Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple viruses/malware - Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Multiple viruses/malware - Please Help

Unread postby Dextroman584 » September 15th, 2006, 9:52 pm

I'm trying to clean up an old computer that I havent used in almost 2 years to give to a friend but I've realized that there are multiple viruses. I've run AdAware and Edwido in safe mode and that greatly helped but there are still a few problems. I believe those programs got rid of the Cool Web Search virus that I had because my homepage is no longer about.blank but I am still experiencing lots of pop up and programs crashing. Any help would be greatly appreciated. Here's my HiJack this log:


Logfile of HijackThis v1.99.1
Scan saved at 8:50:55 PM, on 9/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\cmmeftp.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Dextroman\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [xs2W3ph] cmmeftp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Fmzmojx] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [gBt6RfNtQ] imjlv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nwa.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/getzango/download/ ... taller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dn8801lue.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: Remote Procedure Call (RPC) Helper (Â
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm
Advertisement
Register to Remove

Unread postby dan12 » September 16th, 2006, 3:17 am

Hi Dextroman584 and welcome to malwareremoval forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 16th, 2006, 7:23 pm

Thank you for your help Dan. You guys are a true life saver.
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby dan12 » September 17th, 2006, 3:15 am

Hi Dextroman584

You are currently using an unpatched version of Microsoft XP. It is CRITICAL that you update to Service Pack 1
Please visit this link:
Microsoft Service Pack 1

and install Service Pack 1. If you run into troubles, please post them here.

IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable.
We will update to SP2 when you are clean.



Please post back with a HJT log and your computer running with Service pack 1, or with any problems you are having updating.

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 17th, 2006, 11:39 am

Thanks for the input Dan. I followed your advice but after Microsoft checked my computer for updates, it stated that there were no high priority updates available.

Also I think I should note that McAfee keeps blocking a program about once a minute and I get a RUNDLL error when this happens (Error loading C:\WINDOWS\system32\guard.tmp Access is Denied). My computer is still experiencing slow down, lots of pop ups, and occasionally a program will crash.

I have to go to work now but I'm going to look into this further once I get home. Thanks again for your help.
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby dan12 » September 18th, 2006, 4:33 am

Hi Dextroman584 follow this link to update manually.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 18th, 2006, 10:15 am

Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:15:15 AM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [Fmzmojx] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [gBt6RfNtQ] imjlv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nwa.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/getzango/download/ ... taller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\gp84l3lq1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: Remote Procedure Call (RPC) Helper (Â
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby dan12 » September 18th, 2006, 2:00 pm

Hi Dextroman584
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 18th, 2006, 2:44 pm

I followed your instructions and here is the log:

Dextroman - 06-09-18 13:36:08.76 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{65F51BC7-5B2D-4855-8D60-CB6FE90D6201}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65F51BC7-5B2D-4855-8D60-CB6FE90D6201}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65F51BC7-5B2D-4855-8D60-CB6FE90D6201}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65F51BC7-5B2D-4855-8D60-CB6FE90D6201}\InprocServer32]
@="C:\\WINDOWS\\system32\\myicda.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{76BD8133-637A-4B71-B295-7A2EBD6D7E9A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76BD8133-637A-4B71-B295-7A2EBD6D7E9A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76BD8133-637A-4B71-B295-7A2EBD6D7E9A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76BD8133-637A-4B71-B295-7A2EBD6D7E9A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcauserv.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


2006-09-18 03:23 236,483 -r--s---- C:\WINDOWS\system32\myicda.dll
2006-09-18 03:23 236,483 -r--s---- C:\WINDOWS\system32\i2600cjmefoa0.dll
2006-09-17 23:57 236,483 -r--s---- C:\WINDOWS\system32\gp84l3lq1.dll
2006-09-17 22:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-17 13:59 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-17 12:14 236,949 -r--s---- C:\WINDOWS\system32\m6640gjqe6oe0.dll
2006-09-15 20:38 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2006-09-15 20:32 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-15 18:04 90,151 --a------ C:\WINDOWS\system32\rrsec2k.exe
2006-09-15 18:04 18,944 --a------ C:\WINDOWS\system32\rrspy64.sys
2006-09-15 18:04 18,432 --a------ C:\WINDOWS\system32\rrspy.sys
2006-09-15 18:04 112,640 --a------ C:\WINDOWS\system32\rrsec.dll
2006-09-14 14:58 0 --a------ C:\WINDOWS\system32\hvjkt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-18 10:03 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-18 09:17 -------- d-------- C:\Program Files\Kazaa
2006-09-18 03:23 -------- d-------- C:\Program Files\Messenger
2006-09-18 03:10 -------- d-------- C:\Program Files\Internet Explorer
2006-09-18 03:09 -------- d-------- C:\Program Files\Windows Media Player
2006-09-18 03:02 -------- d-------- C:\Program Files\Outlook Express
2006-09-18 03:02 -------- d-------- C:\Program Files\Common Files\System
2006-09-17 23:36 -------- d---s---- C:\Documents and Settings\Dextroman\Application Data\Microsoft
2006-09-17 23:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-17 23:03 -------- d-------- C:\Program Files\NetMeeting
2006-09-17 23:02 -------- d-------- C:\Program Files\Windows NT
2006-09-17 21:24 94208 --a------ C:\WINDOWS\DIIUnin.exe
2006-09-17 21:24 360448 --a------ C:\WINDOWS\bkuninst.exe
2006-09-15 21:15 -------- d-------- C:\Program Files\Winamp
2006-09-15 21:09 -------- d-------- C:\Program Files\FlashFXP
2006-09-15 21:08 -------- d-------- C:\Program Files\mIRC
2006-09-15 19:51 -------- d-a------ C:\Program Files\TV Media
2006-09-15 18:04 -------- d-------- C:\Program Files\Registrar Registry Manager
2006-09-15 17:50 36 --a------ C:\Documents and Settings\Dextroman\Application Data\tvmuknwrd.dll
2006-09-15 17:49 0 --a------ C:\Documents and Settings\Dextroman\Application Data\tvmknwrd.dll
2006-09-15 17:44 4337 --a------ C:\WINDOWS\anenhn.dll
2006-09-15 17:40 -------- d-------- C:\Program Files\Common Files
2006-09-15 17:30 -------- d-------- C:\Program Files\AIM
2006-09-15 15:26 -------- d-------- C:\Program Files\support.com
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 00:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 00:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fmzmojx"="C:\\WINDOWS\\System32\\w?nspool.exe"
"Spyware Vanisher"="c:\\spywarevanisher-free\\FreeScanner.exe -FastScan"
"gBt6RfNtQ"="imjlv.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"zango"="c:\\program files\\zango\\zango.exe"
"VBouncer"="C:\\PROGRA~1\\VBouncer\\VirtualBouncer.exe"
"TV Media"="C:\\Program Files\\TV Media\\Tvm.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"VBundleOuterDL"="C:\\Program Files\\VBouncer\\BundleOuter.EXE"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Mon 09/18/2006 13:39:34.92
ComboFix.txt
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby dan12 » September 19th, 2006, 2:12 am

will need a further new HJT log too
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 19th, 2006, 8:55 pm

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:54:44 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [Fmzmojx] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [gBt6RfNtQ] imjlv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nwa.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/getzango/download/ ... taller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: Remote Procedure Call (RPC) Helper (Â
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm

Unread postby dan12 » September 22nd, 2006, 4:36 am

Hi Dextroman584, sorry for delay we have been busy,will be back with you soon. I am waiting for my work to be checked before posting to you.
Thanks for your patience
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » September 25th, 2006, 6:41 am

Dextroman584
Have not forgot you should be back with you soon.
again thanks for your patients
dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » September 25th, 2006, 1:35 pm

Hi Dextroman584

Ok to start we need to get some scans underway

You may want to print these instructions for reference

We have a few malware processes and files which we need to get rid of.
Please be patient, and follow all of the instructions as given. Please do not reboot unless it is part
of the fix, or you have no other choice. While you are following the fix, you will find it helpful to have
a pen and paper handy to take any notes, so you can let me know what happens.
Typical information that will be helpful will be:
  • Files or folders that will not delete properly
  • Any errors that occur when following a fix or during bootup
  • Notes on your system's operation (sluggish internet, popups, etc)
  • The more information we have, the better our chances to clean your system!


First of all I need you to download some programs for use later.

Download this file and unzip it to your desktop

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder from here, install it, check for updates but again, don't use it yet.

Download and install Ewido Security Suite Trial from here. Run and update the program but do not scan with it yet.


Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.

Then Open cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner
  • Click on the Settings tab.
  • Under How to act ?Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?All checkboxes should be ticked.
  • Under Possibly unwanted software: All checkboxes should be ticked.
  • Under Reports:Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished:
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

    Image
  • When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

reboot into normal mode

Please include new HJT log scan as you did in the begining plus ewido Log and About:Buster log
in your next post
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Dextroman584 » September 25th, 2006, 10:02 pm

Thanks for your ongoing help Dan. My computer has been running much better the past few days. I havent had any popups but occasionally McAfee will find a PUP. I followed all your instructions from the previous post and here are my logs:


Logfile of HijackThis v1.99.1
Scan saved at 8:55:33 PM, on 9/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dextroman\Desktop\Dustin's Stuff\Programs\Spyware Removal\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvjkt.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [Fmzmojx] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [gBt6RfNtQ] imjlv.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {1EF19158-E131-41ED-ACA3-A93CA4F121FE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D03B89FA-397C-49D2-97C2-469C4331180A} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {F637BADC-39B6-485A-896D-553EA2E0A160} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nwa.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8506398186
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50020/QDow_AS2.cab
O16 - DPF: {99410CDE-6F16-42CE-9D49-3807F78F0287} (ZangoInstaller Class) - http://www.zango.com/getzango/download/ ... taller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:10:20 PM 9/25/2006

+ Scan result:



C:\Documents and Settings\Dextroman\Cookies\dextroman@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Dextroman\Cookies\dextroman@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end



AboutBuster 6.05
Scan started on [9/25/2006] at [8:58:34 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\aamqv.log:ielxd
Removed Stream! C:\WINDOWS\bootstat.dat:bhfel
Removed Stream! C:\WINDOWS\cyfqb.log:niiny
Removed Stream! C:\WINDOWS\DIIUnin.exe:uqdnj
Removed Stream! C:\WINDOWS\DtcInstall.log:mzhon
Removed Stream! C:\WINDOWS\DtcInstall.log:qiqwg
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:faztp
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:awqza
Removed Stream! C:\WINDOWS\iun6002.exe:fnopy
Removed Stream! C:\WINDOWS\iun6002.exe:zexni
Removed Stream! C:\WINDOWS\KB828741.log:reisc
Removed Stream! C:\WINDOWS\KB840987.log:kfaye
Removed Stream! C:\WINDOWS\msgsocm.log:fplnd
Removed Stream! C:\WINDOWS\msgsocm.log:trqgj
Removed Stream! C:\WINDOWS\npudt.dat:twvgj
Removed Stream! C:\WINDOWS\ntdtcsetup.log:xqesx
Removed Stream! C:\WINDOWS\n_exhfbl.txt:dfhnxd
Removed Stream! C:\WINDOWS\ocgen.log:agjuf
Removed Stream! C:\WINDOWS\ocgen.log:mgsyl
Removed Stream! C:\WINDOWS\OEWABLog.txt:fhldf
Removed Stream! C:\WINDOWS\ofdbz.log:shcza
Removed Stream! C:\WINDOWS\oibxn.txt:lfjox
Removed Stream! C:\WINDOWS\Q323255.log:rhytd
Removed Stream! C:\WINDOWS\Q329170.log:ghfmo
Removed Stream! C:\WINDOWS\Q329170.log:kzrzf
Removed Stream! C:\WINDOWS\Q810577.log:cabez
Removed Stream! C:\WINDOWS\Q817606.log:ilzzp
Removed Stream! C:\WINDOWS\regopt.log:teckl
Removed Stream! C:\WINDOWS\regopt.log:wvjvf
Removed Stream! C:\WINDOWS\River Sumida.bmp:pwcji
Removed Stream! C:\WINDOWS\SchedLgU.Txt:hxmoc
Removed Stream! C:\WINDOWS\setupapi.log:rzflz
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:kayqb
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:cbjvv
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:lpivb
Removed Stream! C:\WINDOWS\system.ini:dqbiv
Removed Stream! C:\WINDOWS\system.tmp:dqbiv
Removed Stream! C:\WINDOWS\tempf.txt:uzyqmn
Removed Stream! C:\WINDOWS\twain.dll:oodyl
Removed Stream! C:\WINDOWS\twain.dll:qjbij
Removed Stream! C:\WINDOWS\twain.dll:wqlnp
Removed Stream! C:\WINDOWS\twunk_16.exe:hpndn
Removed Stream! C:\WINDOWS\twunk_16.exe:jcunl
Removed Stream! C:\WINDOWS\unvise32qt.exe:bdmsf
Removed Stream! C:\WINDOWS\uqnvu.log:majdgy
Removed Stream! C:\WINDOWS\usta32.ini:rqyoj
Removed Stream! C:\WINDOWS\vb.ini:zxjyqo
Removed Stream! C:\WINDOWS\vjuvs.txt:rxcdsq
Removed Stream! C:\WINDOWS\vmmreg32.dll:fttic
Removed Stream! C:\WINDOWS\win.ini:exvyp
Removed Stream! C:\WINDOWS\win.ini:xumve
Removed Stream! C:\WINDOWS\win.tmp:exvyp
Removed Stream! C:\WINDOWS\win.tmp:xumve
Removed Stream! C:\WINDOWS\winamp.ini:cqujmb
Removed Stream! C:\WINDOWS\Windows Update.log:wyolr
Removed Stream! C:\WINDOWS\winhelp.exe:pzhql
Removed Stream! C:\WINDOWS\wininit.ini:bruot
Removed Stream! C:\WINDOWS\wininit.ini:scllg
Removed Stream! C:\WINDOWS\wininit.sd:bruot
Removed Stream! C:\WINDOWS\wininit.sd:scllg
Removed Stream! C:\WINDOWS\winnt256.bmp:sophi
Removed Stream! C:\WINDOWS\winnt256.bmp:usmbv
Removed Stream! C:\WINDOWS\Zapotec.bmp:wqgmz
Removed Stream! C:\WINDOWS\Zapotec.bmp:wwhbw
Removed Stream! C:\WINDOWS\_default.pif:ggwjds
Removed Stream! C:\WINDOWS\_default.pif:ofdeih
Removed Stream! C:\WINDOWS\_default.pif:zhopfc
-------------------------------------------------------------
Removed File! : C:\WINDOWS\aamqv.log
Removed File! : C:\WINDOWS\apofy.dat
Removed File! : C:\WINDOWS\blyjb.log
Removed File! : C:\WINDOWS\cbgep.txt
Removed File! : C:\WINDOWS\cyfqb.log
Removed File! : C:\WINDOWS\ffcwm.txt
Removed File! : C:\WINDOWS\gvomh.dat
Removed File! : C:\WINDOWS\hgnxi.txt
Removed File! : C:\WINDOWS\hpeky.txt
Removed File! : C:\WINDOWS\hzpre.txt
Removed File! : C:\WINDOWS\imhds.log
Removed File! : C:\WINDOWS\inume.log
Removed File! : C:\WINDOWS\jkfeh.log
Removed File! : C:\WINDOWS\jvufs.log
Removed File! : C:\WINDOWS\khchv.txt
Removed File! : C:\WINDOWS\khpcf.dat
Removed File! : C:\WINDOWS\kqyxq.txt
Removed File! : C:\WINDOWS\naics.txt
Removed File! : C:\WINDOWS\npudt.dat
Removed File! : C:\WINDOWS\n_axmjjk.log
Removed File! : C:\WINDOWS\n_bdnrcx.dat
Removed File! : C:\WINDOWS\n_bvwkvg.txt
Removed File! : C:\WINDOWS\n_cqlavy.dat
Removed File! : C:\WINDOWS\n_exhfbl.txt
Removed File! : C:\WINDOWS\n_fxgkci.dat
Removed File! : C:\WINDOWS\n_gfdaub.dat
Removed File! : C:\WINDOWS\n_ghjlja.log
Removed File! : C:\WINDOWS\n_grkxfx.dat
Removed File! : C:\WINDOWS\n_hjryfa.txt
Removed File! : C:\WINDOWS\n_hjsbuh.log
Removed File! : C:\WINDOWS\n_jawddv.txt
Removed File! : C:\WINDOWS\n_jybotj.txt
Removed File! : C:\WINDOWS\n_mazjhi.log
Removed File! : C:\WINDOWS\n_mhfthg.txt
Removed File! : C:\WINDOWS\n_ncesxz.dat
Removed File! : C:\WINDOWS\n_ngxfgz.log
Removed File! : C:\WINDOWS\n_nkdspc.log
Removed File! : C:\WINDOWS\n_nnbfot.dat
Removed File! : C:\WINDOWS\n_nsxbio.log
Removed File! : C:\WINDOWS\n_oiofvn.txt
Removed File! : C:\WINDOWS\n_ovgftt.txt
Removed File! : C:\WINDOWS\n_pqskkf.txt
Removed File! : C:\WINDOWS\n_pyepup.log
Removed File! : C:\WINDOWS\n_qtrynl.dat
Removed File! : C:\WINDOWS\n_qvcavf.log
Removed File! : C:\WINDOWS\n_qxfzed.log
Removed File! : C:\WINDOWS\n_stowod.log
Removed File! : C:\WINDOWS\n_uliiuh.txt
Removed File! : C:\WINDOWS\n_xleemi.log
Removed File! : C:\WINDOWS\n_xmfknd.txt
Removed File! : C:\WINDOWS\n_ybfaxx.log
Removed File! : C:\WINDOWS\n_zpyhtx.txt
Removed File! : C:\WINDOWS\n_zrrbom.log
Removed File! : C:\WINDOWS\n_zsogka.log
Removed File! : C:\WINDOWS\ofdbz.log
Removed File! : C:\WINDOWS\oibxn.txt
Removed File! : C:\WINDOWS\onsmx.log
Removed File! : C:\WINDOWS\oqykc.log
Removed File! : C:\WINDOWS\qnekj.log
Removed File! : C:\WINDOWS\qygza.dat
Removed File! : C:\WINDOWS\rkosb.log
Removed File! : C:\WINDOWS\sabpn.log
Removed File! : C:\WINDOWS\soqpy.log
Removed File! : C:\WINDOWS\tbmut.dat
Removed File! : C:\WINDOWS\uoxpp.dat
Removed File! : C:\WINDOWS\uqnvu.log
Removed File! : C:\WINDOWS\vbgss.dat
Removed File! : C:\WINDOWS\vjuvs.txt
Removed File! : C:\WINDOWS\wsccq.txt
Removed File! : C:\WINDOWS\xuuri.dat
Removed File! : C:\WINDOWS\ywexb.dat
Removed File! : C:\WINDOWS\zejsk.dat
Removed File! : C:\WINDOWS\zfrih.dat
Removed File! : C:\WINDOWS\zpxxa.log
Removed File! : C:\WINDOWS\zxrzd.log
Removed File! : C:\WINDOWS\zzijl.dat
Removed File! : C:\WINDOWS\system32\anzqu.txt
Removed File! : C:\WINDOWS\system32\aszxg.dat
Removed File! : C:\WINDOWS\system32\avekr.dat
Removed File! : C:\WINDOWS\system32\bebkp.txt
Removed File! : C:\WINDOWS\system32\bnnah.log
Removed File! : C:\WINDOWS\system32\cdrlp.log
Removed File! : C:\WINDOWS\system32\dichq.log
Removed File! : C:\WINDOWS\system32\dinnq.dat
Removed File! : C:\WINDOWS\system32\dizhh.log
Removed File! : C:\WINDOWS\system32\dkllt.txt
Removed File! : C:\WINDOWS\system32\emzhv.dat
Removed File! : C:\WINDOWS\system32\etukt.log
Removed File! : C:\WINDOWS\system32\fimjv.dat
Removed File! : C:\WINDOWS\system32\gdxfo.txt
Removed File! : C:\WINDOWS\system32\gfwht.txt
Removed File! : C:\WINDOWS\system32\gomtq.txt
Removed File! : C:\WINDOWS\system32\hvlfp.txt
Removed File! : C:\WINDOWS\system32\iopyd.dat
Removed File! : C:\WINDOWS\system32\ipeaw.txt
Removed File! : C:\WINDOWS\system32\jaicw.txt
Removed File! : C:\WINDOWS\system32\kanrn.txt
Removed File! : C:\WINDOWS\system32\kqqcv.txt
Removed File! : C:\WINDOWS\system32\kzusa.txt
Removed File! : C:\WINDOWS\system32\ljkcw.log
Removed File! : C:\WINDOWS\system32\lqqsu.log
Removed File! : C:\WINDOWS\system32\mcean.txt
Removed File! : C:\WINDOWS\system32\mpqkd.log
Removed File! : C:\WINDOWS\system32\nsgta.log
Removed File! : C:\WINDOWS\system32\ofuro.txt
Removed File! : C:\WINDOWS\system32\okmik.txt
Removed File! : C:\WINDOWS\system32\olodp.txt
Removed File! : C:\WINDOWS\system32\qdyra.log
Removed File! : C:\WINDOWS\system32\qvnxc.log
Removed File! : C:\WINDOWS\system32\rgcvc.dat
Removed File! : C:\WINDOWS\system32\ruyln.log
Removed File! : C:\WINDOWS\system32\rxpcd.dat
Removed File! : C:\WINDOWS\system32\shqpe.txt
Removed File! : C:\WINDOWS\system32\sjzwc.dat
Removed File! : C:\WINDOWS\system32\stxwp.txt
Removed File! : C:\WINDOWS\system32\sxcxe.dat
Removed File! : C:\WINDOWS\system32\tpaia.txt
Removed File! : C:\WINDOWS\system32\trsfr.log
Removed File! : C:\WINDOWS\system32\uarrn.txt
Removed File! : C:\WINDOWS\system32\ufupr.txt
Removed File! : C:\WINDOWS\system32\uingy.dat
Removed File! : C:\WINDOWS\system32\umixd.log
Removed File! : C:\WINDOWS\system32\vmtox.dat
Removed File! : C:\WINDOWS\system32\vsfdw.dat
Removed File! : C:\WINDOWS\system32\vzppy.log
Removed File! : C:\WINDOWS\system32\whjrl.txt
Removed File! : C:\WINDOWS\system32\wpnxi.log
Removed File! : C:\WINDOWS\system32\wufqv.txt
Removed File! : C:\WINDOWS\system32\xlesv.log
Removed File! : C:\WINDOWS\system32\xnthz.txt
Removed File! : C:\WINDOWS\system32\xywek.txt
Removed File! : C:\WINDOWS\system32\zfqsj.txt
Removed File! : C:\WINDOWS\system32\znzsb.dat
Removed File! : C:\WINDOWS\system32\zsjvz.log
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:00:41 PM
Dextroman584
Regular Member
 
Posts: 31
Joined: September 15th, 2006, 9:45 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware