Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Operating Systems » Windows XP/2000 » I can find it... my computer can't...

Windows XP/2000 - I can find it... my computer can't... posted in the Operating Systems forums; No problem, if it was that easy I'd wouldn't have very much to do. Now let's kill those others aswell. You have some more problems aswell but lets start with ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 4 < 1 2 34 >
  #8  
Old 08-31-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile page
Default
No problem, if it was that easy I'd wouldn't have very much to do.

Now let's kill those others aswell. You have some more problems aswell but lets start with this:



Please download E2TakeOut by RubbeR DuckY from here:
http://www.malwarebytes.org/E2TakeOut.zip

Extract the file to your Desktop
Double click E2TakeOut.exe
Click the Begin Removal button
Wait until the program is finished scanning

Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal

Reboot your computer

Once your computer has rebooted E2TakeOut will open and produce a report
Please copy/paste that report into your next reply


1. Download this file http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Please download Winhelp2002's Deldomains.inf to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'
Once it is finished your Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.





Please download AproposFix.exe - but do NOT run it yet.
http://swandog46.geekstogo.com/aproposfix.exe

Boot your pc in safemode (hit f8 when booting up) first.

Once in Safe Mode, double-click aproposfix.exe and unzip it to the desktop.
Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode.



Please post the E2TakeOut, the Combofix log, a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Last edited by joe5; 08-31-2006 at 03:41 AM.
  #9  
Old 09-04-2006
Bronze Member
  
Join Date: Aug 2006
Posts: 20
Ktulu - See this Members User comments on their Profile page
Default
Originally Posted by joe5

Please download E2TakeOut by RubbeR DuckY from here:
http://www.malwarebytes.org/E2TakeOut.zip

Extract the file to your Desktop
Double click E2TakeOut.exe
Click the Begin Removal button
Wait until the program is finished scanning

Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal

Reboot your computer

Once your computer has rebooted E2TakeOut will open and produce a report
Please copy/paste that report into your next reply
Please download Winhelp2002's Deldomains.inf to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'
Once it is finished your Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
OK for these two objects:
E2TakeOut decided there was no main infection found, and asked if I wanted to continue removal anyway. I said yes. It gave me a small log, but did not require me to restart.

E2TakeOut v1.01 [http://www.malwarebytes.org]

Removed directory and files! C:\Program Files\E2G
Removed orphaned leftovers
AppInit key reset


and as for the DellDomains.inf that link isn't a download... its just a page of code.

I'll continue with combofix and aproposfix now.
  #10  
Old 09-04-2006
Bronze Member
  
Join Date: Aug 2006
Posts: 20
Ktulu - See this Members User comments on their Profile page
Default
OK, heres the combofix log...

MIKE - 06-09-04 12:59:50.14
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\MIKE\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169584.dll
C:\Documents and Settings\DUSTY\Application Data\Sskknwrd.dll
C:\Documents and Settings\MIKE\Application Data\Sskknwrd.dll
C:\Documents and Settings\TINA\Application Data\Sskknwrd.dll
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\uni_ehhh.exe
C:\Program Files\Common Files\mc-58-12-0000106.exe
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\DNS
C:\Program Files\Inetget2
C:\Program Files\TClock
C:\Program Files\windows
C:\Program Files\Ipwins

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\MIKE\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\MIKE\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\MIKE\Application Data\PPPATC~1
C:\QooBox\Purity\Documents and Settings\MIKE\Application Data\SMBOLS~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\YSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
C:\QooBox\Purity\Program Files\Common Files\ECURIT~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
C:\QooBox\Purity\WINDOWS\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\SSEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-09-04 13:02 -------- d-a------ C:\Program Files\Common Files
2006-09-03 17:26 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-03 17:25 -------- d-------- C:\Program Files\PrintView
2006-09-03 17:25 -------- d-------- C:\Program Files\Acceleration Software
2006-09-02 23:26 -------- d-------- C:\Program Files\Ventrilo
2006-09-02 01:52 -------- d-------- C:\Program Files\Movie Maker
2006-08-31 10:33 -------- d-------- C:\Program Files\Weather
2006-08-31 00:29 -------- d-------- C:\Program Files\AIM
2006-08-30 15:15 -------- d-------- C:\Program Files\PC Tools AntiVirus
2006-08-30 14:48 -------- d-------- C:\Program Files\WinRAR
2006-08-29 16:02 -------- d-------- C:\Program Files\Mp3wavstudio
2006-08-28 18:34 -------- d-------- C:\Program Files\mIRC
2006-08-28 12:44 -------- d-------- C:\Program Files\audio-mp3-converter
2006-08-28 09:40 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-08-27 22:10 350 --a------ C:\WINDOWS\gfoga.dll
2006-08-26 21:15 -------- d-------- C:\Program Files\America's Army
2006-08-26 12:00 -------- d-------- C:\Program Files\Adobe
2006-08-26 10:16 -------- d-------- C:\Program Files\HammerHead
2006-08-25 09:12 -------- d-------- C:\Program Files\MSN
2006-08-24 13:12 -------- d-------- C:\Program Files\Messenger
2006-08-24 11:14 -------- d-------- C:\Program Files\GameSpy Arcade
2006-08-23 15:51 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-08-22 00:44 -------- d-------- C:\Program Files\AimOne_AlltoMP3
2006-08-21 14:06 -------- d-------- C:\Program Files\Winamp
2006-08-18 14:02 -------- d-------- C:\Program Files\Unitebar
2006-08-17 13:00 -------- d-------- C:\Program Files\Common Files\Softwin
2006-08-15 19:18 -------- d-------- C:\Program Files\Common Files\eAcceleration
2006-08-15 19:14 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-15 10:38 -------- d-------- C:\Program Files\AOD
2006-08-15 08:43 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-10 23:05 -------- d-------- C:\Program Files\EQArticle
2006-08-10 15:58 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-10 11:31 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-08 15:56 -------- d-------- C:\Program Files\Online Services
2006-08-06 10:43 -------- d-------- C:\Program Files\Outlook Express
2006-08-04 13:39 -------- d-------- C:\Program Files\Google
2006-08-03 19:20 342636 ---hs---- C:\Program Files\Common Files\FIELD_AFFID.exe
2006-08-02 15:28 -------- d-------- C:\Program Files\GameHouse
2006-08-01 23:02 -------- d-------- C:\Program Files\Windows NT
2006-07-31 12:24 -------- d-------- C:\Program Files\WAV to MP3 Encoder
2006-07-31 09:49 -------- d-------- C:\Program Files\BAB.stats
2006-07-27 18:32 -------- d-------- C:\Program Files\Browser MOUSE
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 13:11 -------- d-------- C:\Program Files\Hasbro Interactive
2006-07-21 13:09 -------- d-------- C:\Program Files\Starcraft
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 19:01 32208 ---hs---- C:\Program Files\Common Files\Y1304OU.exe
2006-07-18 19:01 234248 -rah----- C:\WINDOWS\Tagasuarus2.exe
2006-07-18 19:01 183887 -rah----- C:\WINDOWS\YazzleBundle-1304.exe
2006-07-17 22:15 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-17 22:15 -------- d-------- C:\Program Files\EA GAMES
2006-07-05 15:46 -------- d-------- C:\Program Files\EQBranch
2006-07-04 20:53 -------- d-------- C:\Program Files\MSN Messenger


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"lhgwwir"="c:\\windows\\system32\\lhgwwir.exe"
"MoodLogic Updater"="C:\\Program Files\\MoodLogic\\Service\\Updater.exe"
"Dinst"="C:\\WINDOWS\\dinst.exe"
"qpyrjskA"="C:\\WINDOWS\\qpyrjskA.exe"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"
"necexkb"="C:\\WINDOWS\\system32\\kayzcb.exe r"
"Mchrbb"="C:\\Program Files\\Ourvc\\Yucccw.exe"
"xij"="C:\\WINDOWS\\xij.exe"
"dykgxkczuzv"="C:\\WINDOWS\\System32\\lhgwwir. exe"
"w0e987df.dll"="RUNDLL32.EXE w0e987df.dll,I2 000ebe2d00e987df"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"Pvn"="C:\\WINDOWS\\system32\\d?dplay.exe"
"EQTraffic"="\"C:\\Program Files\\EQTraffic\\EQTraffic.exe\""
"Csan"="\"C:\\DOCUME~1\\MIKE\\MYDOCU~1\\FNTS~1\\ar pa.exe\" -vt yazr"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"blaadm"="C:\\WINDOWS\\system32\\blaadm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
"blaadm"="C:\\WINDOWS\\system32\\blaadm.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Online Services\\howyvyka.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00 ,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00 ,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64 ,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="\\"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00 ,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00 ,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64 ,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="C:\\WINDOWS\\system32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00 ,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00 ,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64 ,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00 ,80,02,00,00,3a,02,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23 ,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"="McAfee AntiSpyware Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="bdmcon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon .exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="bdnagent"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdna gent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="bdoesrv"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="bdswitch"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdsw itch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagen t.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="McRegWiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\Agent\\McRegWiz.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupda te.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\StopSignSsTsMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="sstsmon0"
"hkey"="HKLM"
"command"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon0.dll\",VerifyStatus"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvssh ld.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhd lr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\webscan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="stopsignav"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\_AntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="MssCli"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe"
"inimapping"="0"



Completion time: Mon 09/04/2006 13:06:55.00
ComboFix.txt


moving on to AproposFix
  #11  
Old 09-04-2006
Bronze Member
  
Join Date: Aug 2006
Posts: 20
Ktulu - See this Members User comments on their Profile page
Default
AproposFix log:
Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\MIKE\Desktop\aproposfix

************



Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CyTl3A25hjE9]
@="v\\md_SKVWWVWWXW:y\\DS9MVWWVlYW1rwmx1\\WNTNO9Hc bW8MDQ9MNWNH7JPCD8XNTN"
"Device"="\\\\.\\UPSixer"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\smco uhid.sys"
"DriverName"="MSD4_xp"
"HideUninstallerName"="C:\\Program Files\\Unitebar\\mtxogsvc.exe"
"HDll"="C:\\WINDOWS\\system32\\idqalspl.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="WB.OLD"
"InstallationId"="{Xb76a69f-7c47-57b1-ca88-f4a804506348}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Unitebar\\wsoetmsg.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\tsbmtxex.exe "
"Version"="2.0.131"
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service MSD4_xp removed.

Removing hidden folder:
Deletion of folder Unitebar succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\smcouhid.sys succeeded!
Deletion of file C:\WINDOWS\system32\tsbmtxex.exe succeeded!
Deletion of file C:\WINDOWS\system32\idqalspl.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CyTl3A25hjE9]
[-HKEY_LOCAL_MACHINE\Software\CyTl3A25hjE9]

Done!

Finished!


New HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:20:28 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dassault Systemes\B08\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MIKE\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lhgwwir] c:\windows\system32\lhgwwir.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [qpyrjskA] C:\WINDOWS\qpyrjskA.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [necexkb] C:\WINDOWS\system32\kayzcb.exe r
O4 - HKLM\..\Run: [Mchrbb] C:\Program Files\Ourvc\Yucccw.exe
O4 - HKLM\..\Run: [xij] C:\WINDOWS\xij.exe
O4 - HKLM\..\Run: [dykgxkczuzv] C:\WINDOWS\System32\lhgwwir.exe
O4 - HKLM\..\Run: [w0e987df.dll] RUNDLL32.EXE w0e987df.dll,I2 000ebe2d00e987df
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pvn] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O4 - HKCU\..\Run: [Csan] "C:\DOCUME~1\MIKE\MYDOCU~1\FNTS~1\arpa.exe" -vt yazr
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [blaadm] C:\WINDOWS\system32\blaadm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B08\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
  #12  
Old 09-04-2006
Bronze Member
  
Join Date: Aug 2006
Posts: 20
Ktulu - See this Members User comments on their Profile page
Default
hmmm... oh and I was trying to get completely rid of McAfee as it was interfering with an install of another AV program... but I cant seem to get rid of it all... should I make a new post or just kinda roll it into one to save trouble?
  #13  
Old 09-05-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile pagejoe5 - See this Members User comments on their Profile page
Default
Originally Posted by Ktulu
OK for these two objects:
E2TakeOut decided there was no main infection found, and asked if I wanted to continue removal anyway. I said yes. It gave me a small log, but did not require me to restart.

Strange, the infection was present for sure. But it is gone now anyway.

and as for the DellDomains.inf that link isn't a download... its just a page of code.
Save it first to your hd, or use I.E. instead of Firefox, then it should work.



I've included all leftovers from McAfee that I can see, plus also reminants of an old Bitdefender install.


Download Pocket Killbox:
http://www.atribune.org/downloads/KillBox.exe

Go to add/remove programs and uninstall EQTraffic if present.


Then run HijackThis , select to do a "system scan only" and then place a check beside each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [lhgwwir] c:\windows\system32\lhgwwir.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [qpyrjskA] C:\WINDOWS\qpyrjskA.exe
O4 - HKLM\..\Run: [necexkb] C:\WINDOWS\system32\kayzcb.exe r
O4 - HKLM\..\Run: [Mchrbb] C:\Program Files\Ourvc\Yucccw.exe
O4 - HKLM\..\Run: [xij] C:\WINDOWS\xij.exe
O4 - HKLM\..\Run: [dykgxkczuzv] C:\WINDOWS\System32\lhgwwir.exe
O4 - HKLM\..\Run: [w0e987df.dll] RUNDLL32.EXE w0e987df.dll,I2 000ebe2d00e987df
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKCU\..\Run: [Pvn] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O4 - HKCU\..\Run: [Csan] "C:\DOCUME~1\MIKE\MYDOCU~1\FNTS~1\arpa.exe" -vt yazr
O4 - HKCU\..\Run: [blaadm] C:\WINDOWS\system32\blaadm.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185XXUS
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
Now first close all windows and browsers other then HijackThis , then click Fix checked and close HijackThis.



Please copy the text in the code box below, and paste it into a blank notepad window.
Save it as Fix.reg and in the "save as" type box choose "all files".
Once you have saved it, double click it, and allow it to merge with the registry.

Code:
REGEDIT4 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lhgwwir"=-
"Dinst"=-
"qpyrjskA"=-
"necexkb"=-
"Mchrbb"=-
"xij"=-
"dykgxkczuzv"=-
"w0e987df.dll"=-
"ftexc"=-
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EQTraffic"=-
"Pvn"=-
"Csan"=-
"blaadm"=-
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"blaadm"=-
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=-
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"=-
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"=-
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\_AntiSpyware]



Start Killbox and place a tick next to [x]delete on reboot.
And press the "all files" button. (just above the yellow triangle)
Copy this list into the windows clipboard:
(highlight the text , and select "copy")

c:\windows\system32\lhgwwir.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\qpyrjskA.exe
C:\\Program Files\\Softwin
C:\WINDOWS\system32\kayzcb.exe
C:\Program Files\Ourvc
C:\WINDOWS\xij.exe
C:\WINDOWS\System32\lhgwwir.exe
C:\WINDOWS\System32\w0e987df.dll
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\d?dplay.exe
C:\Program Files\EQTraffic
C:\WINDOWS\system32\blaadm.exe
C:\WINDOWS\gfoga.dll
C:\Program Files\EQArticle
C:\Program Files\WindowsUpdate
C:\PROGRAM FILES\McAfee.com
C:\Program Files\Common Files\FIELD_AFFID.exe
C:\Program Files\Common Files\Y1304OU.exe
C:\WINDOWS\Tagasuarus2.exe
C:\WINDOWS\YazzleBundle-1304.exe
C:\Program Files\EQBranch
C:\Program Files\Online Services\howyvyka.html


Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

Exit Killbox, restart your PC, and post a new hjt log please.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Last edited by joe5; 09-05-2006 at 01:50 AM.
  #14  
Old 09-06-2006
Bronze Member
  
Join Date: Aug 2006
Posts: 20
Ktulu - See this Members User comments on their Profile page
Default
ok, did everything you said, heres the new hjt log:


Logfile of HijackThis v1.99.1
Scan saved at 10:09:43 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dassault Systemes\B08\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MIKE\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32