PMKHI.DLL
    C:\WINDOWS\SYSTEM32\PMKHI.DLL
    HKLM\Software\Classes\CLSID\{6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188}
    HKCR\CLSID\{6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188}
    HKCR\CLSID\{6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188}\InprocServer32
    HKCR\CLSID\{6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E7DB598-BE4D-4BD9-AAD8-DB1193DF3188}

    Trojan.ZQuest
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0}
    HKCR\CLSID\{040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0}
    HKCR\CLSID\{040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0}\InProcServer32
    HKCR\CLSID\{040F297C-2BF2-4DAA-B9BC-C776F1AE1CC0}\InProcServer32#ThreadingModel
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET581.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET257.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET381.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET396.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET458.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET696.DLL
    C:\PROGRAM FILES\ONLINE SERVICES\LAWUHET843.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][3].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected];wi.728;hi[1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][4].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][4].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt
    C:\Documents and Settings\netty\Cookies\[email protected][2].txt
    C:\Documents and Settings\netty\Cookies\[email protected][1].txt

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKCR\AntiVirusCOM.AVOfficeProtect.1
    HKCR\AntiVirusCOM.AVOfficeProtect.1\CLSID
    HKCR\WinPGIntegrator.IEIntegrator.1
    HKCR\WinPGIntegrator.IEIntegrator.1\CLSID
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid32
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib#Version
    HKCR\AppId\WinPGI.DLL
    HKCR\AppId\WinPGI.DLL#AppID
    HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
    HKCR\IEFWBHO.IEFW.2
    HKCR\IEFWBHO.IEFW.2\CLSID
    HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}
    HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid
    HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32
    HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib
    HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll [  ]
    C:\WINDOWS\system32\av.cpl
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\avtasks.dat
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\CookieList.dat
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\history.db
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\Logs\update.log
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\Logs
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007\PGE.dat
    C:\Documents and Settings\netty\Application Data\WinAntiVirus Pro 2007
    C:\UWA7P\Quar
    C:\WINDOWS\..\UWA7P

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

    Trojan.VideoCach/Gen
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Control
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32#ThreadingModel
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus\1
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ProgID
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ToolboxBitmap32
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\TypeLib
    HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Version
    HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}
    HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}\InprocServer32
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0\win32
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\FLAGS
    HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\HELPDIR
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid32
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib
    HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib#Version
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid32
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib
    HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib#Version

    Adware.k8l
    C:\PROGRAM FILES\ONLINE SERVICES\PROGYVAN.HTML

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

    Trojan.Downloader-Gen/Doh
    C:\WINDOWS\CROSOF~1\CROSOF~1\DOHINST-103.0000

    Adware.Yazzle/Outer Info-Installer
    C:\WINDOWS\CROSOF~1\CROSOF~1\SETAR-101.0000

    ----------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 12:22:50 PM, on 9/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185328051687
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Much better!!

    Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)



    How are things??
     
  10. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    computer is running much better....thanks!!!! do you want me to run a another hijack file???
     
  11. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    here is the latest hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:46:54 PM, on 9/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HijackThis\analyse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185328051687
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  13. doubleg206

    doubleg206 Thread Starter

    Joined:
    Sep 14, 2007
    Messages:
    8
    Thank very much!!!!!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/624172

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice