DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   hijackthis log for viruses? (http://www.daniweb.com/forums/thread45046.html)

y2v2001 May 8th, 2006 7:19 pm
hijackthis log for viruses?
 
My computer keeps telling me I have viruses but when i seach for them using mcafee it doesn't find anything. I've posted a hijackthis log below. Thanks for helping!


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\BitComet\BitComet.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Firefox\firefox.exe
C:\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

tayspen May 8th, 2006 7:44 pm
Re: hijackthis log for viruses?
 
By the looks of the log, it was probally the virus telling you you had a virus, to trick you to by there porgram :).

Please run HJT again, and select Do system scan only. Then check these items.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162

O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll



Click Fix Checked.

_________________________________________________

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt



__________________________________________

Please download Pocket Killbox by O^E.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\hpD4FF.tmp


    C:\WINDOWS\SYSTEM32\winmfu32.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

_____________________________________________

Please download ewido anti-malware it is a free version of the program.
  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed close ewido anti-malware.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in safe mode,
  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.
Boot back into normal mode.

Post a new HJT log, the smitfraudfix log, and the ewido log.

y2v2001 May 8th, 2006 11:24 pm
Re: hijackthis log for viruses?
 
Thanks for your help and nice picture. Here is the new HijackThis log:


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Firefox\firefox.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX01.031\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Here is the new SmitFraudFix file:


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\reglogs.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\OWNER~1.THE\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyFalcon\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

Here's the ewido log:

:mozilla.13:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temp\Rar$EX00.250\backups\backup-20060508-185953-571.dll -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvfgc[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvuem[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\winsis32[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvpnw[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\CDER4HUV\srvhsd[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\srvulf[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\Temp\win11.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win32.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win36.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win39.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win3C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup


::Report End

Thank you again for your help there are no more virus messages.

'Stein May 8th, 2006 11:42 pm
Re: hijackthis log for viruses?
 
Awsome, all clean except for 1 entry.

Check off this one with HJT:

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)


And other then that, it all looks good.

Any more problems?

Last thing, post a new HJT log just to make sure that entry disappears.

Thanks.

tayspen May 8th, 2006 11:49 pm
Re: hijackthis log for viruses?
 
Indeed.

But please if you did not install firefox to this direcotry let us know.


C:\Firefox\firefox.exe

y2v2001 May 9th, 2006 7:53 pm
Re: hijackthis log for viruses?
 
Thanks again for your help, i fixed that missing file thing and here is the new log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

'Stein May 9th, 2006 10:31 pm
Re: hijackthis log for viruses?
 
Awsome, clean it is.

Any questions or any prevaling problems?

Thanks.


All times are GMT -4. The time now is 3:47 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC