943,940 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Please Help Me
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jan 2nd, 2006
0

Please Help Me

Expand Post »
I've ran Ad-aware SE and tried Spybot, but when it came time to fix the spyware with Spybot, it gave me a message saying "This application has failed to start because WDENGINE.dll was not not found." I believe ad-aware helped somewhat so far, but there are still pop- ups that appear every so often and there is also a red circle with a white X in it in my button bar that displays messages telling me my computer is infected. There is also a flashing yellow triangle with an exclamation point in it that also displays a message about pop-ups. Help would greatly be appreciated Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:47:18 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20001\winlogon.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\AIM\aim.exe
C:\winstall.exe
C:\WINDOWS\system32\sywsvcs.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\WINDOWS\inet20001\mm4.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA5CA8F-77DA-403C-B2AA-C0B672E1324D}: NameServer = 85.255.113.205,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FB9304-42F9-4B81-BB21-2F46B77B572C}: NameServer = 85.255.113.205,85.255.112.231
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 2nd, 2006
0

Re: Please Help Me

Since the time I posted this, I've gotten Spybot to work and I've followed the instructions on http://www.pcworld.com/reviews/artic...23,pg,2,00.asp I don't know if this has helped or not...
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 4th, 2006
0

Re: Please Help Me

Alright, just so I don't waste anybodys time, since I made my last post, I've ran a lot of scans (with McAfee, Comcast Anti- Spyware, Ewidow, and BFU along side of the other programs I've been using.) The red circle with the x has gone away and I haven't seen it since a few days ago when I started doing more scans with different programs. I scan with the McAfee and the Generic Downloader trojan seems to keep coming up even after I quarantine it. I've cleaned up the computer a lot with all the scans, but I am still gettin popups and the yellow flashing triangle with the ! in it that displays messages about popups. Here is the most recent HJT Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:28:17 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\iTunes\iTunes.exe
C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp3880.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA5CA8F-77DA-403C-B2AA-C0B672E1324D}: NameServer = 85.255.113.205,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FB9304-42F9-4B81-BB21-2F46B77B572C}: NameServer = 85.255.113.205,85.255.112.231
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

Please, any help would be appreciated!!!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 4th, 2006
0

Re: Please Help Me

Alrighty, sorry that I keep posting, but I found 2 files that came up in the HijackThis Logfile, mssearchnet.exe and nvctrl.exe. I started up in Safe mode with Command Prompt and I completely delete these two files and things with it. Now I believe I have fixed my computer, but just to be safe, can someone tell me if I am totally clean or if there is anything else I need to do to get my computer running correctly? Here is the newest HJT Logfile: Logfile of HijackThis v1.99.1
Scan saved at 10:51:05 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp8865.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA5CA8F-77DA-403C-B2AA-C0B672E1324D}: NameServer = 85.255.113.205,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FB9304-42F9-4B81-BB21-2F46B77B572C}: NameServer = 85.255.113.205,85.255.112.231
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 7th, 2006
0

Re: Please Help Me

Good work- you've cleaned out a fair number of "unwanted guests".
There are still infections present though, so:

First: C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\Rar$EX00.438\HijackThis.ex

The log entry above indicates that you are running HijackThis from within a Temp/Temporary folder. Please do the following:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.
-------------------------------------------------------------------------------------
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Open the Services utility in your Administrative Tools control panel.

* In the list of services, locate the service named "NTBOOTMGR" and double-click on it.
* In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
* Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK.
* Repeat the above for the NTLOAD and NTSVCMGR services.
* Close the Services utility after that.


2. Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open McAfee and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.


3. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp8865.tmp
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA5CA8F-77DA-403C-B2AA-C0B672E1324D}: NameServer = 85.255.113.205,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FB9304-42F9-4B81-BB21-2F46B77B572C}: NameServer = 85.255.113.205,85.255.112.231
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

- Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

NTBOOTMGR

Repeat the above deletion for NTLOAD and NTSVCMGR. Close HJT after that.


4. Reboot into Safe Mode and:


Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK

- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders

- Click on Run Cleaner

It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


- Run McAfee, MS Antispyware, and ewido; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.


- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.


5. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Look for the following files and delete them if found:

C:\WINDOWS\system32\hp8865.tmp
C:\WINDOWS\system32\browsela.dll
msupdate32.dll
C:\winstall.exe
C:\RECYCLER\svwhost.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
- Delete the C:\Program Files\winupdatesfolder entirely.


6. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Jan 8th, 2006
0

Re: Please Help Me

Sorry for not replying as fast as I could of. I thank you very much for the help so far. Here are the logfiles after I followed all instructions you gave me:

Logfile of HijackThis v1.99.1
Scan saved at 5:27:34 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


********
4:49 PM: | Start of Session, Sunday, January 08, 2006 |
4:49 PM: Spy Sweeper started
4:49 PM: Sweep initiated using definitions version 597
4:49 PM: Starting Memory Sweep
4:52 PM: Memory Sweep Complete, Elapsed Time: 00:03:18
4:52 PM: Starting Registry Sweep
4:53 PM: Found Trojan Horse: trojan-downloader-2pursuit
4:53 PM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)
4:53 PM: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)
4:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)
4:53 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ (10 subtraces) (ID = 1094567)
4:54 PM: Registry Sweep Complete, Elapsed Time:00:01:37
4:54 PM: Starting Cookie Sweep
4:54 PM: Found Spy Cookie: 2o7.net cookie
4:54 PM: owner@2o7[1].txt (ID = 1957)
4:54 PM: Found Spy Cookie: yieldmanager cookie
4:54 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
4:54 PM: Found Spy Cookie: adknowledge cookie
4:54 PM: owner@adknowledge[2].txt (ID = 2072)
4:54 PM: Found Spy Cookie: atwola cookie
4:54 PM: owner@atwola[1].txt (ID = 2255)
4:54 PM: Found Spy Cookie: banner cookie
4:54 PM: owner@banner[1].txt (ID = 2276)
4:54 PM: Found Spy Cookie: casalemedia cookie
4:54 PM: owner@casalemedia[1].txt (ID = 2354)
4:54 PM: Found Spy Cookie: fastclick cookie
4:54 PM: owner@fastclick[2].txt (ID = 2651)
4:54 PM: Found Spy Cookie: realmedia cookie
4:54 PM: owner@realmedia[1].txt (ID = 3235)
4:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:54 PM: Starting File Sweep
5:15 PM: File Sweep Complete, Elapsed Time: 00:20:48
5:15 PM: Full Sweep has completed. Elapsed time 00:26:01
5:15 PM: Traces Found: 32
********
4:05 PM: | Start of Session, Sunday, January 08, 2006 |
4:05 PM: Spy Sweeper started
4:05 PM: Sweep initiated using definitions version 597
4:05 PM: Found Trojan Horse: trojan-downloader-2pursuit
4:05 PM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\inprocserver32\ (2 subtraces) (ID = 1098696)
4:05 PM: browsela.dll (ID = 1098696)
4:05 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ || dllname (ID = 1098846)
4:05 PM: browsela.dll (ID = 1098846)
4:05 PM: Starting Memory Sweep
4:07 PM: Memory Sweep Complete, Elapsed Time: 00:01:33
4:07 PM: Starting Registry Sweep
4:07 PM: Found Adware: multidial
4:07 PM: HKCR\dialerr.dialerr\ (3 subtraces) (ID = 135344)
4:07 PM: HKLM\software\classes\dialerr.dialerr\ (3 subtraces) (ID = 135355)
4:07 PM: Found Trojan Horse: trojan-dnschanger
4:07 PM: HKLM\software\microsoft\windows\currentversion\run\ || yaemu.exe (ID = 144229)
4:07 PM: HKCR\dialerr.dialerr.1\ (3 subtraces) (ID = 661961)
4:07 PM: HKCR\icwconn.apprentice\ (5 subtraces) (ID = 661963)
4:07 PM: HKCR\icwconn.gifconvert\ (5 subtraces) (ID = 661968)
4:07 PM: HKCR\icwconn.ispdata\ (5 subtraces) (ID = 661973)
4:07 PM: HKCR\icwconn.walker\ (5 subtraces) (ID = 661978)
4:07 PM: HKCR\icwconn.webview\ (5 subtraces) (ID = 661983)
4:07 PM: HKCR\icwsystemconfig.icwsystemconfig\ (3 subtraces) (ID = 661988)
4:07 PM: HKCR\inshandler.inshandler\ (3 subtraces) (ID = 661992)
4:07 PM: HKCR\refdial.refdial\ (3 subtraces) (ID = 661996)
4:07 PM: HKCR\smartstart.smartstart\ (3 subtraces) (ID = 662000)
4:07 PM: HKCR\tapilocationinfo.tapilocationinfo\ (3 subtraces) (ID = 662004)
4:07 PM: HKCR\userinfo.userinfo\ (3 subtraces) (ID = 662008)
4:07 PM: HKCR\webgate.webgate\ (3 subtraces) (ID = 662012)
4:07 PM: HKCR\clsid\{462f7758-8848-11d1-add8-0000f87734f0}\control\ (ID = 662065)
4:07 PM: HKLM\software\classes\dialerr.dialerr.1\ (3 subtraces) (ID = 662143)
4:07 PM: Found Adware: security2k hijacker
4:07 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
4:07 PM: Found Trojan Horse: trojan-downloader-silly
4:07 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {203b1c4d9-bc71-8916-38ad-9dea5d213614} (ID = 867140)
4:07 PM: Found Adware: psguard
4:07 PM: HKCR\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}\ (6 subtraces) (ID = 1034913)
4:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ (2 subtraces) (ID = 1035010)
4:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || displayname (ID = 1035011)
4:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || uninstallstring (ID = 1035012)
4:07 PM: HKLM\software\classes\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}\ (6 subtraces) (ID = 1035080)
4:07 PM: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094393)
4:07 PM: HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\ (5 subtraces) (ID = 1094538)
4:07 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)
4:07 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\browsela\ (10 subtraces) (ID = 1094567)
4:07 PM: Found Adware: spyaxe fakealert
4:07 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {a2c8f6b1-7c2a-3d1c-a3c6-a1fda113b43f} (ID = 1099807)
4:07 PM: Found Adware: coolwebsearch (cws)
4:07 PM: HKU\WRSS_Profile_S-1-5-21-567519245-1751928096-2473643294-501\software\microsoft\windows\currentversion\run\ || quicktime task (ID = 112405)
4:07 PM: Found Adware: ist software
4:07 PM: HKU\WRSS_Profile_S-1-5-21-567519245-1751928096-2473643294-501\software\ist\ (1 subtraces) (ID = 129108)
4:07 PM: Found Trojan Horse: trojan-backdoor-dimenoc
4:07 PM: HKU\WRSS_Profile_S-1-5-21-567519245-1751928096-2473643294-501\software\microsoft\windows\currentversion\run\ || windowsupdate (ID = 144084)
4:07 PM: Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
4:07 PM: HKU\WRSS_Profile_S-1-5-21-567519245-1751928096-2473643294-501\software\microsoft\windows\currentversion\run\ || windowsupdatent (ID = 971354)
4:07 PM: Found Adware: ist sidefind
4:07 PM: HKU\S-1-5-21-567519245-1751928096-2473643294-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
4:07 PM: HKU\S-1-5-21-567519245-1751928096-2473643294-1003\software\classes\clsid\{203b1c4d9-bc71-8916-38ad-9dea5d213614}\ (3 subtraces) (ID = 144755)
4:07 PM: Found Adware: spysheriff
4:07 PM: HKU\S-1-5-21-567519245-1751928096-2473643294-1003\software\sno2\ (ID = 782236)
4:07 PM: Found Trojan Horse: trojan-backdoor-satellite
4:07 PM: HKU\S-1-5-21-567519245-1751928096-2473643294-1003\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
4:07 PM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
4:07 PM: Registry Sweep Complete, Elapsed Time:00:00:33
4:08 PM: Starting Cookie Sweep
4:08 PM: Found Spy Cookie: 2o7.net cookie
4:08 PM: owner@2o7[2].txt (ID = 1957)
4:08 PM: Found Spy Cookie: yieldmanager cookie
4:08 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
4:08 PM: Found Spy Cookie: adknowledge cookie
4:08 PM: owner@adknowledge[1].txt (ID = 2072)
4:08 PM: Found Spy Cookie: adrevolver cookie
4:08 PM: owner@adrevolver[2].txt (ID = 2088)
4:08 PM: owner@adrevolver[3].txt (ID = 2088)
4:08 PM: Found Spy Cookie: adserver cookie
4:08 PM: owner@adserver[1].txt (ID = 2141)
4:08 PM: Found Spy Cookie: atwola cookie
4:08 PM: owner@atwola[1].txt (ID = 2255)
4:08 PM: Found Spy Cookie: banner cookie
4:08 PM: owner@banner[1].txt (ID = 2276)
4:08 PM: Found Spy Cookie: casalemedia cookie
4:08 PM: owner@casalemedia[1].txt (ID = 2354)
4:08 PM: Found Spy Cookie: realmedia cookie
4:08 PM: owner@realmedia[1].txt (ID = 3235)
4:08 PM: Found Spy Cookie: zedo cookie
4:08 PM: owner@zedo[2].txt (ID = 3762)
4:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:08 PM: Starting File Sweep
4:08 PM: c:\program files\security toolbar (1 subtraces) (ID = -2147462697)
4:19 PM: Found Adware: azsearch toolbar
4:19 PM: ztoolbar.xml (ID = 50365)
4:21 PM: uninstall.bat (ID = 202688)
4:23 PM: File Sweep Complete, Elapsed Time: 00:15:12
4:23 PM: Full Sweep has completed. Elapsed time 00:17:31
4:23 PM: Traces Found: 160
4:34 PM: Removal process initiated
4:34 PM: Quarantining All Traces: trojan-downloader-2pursuit
4:35 PM: trojan-downloader-2pursuit is in use. It will be removed on reboot.
4:35 PM: browsela.dll is in use. It will be removed on reboot.
4:35 PM: browsela.dll is in use. It will be removed on reboot.
4:35 PM: Quarantining All Traces: multidial
4:35 PM: Quarantining All Traces: trojan-dnschanger
4:35 PM: Quarantining All Traces: security2k hijacker
4:35 PM: Quarantining All Traces: trojan-downloader-silly
4:35 PM: Quarantining All Traces: psguard
4:35 PM: Quarantining All Traces: spyaxe fakealert
4:35 PM: Quarantining All Traces: coolwebsearch (cws)
4:35 PM: Quarantining All Traces: ist software
4:35 PM: Quarantining All Traces: trojan-backdoor-dimenoc
4:35 PM: Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
4:35 PM: Quarantining All Traces: ist sidefind
4:35 PM: Quarantining All Traces: spysheriff
4:35 PM: Quarantining All Traces: trojan-backdoor-satellite
4:35 PM: Quarantining All Traces: 2o7.net cookie
4:35 PM: Quarantining All Traces: yieldmanager cookie
4:35 PM: Quarantining All Traces: adknowledge cookie
4:35 PM: Quarantining All Traces: adrevolver cookie
4:35 PM: Quarantining All Traces: adserver cookie
4:35 PM: Quarantining All Traces: atwola cookie
4:35 PM: Quarantining All Traces: banner cookie
4:35 PM: Quarantining All Traces: casalemedia cookie
4:35 PM: Quarantining All Traces: realmedia cookie
4:35 PM: Quarantining All Traces: zedo cookie
4:35 PM: Quarantining All Traces: azsearch toolbar
4:40 PM: Preparing to restart your computer. Please wait...
4:40 PM: Removal process completed. Elapsed time 00:05:28
4:48 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 597
4:49 PM: | End of Session, Sunday, January 08, 2006 |
********
1:37 AM: | Start of Session, Sunday, January 08, 2006 |
1:37 AM: Spy Sweeper started
1:39 AM: Your spyware definitions have been updated.
11:01 AM: BHO Shield: found: -- BHO installation denied at user request
4:05 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 597
4:05 PM: | End of Session, Sunday, January 08, 2006 |

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:00:27 PM, 1/8/2006
+ Report-Checksum: 57886A8D

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01} -> Downloader.Delf.aeo : Cleaned without backup
[568] C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\WINDOWS\system32\browsela.dll -> Downloader.Delf.aeo : Cleaned without backup
C:\WINDOWS\system32\mscornet.exe -> Downloader.Zlob.dq : Cleaned without backup


::Report End
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 9th, 2006
0

Re: Please Help Me

Good work; just a little cleanup to do

1. Run HijackThis again and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)


2. Locate and delete the C:\WINDOWS\blank.mht file and empty your Recycle Bin.


3. Reboot, run HJT this one (hopefully) final time, and post the new log.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Jan 9th, 2006
0

Re: Please Help Me

Thank you very much =]

Logfile of HijackThis v1.99.1
Scan saved at 6:08:59 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006
Permalink
Jan 9th, 2006
0

Re: Please Help Me

That's a clean log

Now that your system seems to be back in good order:

1. Flush out your old System Restore points and set a fresh new Restore Point. Explanation and instructions can be found here.

2. Have a read through these threads for further suggestions on protecting and disinfecting your system:

http://www.daniweb.com/techtalkforums/thread27519.html
http://www.daniweb.com/techtalkforums/thread27570.html
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Jan 9th, 2006
0

Re: Please Help Me

Thank You Very Much
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nerdwithnikeson is offline Offline
13 posts
since Jan 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Rundll errors
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Virus Alert! on Taskbar





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC