Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System Tray Balloon

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

System Tray Balloon

Unread postby Rblund » July 9th, 2006, 11:49 am

Hi - I got something which turned my desktop black and installed a balloon in my system tray. I think its the Smitfraud thing - Spybot seems to have sorted out the desktop but I still have the balloon popping up.

Would be grateful for advice on how I can get rid of this thing completely. I have hunted around the board and appreciate that you have probably answered this a few times over - hijack this log below:

Logfile of HijackThis v1.99.1
Scan saved at 16:41:50, on 09/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5ABC27A2-6A0F-0981-F15C-E4C5A620A85A} - C:\WINDOWS\mtimp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire
Advertisement
Register to Remove

Unread postby agrarianmonk » July 9th, 2006, 11:58 am

Hi,

Welcome to MWR.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/down ... fault.mspx
Apply the update, reboot, and post a fresh Hijack This log.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

SP1a Updated

Unread postby Rblund » July 9th, 2006, 6:10 pm

Thanks for the response - SP1a installed - new hijack log below:

Logfile of HijackThis v1.99.1
Scan saved at 23:08:09, on 09/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Windows\xpupdate.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\update\update.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5ABC27A2-6A0F-0981-F15C-E4C5A620A85A} - C:\WINDOWS\mtimp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2477129810
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Unread postby agrarianmonk » July 9th, 2006, 6:38 pm

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post:
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
  4. panda log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Update

Unread postby Rblund » July 13th, 2006, 5:09 am

Please find below:

RAPPORT.TXT

SmitFraudFix v2.68b

Scan done at 8:52:10.28, 13/07/2006
Run from C:\Documents and Settings\Bolly\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\xpupdate.exe Deleted
C:\Documents and Settings\Bolly\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

EWIDO LOG

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:30:23 13/07/2006

+ Scan result:



C:\Documents and Settings\Isabel\Cookies\isabel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Isabel\Cookies\isabel@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Isabel\Cookies\isabel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Brogan\Cookies\brogan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Emma\Cookies\emma@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

Separate post to follow for new Hijack This log and Panda Scan.....
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Panda & hijack

Unread postby Rblund » July 13th, 2006, 5:16 am

Please find below:

Panda Scan


Incident Status Location

Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected Windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected Windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry
Adware:adware/mytoolbar Not disinfected Windows Registry
Adware:adware/cws.ezsearch Not disinfected Windows Registry
Adware:adware/ipend Not disinfected Windows Registry
Adware:adware/pigsearch Not disinfected Windows Registry
Adware:adware/securitytoolbar Not disinfected Windows Registry
Adware:adware/sweetbar Not disinfected Windows Registry
Adware:adware/videoc Not disinfected Windows Registry
Adware:adware/spyaxe Not disinfected Windows Registry
Adware:adware/falkag Not disinfected Windows Registry
Adware:adware/zeropopup Not disinfected Windows Registry
Adware:adware/webext Not disinfected Windows Registry
Adware:adware/bdnl Not disinfected Windows Registry
Adware:adware/masterbar Not disinfected Windows Registry
Adware:adware/ist.csearch Not disinfected Windows Registry
Adware:adware/cramtoolbar Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/cashsaver Not disinfected Windows Registry
Adware:adware/bonzibuddy Not disinfected Windows Registry
Adware:adware/blowsearch Not disinfected Windows Registry
Adware:adware/affilred Not disinfected Windows Registry
Adware:adware/adultlinks Not disinfected Windows Registry
Adware:adware/adservernow Not disinfected Windows Registry
Adware:adware/adbars Not disinfected Windows Registry
Adware:adware/cashdeluxe Not disinfected Windows Registry
Potentially unwanted tool:application/errorguard Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
Adware:adware/mpgcom Not disinfected Windows Registry
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/morwillsearch Not disinfected Windows Registry
Adware:adware/infocrawler Not disinfected Windows Registry
Adware:adware/adcom Not disinfected Windows Registry
Adware:adware/easyerror Not disinfected Windows Registry
Adware:adware/weblookup Not disinfected Windows Registry
Adware:adware/customtoolbar Not disinfected Windows Registry
Dialer:dialer.dkf Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
Adware:adware/quickbar Not disinfected Windows Registry
Dialer:dialer.dji Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}
Dialer:dialer.dip Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}
Adware:adware/2search Not disinfected Windows Registry
Adware:adware/upspiralbar Not disinfected Windows Registry
Adware:adware/uppcbar Not disinfected Windows Registry
Adware:adware/5-search Not disinfected Windows Registry
Adware:adware/bondreal Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Potentially unwanted tool:application/winfixer2005 Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
Adware:adware/securityerror Not disinfected Windows Registry
Adware:adware/mediaplex Not disinfected Windows Registry
Adware:adware/favadd Not disinfected Windows Registry
Adware:adware/windrv Not disinfected Windows Registry
Adware:adware/ddos Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/mariasearch Not disinfected Windows Registry
Adware:adware/ieplus Not disinfected Windows Registry
Adware:adware/bestsearchengine Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/cws.customie Not disinfected Windows Registry
Adware:adware/block-checker Not disinfected Windows Registry
Dialer:dialer.cso Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC36767-3FCC-4948-8A13-703F887A3E87}
Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/thingies Not disinfected Windows Registry
Adware:adware/spyblast Not disinfected Windows Registry
Adware:adware/enhsrch Not disinfected Windows Registry
Adware:adware/riversoft Not disinfected Windows Registry
Adware:adware/invisiblepop Not disinfected Windows Registry
Adware:adware/henbang Not disinfected Windows Registry
Adware:adware/stripplayer Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/appoli Not disinfected Windows Registry
Adware:adware/bdsearch Not disinfected Windows Registry
Adware:adware/gxb Not disinfected Windows Registry
Adware:adware/veevo Not disinfected Windows Registry
Dialer:dialer.bnz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}
Adware:adware/searchexplorer Not disinfected Windows Registry
Dialer:dialer.bmt Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8512B008-B0AA-451F-A744-A289FD8FFDE6}
Adware:adware/popupdefence Not disinfected Windows Registry
Adware:adware/seekseek Not disinfected Windows Registry
Adware:adware/winres Not disinfected Windows Registry
Dialer:dialer.bkj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}
Adware:adware/browserplugin Not disinfected Windows Registry
Adware:adware/clicker.b Not disinfected Windows Registry
Adware:adware/surfplugin Not disinfected Windows Registry
Adware:adware/consumeralertsystem Not disinfected Windows Registry
Adware:adware/afaenhance Not disinfected Windows Registry
Adware:adware/seeqbar Not disinfected Windows Registry
Adware:adware/alibabar Not disinfected Windows Registry
Adware:adware/dudu Not disinfected Windows Registry
Adware:adware/hoonter Not disinfected Windows Registry
Adware:adware/ietoolbar Not disinfected Windows Registry
Adware:adware/psguard Not disinfected Windows Registry
Adware:adware/oemji Not disinfected Windows Registry
Adware:adware/winstat Not disinfected Windows Registry
Adware:adware/diytoolbar Not disinfected Windows Registry
Adware:adware/moneygainer Not disinfected Windows Registry
Adware:adware/weirdontheweb Not disinfected Windows Registry
Adware:adware/antivirus-gold Not disinfected Windows Registry
Adware:adware/kz515 Not disinfected Windows Registry
Adware:adware/miamore Not disinfected Windows Registry
Dialer:dialer.cbz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}
Adware:adware/g-search Not disinfected Windows Registry
Adware:adware/bigtrafficnet Not disinfected Windows Registry
Adware:adware/maxifiles Not disinfected Windows Registry
Spyware:spyware/lefeat Not disinfected Windows Registry
Adware:adware/craft Not disinfected Windows Registry
Adware:adware/aurora Not disinfected Windows Registry
Adware:adware/digitalnames Not disinfected Windows Registry
Adware:adware/redbanner Not disinfected Windows Registry
Adware:adware/coolsavings Not disinfected Windows Registry
Adware:adware/richfind Not disinfected Windows Registry
Adware:adware/ctxpopup Not disinfected Windows Registry
Adware:adware/stickypops Not disinfected Windows Registry
Adware:adware/startpage.wl Not disinfected Windows Registry
Adware:adware/startpage.wh Not disinfected Windows Registry
Adware:adware/wazzup Not disinfected Windows Registry
Adware:adware/imgiant Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{630D6140-04C5-4db0-B27A-020D766FF09B}
Adware:adware/ezcybersearch Not disinfected Windows Registry
Adware:adware/advertor Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Adware:adware/xmllib Not disinfected Windows Registry
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

remaining panda..

Unread postby Rblund » July 13th, 2006, 5:20 am

Sorry...should have previewed first.

Panda continued...

Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Adware:adware/mbkwbar Not disinfected Windows Registry
Adware:adware/virmaid Not disinfected Windows Registry
Adware:adware/startpage.acd Not disinfected Windows Registry
Adware:adware/popuper Not disinfected Windows Registry
Adware:adware/premiumsearch Not disinfected Windows Registry
Adware:adware/mshtmpre Not disinfected Windows Registry
Adware:adware/nowfind Not disinfected Windows Registry
Adware:adware/startpage.abr Not disinfected Windows Registry
Adware:adware/bluescreenwarning Not disinfected Windows Registry
Dialer:dialer.avv Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600F23ED-5F29-49FF-1678-0E780F1A0814}
Adware:adware/d9x Not disinfected Windows Registry
Adware:adware/startpage.aai Not disinfected Windows Registry
Adware:adware/iebar Not disinfected Windows Registry
Potentially unwanted tool:application/eblaster Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
Adware:adware/startpage.aaf Not disinfected Windows Registry
Spyware:spyware/way4find Not disinfected Windows Registry
Adware:adware/abox Not disinfected Windows Registry
Adware:adware/admess Not disinfected Windows Registry
Adware:adware/startpage.kc Not disinfected Windows Registry
Adware:adware/gogotools Not disinfected Windows Registry
Dialer:dialer.asl Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042EEA26-2402-4E5A-B5BB-0FB445A5526E}
Adware:adware/77ttt Not disinfected Windows Registry
Adware:adware/hotoffers Not disinfected Windows Registry
Adware:adware/mediaback Not disinfected Windows Registry
Adware:adware/iguard Not disinfected Windows Registry
Adware:adware/topspyware Not disinfected Windows Registry
Adware:adware/adultlt Not disinfected Windows Registry
Adware:adware/adsmart Not disinfected Windows Registry
Adware:adware/searchforit Not disinfected Windows Registry
Adware:adware/pacimedia Not disinfected Windows Registry
Adware:adware/gatorclone Not disinfected Windows Registry
Adware:adware/popularsearches Not disinfected Windows Registry
Adware:adware/searcher Not disinfected Windows Registry
Adware:adware/navipromo Not disinfected Windows Registry
Potentially unwanted tool:application/iwon Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3001A8A6-2BE1-11D4-AEDE-0050DAC24E8F}
Adware:adware/abxsearch Not disinfected Windows Registry
Adware:adware/webdir Not disinfected Windows Registry
Dialer:dialer.ags Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A41C6220-6F42-4646-B119-FBE6F4D38E3C}
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/ipbill Not disinfected Windows Registry
Dialer:dialer.afa Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14051602-5C4E-11d6-916B-00E02964E8E3}
Adware:adware/winad Not disinfected Windows Registry
Dialer:dialer.adn Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02}
Dialer:dialer.adm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCDB34A6-C1A6-4C89-9526-E84A579A0EF7}
Adware:adware/delta Not disinfected Windows Registry
Adware:adware/coolsearchhome Not disinfected Windows Registry
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/clearsurfing Not disinfected Windows Registry
Adware:adware/toolbarins Not disinfected Windows Registry
Dialer:dialer.aas Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33331111-1111-1111-1111-622221193458}
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/iemenuextension Not disinfected Windows Registry
Adware:adware/otx Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Adware:adware/looksmart Not disinfected Windows Registry
Adware:adware/cws.nfo Not disinfected Windows Registry
Adware:adware/toolbarsimbar Not disinfected Windows Registry
Spyware:spyware/iehelp Not disinfected Windows Registry
Dialer:dialer.za Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6addbf-8227-4d36-ae46-116afbdafca0}
Dialer:dialer.yz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02C20140-76F8-4763-83D5-B660107B7A90}
Dialer:dialer.yy Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23273a1c-c870-43c4-a3e3-67dc98630ac6}
Dialer:dialer.yx Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB}
Adware:adware/commandertoolbar Not disinfected Windows Registry
Adware:adware/startpage.qh Not disinfected Windows Registry
Dialer:dialer.yc Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96b01a48-1317-4a87-91f7-10116f755705}
Spyware:spyware/linkreplacer Not disinfected Windows Registry
Adware:adware/cws.searchmeup Not disinfected Windows Registry
Adware:adware/esyndicate Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/findspy Not disinfected Windows Registry
Adware:adware/cleangetaway Not disinfected Windows Registry
Adware:adware/xrenoder Not disinfected Windows Registry
Adware:adware/mybhospy Not disinfected Windows Registry
Dialer:dialer.xs Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ceb29da4-7afa-4f24-b3cd-17351d590df0}
Spyware:spyware/petro-line Not disinfected Windows Registry
Adware:adware/btgrab Not disinfected Windows Registry
Adware:adware/gigabar Not disinfected Windows Registry
Adware:adware/hungryhands Not disinfected Windows Registry
Spyware:spyware/lowzones Not disinfected Windows Registry
Adware:adware/24-7-search Not disinfected Windows Registry
Dialer:dialer.xe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}
Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware program Not disinfected Windows Registry
Adware:adware/neon Not disinfected Windows Registry
Adware:adware/dailytoolbar Not disinfected Windows Registry
Adware:adware/browvil Not disinfected Windows Registry
Adware:adware/adshooter Not disinfected Windows Registry
Adware:adware/interkey Not disinfected Windows Registry
Adware:adware/globosearch Not disinfected Windows Registry
Adware:adware/ro2cn Not disinfected Windows Registry
Spyware:spyware/search3 Not disinfected Windows Registry
Spyware:spyware/escorcher Not disinfected Windows Registry
Spyware:spyware/fastsearchweb Not disinfected Windows Registry
Adware:adware/searchrelevancy Not disinfected Windows Registry
Spyware:spyware/surfsidekick Not disinfected Windows Registry
Adware:adware/stiebar Not disinfected Windows Registry
Spyware:spyware/iesearchtoolbar Not disinfected Windows Registry
Spyware:spyware/whazit Not disinfected Windows Registry
Adware:adware/mycustomie Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Dialer:dialer.vm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F}
Adware:adware/fastvideoplayer Not disinfected Windows Registry
Adware:adware/startpage.na Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Adware:adware/ebgames Not disinfected Windows Registry
Adware:adware/mytotalsearch Not disinfected Windows Registry
Spyware:spyware/bundleware Not disinfected Windows Registry
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/deskwizz Not disinfected Windows Registry
Adware:adware/superspider Not disinfected Windows Registry
Spyware:spyware/spydeleter Not disinfected Windows Registry
Adware:adware/worldsearch Not disinfected Windows Registry
Spyware:spyware/shazaa Not disinfected Windows Registry
Adware:adware/getup Not disinfected Windows Registry
Adware:adware/quickbrowser Not disinfected Windows Registry
Adware:adware/mssearch Not disinfected Windows Registry
Adware:adware/startpage.mc Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/clkoptimizer Not disinfected Windows Registry
Adware:adware/powersearch Not disinfected Windows Registry
Adware:adware/kingporn Not disinfected Windows Registry
Adware:adware/iesearchbar Not disinfected Windows Registry
Adware:adware/thelocalsearch Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29D67D3C-509A-4544-903F-C8C1B8236554}
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/clocksync Not disinfected Windows Registry
Adware:adware/e2give Not disinfected Windows Registry
Adware:adware/tubby Not disinfected Windows Registry
Adware:adware/sgrunt Not disinfected Windows Registry
Spyware:spyware/marketscore Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Adware:adware/freescratch Not disinfected Windows Registry
Adware:adware/megasearch Not disinfected Windows Registry
Adware:adware/surebar Not disinfected Windows Registry
Adware:adware/locator Not disinfected Windows Registry
Adware:adware/midaddle Not disinfected Windows Registry
Adware:adware/searchsquire Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Spyware:spyware/omi Not disinfected Windows Registry
Adware:adware/neededware Not disinfected Windows Registry
Adware:adware/redv Not disinfected Windows Registry
Adware:adware/cashbar Not disinfected Windows Registry
Dialer:dialer.su Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}
Adware:adware/searchmall Not disinfected Windows Registry
Adware:adware/toolbarshopper Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1F1E775-1B21-454D-8D38-7C16519969E5}
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/huntbar Not disinfected Windows Registry
Adware:adware/exact.searchbar Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/instdollars Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
Adware:adware/coupons Not disinfected Windows Registry
Dialer:dialer generic Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C771B05E-E725-4516-97A5-4CE5EB163CFB}
Adware:adware/ist.xxxtoolbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/overpro Not disinfected Windows Registry
Adware:adware/easysearch Not disinfected Windows Registry
Adware:adware/redswoosh Not disinfected Windows Registry
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Adware:adware/sidestep Not disinfected Windows Registry
Adware:adware/twain-tech Not disinfected Windows Registry
Adware:adware/localnrd Not disinfected Windows Registry
Spyware:spyware/clientman Not disinfected Windows Registry
Adware:adware/fizzle Not disinfected Windows Registry
Dialer:dialer.qi Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D}
Adware:adware/toprebates Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Dialer:dialer.py Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
Adware:adware/mydailyhoroscope Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/ieplugin Not disinfected Windows Registry
Adware:adware/opensite Not disinfected Windows Registry
Adware:adware/comet Not disinfected Windows Registry
Adware:adware/adlogix Not disinfected Windows Registry
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Hijack This Log

Unread postby Rblund » July 13th, 2006, 5:22 am

New Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 10:12:44, on 13/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5ABC27A2-6A0F-0981-F15C-E4C5A620A85A} - C:\WINDOWS\mtimp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2477129810
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Also - would appreciate some advice on continuing protection - should i just now run 1 anti-spyware programme (ewido) rather than 2 (McAfee)?
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Unread postby agrarianmonk » July 13th, 2006, 12:05 pm

Go to Start > Run
Type:
    regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
      Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

**********************
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop


REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BF69DF00-2734-477F-8257-27CD04F88779}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DB893839-10F0-4AF9-92FA-B23528F530AF}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D3103509-F6EC-4592-B5F2-FD862199D778}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E15D681-1D20-11D4-8B72-000021DA1956}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{205ff73b-ca67-11d5-99dd-444553540006}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C65AEF6-E413-4314-815B-82717A3F1603}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC36767-3FCC-4948-8A13-703F887A3E87}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BC36767-3FCC-4948-8A13-703F887A3E87}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8512B008-B0AA-451F-A744-A289FD8FFDE6}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8512B008-B0AA-451F-A744-A289FD8FFDE6}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{630D6140-04C5-4db0-B27A-020D766FF09B}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600F23ED-5F29-49FF-1678-0E780F1A0814}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{600F23ED-5F29-49FF-1678-0E780F1A0814}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042EEA26-2402-4E5A-B5BB-0FB445A5526E}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{042EEA26-2402-4E5A-B5BB-0FB445A5526E}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3001A8A6-2BE1-11D4-AEDE-0050DAC24E8F}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3001A8A6-2BE1-11D4-AEDE-0050DAC24E8F}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A41C6220-6F42-4646-B119-FBE6F4D38E3C}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A41C6220-6F42-4646-B119-FBE6F4D38E3C}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14051602-5C4E-11d6-916B-00E02964E8E3}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{14051602-5C4E-11d6-916B-00E02964E8E3}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCDB34A6-C1A6-4C89-9526-E84A579A0EF7}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BCDB34A6-C1A6-4C89-9526-E84A579A0EF7}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33331111-1111-1111-1111-622221193458}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{33331111-1111-1111-1111-622221193458}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6addbf-8227-4d36-ae46-116afbdafca0}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d6addbf-8227-4d36-ae46-116afbdafca0}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02C20140-76F8-4763-83D5-B660107B7A90}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107B7A90}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23273a1c-c870-43c4-a3e3-67dc98630ac6}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{23273a1c-c870-43c4-a3e3-67dc98630ac6}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96b01a48-1317-4a87-91f7-10116f755705}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96b01a48-1317-4a87-91f7-10116f755705}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ceb29da4-7afa-4f24-b3cd-17351d590df0}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ceb29da4-7afa-4f24-b3cd-17351d590df0}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{54645654-2225-4455-44A1-9F4543D34546}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29D67D3C-509A-4544-903F-C8C1B8236554}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{29D67D3C-509A-4544-903F-C8C1B8236554}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1F1E775-1B21-454D-8D38-7C16519969E5}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1F1E775-1B21-454D-8D38-7C16519969E5}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E79DADC6-18D0-4A2A-831F-D196D41F8438}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E79DADC6-18D0-4A2A-831F-D196D41F8438}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C771B05E-E725-4516-97A5-4CE5EB163CFB}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C771B05E-E725-4516-97A5-4CE5EB163CFB}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O2 - BHO: Class - {5ABC27A2-6A0F-0981-F15C-E4C5A620A85A} - C:\WINDOWS\mtimp1.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.


Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

reboot and post a new hijackthis log.

Also - would appreciate some advice on continuing protection - should i just now run 1 anti-spyware programme (ewido) rather than 2 (McAfee)?


Well, McAfee serves as your firewall and antivirus, not just antispyware, so I wouldn't remove McAfee unless you're planning to replace it with another antivirus and firewall. Ewido is a good scanner, but it is neither a firewall nor an antivirus.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Spyware

Unread postby Rblund » July 13th, 2006, 12:31 pm

Thanks - I'll do this tonight.

On the McAfee front, I was planning to keep the security centre but there is a separate product Im running called McAfee Anti-spyware which I thought wouldn't be worth running alongside Ewido.
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Unread postby agrarianmonk » July 13th, 2006, 12:35 pm

well,

I'm not exactly sure how McAfee antispyware's real time protection works, but the real time protection in Ewido will expire when the trial expires (you can still manually update and use it as an on demand scanner).

I don't want to promote either commercial product, and I'm not familiar with the effectiveness of McAfee, so it might just be best to see which one you prefer after a period of time and see if its better have one or both.

Sorry I couldn't answer you question any better.


post back the results when you get the chance ;)

thanks,
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Rblund » July 13th, 2006, 12:39 pm

Thanks - I appreciate that you can't recommend one product over the other.

I also forgot to say that the balloon in the system tray has now disappeared so what you have receommended so far has worked for me.

Is this next stage to sort out what has been done to the registry (sorry for all the questions, just a little curious to find out more!)
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Unread postby agrarianmonk » July 13th, 2006, 12:41 pm

yes, we're just cleaning out some leftover registry entries :)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

New Hijack Log

Unread postby Rblund » July 13th, 2006, 1:48 pm

Hi - registry updated and new hijack this log below:

Logfile of HijackThis v1.99.1
Scan saved at 18:46:06, on 13/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.co.uk/cd_redirects/wanadoohome
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {5ABC27A2-6A0F-0981-F15C-E4C5A620A85A} - C:\WINDOWS\mtimp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2477129810
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rblund
Regular Member
 
Posts: 16
Joined: July 9th, 2006, 11:43 am
Location: Hertfordshire

Unread postby agrarianmonk » July 13th, 2006, 1:54 pm

Hi Rblund,

What happened to all of the McAfee entries????

You're not running an antivirus or a firewall anymore!

Post back immediately with what happened!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware