 |  |  |  |  |  |  |  |
new poly win32 virus and all my programs freezing up
 |
HI, When I run BitDefender Online scan it causes McAfee to detect New Poly Win32 virus and it cannot be cleaned or deleted. McAfee closes on its own and all of my programs freeze after about 3 functions. My music players and IE as well as Firefox are the worst affected. I have ran Hijackthis, AVG Anti-Spyware 7.5, attempted BitDefender, and SpyBot. I found a trojan downloader but forgot to write down what it was, I have several things quarantined between all programs. Can you help? It takes a while for my IE windows to open, they hang. I have read several threads from several sites and am hesitant to do much without any guidance.
I am including my AVG log and my Hijack This log. I did not fix anything found in the avg scan. just quarantined. Thank you in advance.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:48:11 PM 1/10/2007
+ Scan result:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP659\A0155162.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKU\S-1-5-21-1486637788-3971139218-1540689132-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-21-1486637788-3971139218-1540689132-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.388:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.230:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.231:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.232:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.241:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.242:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.30:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.31:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.33:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.283:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.284:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.285:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.286:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.287:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.288:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.289:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.290:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.316:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.317:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.318:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.319:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.320:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:22:44 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\MotiveBrowser.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BellSouthReportingAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/da...image40803.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
I am including my AVG log and my Hijack This log. I did not fix anything found in the avg scan. just quarantined. Thank you in advance.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:48:11 PM 1/10/2007
+ Scan result:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP659\A0155162.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKU\S-1-5-21-1486637788-3971139218-1540689132-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-21-1486637788-3971139218-1540689132-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.388:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.230:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.231:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.232:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.241:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.242:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.30:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.31:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.33:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.283:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.284:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.285:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.286:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.287:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.288:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.289:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.290:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.316:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.317:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.318:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.319:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.320:C:\Documents and Settings\alicia\Application Data\Mozilla\Firefox\Profiles\kyxj2bra.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 9:22:44 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\MotiveBrowser.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BellSouthReportingAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/da...image40803.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
|
Similar Threads
- I have the New poly win32 virus, please help! (Viruses, Spyware and other Nasties)
- Help!! I Have The "new Poly Win32 Virus" Plz Help (Viruses, Spyware and other Nasties)
- New Poly Win32 (Viruses, Spyware and other Nasties)
- Please assist with New Poly Win32 Virus (Viruses, Spyware and other Nasties)
- New Poly Win32? HJT Logfile posted (Viruses, Spyware and other Nasties)
- New Poly Win32 from McAfee (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Possibly the worst computer mess ever
- Next Thread: Downloader/Spyware Virus, cannot remove!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
