Jump to content


Photo

Invaded by look2me.com and other things


  • Please log in to reply
15 replies to this topic

#1 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 11:58 PM

Get the Error loading C:\windows\bxxs5dll The specified module could not be found. Too many popups. Ran Spyhunter and got rid of a lot of stuff - still way too much out there. Numerous boxes of programs not being able to run - send error report don't send boxes.

Here is my hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 10:31:00 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\RCPrograms\RCSync.exe
C:\Program Files\RCPrograms\v2\prizesurfer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\SahAgent.exe
C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
C:\WINDOWS\System32\IEHost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.Q814033_XP_SP2_5989\Q814033_WXP_SP2_x86_ENU.exe
c:\8452a3bb1588a55efc783a5fe0295178\xpsp1hfm.exe
c:\8452a3bb1588a55efc783a5fe0295178\sp2\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.windowws.cc/sp.htm?id=632
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com.../?search200.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hand-book.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hand-book.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xivodo.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hand-book.com/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wfix.com/pass...com/main/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xivodo.t.rack.cc/hp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\FONTS\fonts.hta
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Jreg] "C:\Program Files\Common Files\Java\Jreg2b.exe"
O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
O4 - HKCU\..\Run: [Ucbr] C:\Documents and Settings\Tracy Enriquez\Application Data\twea.exe
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Isda] C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://ehttp.cc/?
O13 - WWW Prefix: http://ehttp.cc/?
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: Win32 Classes -
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...8106/button.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.co...r1132031209.EXE
O19 - User stylesheet: C:\WINDOWS\my.css (file missing)

Thanks so much for your help! How do I get hijackthis out of the temporary folder? Thanks

#2 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 01 July 2004 - 07:14 AM

Hi, I ran the CWShredder because I knew that Cool Web Search was out there. I also ran all Windows Updates. Took a LONG time to install. When I go back to Windows Update there are no critical updates so I believe that was successful. I know there is a lot more to do! Thanks so very much! Here is my new log:

Logfile of HijackThis v1.97.7
Scan saved at 7:08:49 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\RCPrograms\RCSync.exe
C:\Program Files\RCPrograms\v2\prizesurfer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Tgtf54GV.exe
C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\WINDOWS\System32\Ahm9EO78.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...p://about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe
O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Jreg] "C:\Program Files\Common Files\Java\Jreg2b.exe"
O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\Bin9.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ucbr] C:\Documents and Settings\Tracy Enriquez\Application Data\twea.exe
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Isda] C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abet...8106/button.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.co...r1132031209.EXE

#3 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 02 July 2004 - 10:04 AM

Please download, update and run (one at a time of course!) Spybot and Adaware. You can find links to each of these at the bottom of this post. Fix whatever they suggest.

Also, run this pc through the Panda Online virus scanner. You can also find the link for it at the bottom of this post.

Next, reboot and post a fresh HijackThis log to this thread.


:D

#4 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 July 2004 - 12:58 AM

Thanks meeeeeee! I ran Spybot S&D, Ad-aware, and also did the Panda Online Virus Scanner. Found a lot of spyware (341 items) and 11 viruses that were removed. I was a little surprised because I had run a spyware eliminator and also my virus software right after the problems started. Oh, well. I rebooted and reran the Hijackthis log. Here are the new results:

Logfile of HijackThis v1.97.7
Scan saved at 12:52:51 AM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
C:\WINDOWS\System32\Fqk9O5.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\JgbwxMF.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com...cn/DTMigAdv.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

I look forward to further instructions! Thanks!

#5 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 03 July 2004 - 07:17 AM

Here you go. It looks like a lot, but take it step by step and feel free to ask if you have any problems and/or questions!


Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of osmim.dll and nothing else . Reboot.

***************************************

Next, we need to kill the Peper Trojan that you've picked up.
Download and run the uninstallers for the peper infection.

http://www.memorywat....com/uninst.exe

When you run the uninstaller, you MUST have an internet connection active for it to work.

Please run this twice with a reboot in between.

Then run download and run this one also, you don't need an internet connection for this one.
http://downloads.sub...rg/PeperFix.exe

***************************************

Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe
O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com...cn/DTMigAdv.cab

***************************************

While still in safe mode find and delete the following. Please delete only the files in bold.

C:\PROGRA~1\PILEFA~1\Balm mix meal.exe
C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe
C:\WINNT\fgn.exe
C:\WINDOWS\System32\EqbOv5.exe
C:\WINDOWS\xdim0goef5.exe

***************************************

You need to delete your temp files and cookies:

Goto Start > Settings > Control Panel

Select "Internet Options"

Select "Delete Cookies" and "Delete Files" Make sure you select “delete all offline content.”

It may take some time, so let it. If it seems overly long, walk away and grab a snack. :wink:

***************************************

Now reboot and post a fresh HijackThis log here. There will probably be more cleanup to do.

:)

#6 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 July 2004 - 11:57 AM

Ok - I followed your directions. When I was in safe mode I was only able to select 14 of the 19 items that you mentioned. When I went to delete the five files I recieved messages of either "access denied" or "couldn't be displayed". Is that ok or did I do anything incorrectly?

I did notice on my last restart that I had a new item - a daily horoscope- that wasn't there before. I obviously need to close down some opening. Please let me know where that is after we finalize this monstrous task.

I want to say how much I appreciate your help. Your comment on taking your time, walking away for a while was cool. Shows you have a very kind soul!

I await your next directives!

#7 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 July 2004 - 11:58 AM

Sorry - forgot my latest log!!

Logfile of HijackThis v1.97.7
Scan saved at 11:46:02 AM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\My Daily Horoscope\MyDailyHoroscope.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [3fG2e] C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#8 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 03 July 2004 - 01:23 PM

Good job! You got rid of a bunch of stuff, but we still have some ick left to clean up.

***************************************

http://downloads.sub...g/Newuninst.exe
http://tools.zerosrealm.com/uninst.exe
http://downloads.sub...rg/PeperFix.exe

Download and run all three of these to see if one can kill your Peper trojan. Run them all a few times and if any ask, let them connect to the internet through any software firewalls you have. You will know Peper is dead when this line no longer shows up in your log:
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

You may want to try them in safe mode (only the two that don't need to connect to the internet though!)
***************************************

Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com...B_PVER}&ar=home
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [3fG2e] C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe
O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

Find and delete the following:
C:\Program Files\VBouncer\ << the whole folder and everything in it
C:\PROGRA~1\MYDAIL~1<< the whole folder and everything in it
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe

***************************************

Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft..../software/free/ . Let it fix whatever it wants to.

***************************************

Next, reboot and let's see a fresh HijackThis log.

:)

#9 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 July 2004 - 02:27 PM

Question for you meeeeeee. The three downloads for the peper virus. The first one doesn't complete when I run it. The blue bar only goes half way across and then it closes. The Peper one finds no items (it did the first time). And the last one uninstalls the first one. Am I confused? I still see that item in my hijackthis log. I haven't rebooted yet. Please advise!

#10 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 July 2004 - 09:13 PM

Hi. Things are looking a lot better. I appear to be clear of those annoying popups. That is definately progress! I still have the peper trojan line (...Sek6Mto.exe)

Was finally able to fix in hijackthis those seven items. My first two scans didn't have those items. Odd. But this last time they all appeared. Never been so happy to check something in my life.

Ran A2 - it deleted 11 malware items.

I await further instructions!

Logfile of HijackThis v1.97.7
Scan saved at 9:08:28 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Malware Removal\a2\a2guard.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [a²] "C:\Malware Removal\a2\a2guard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#11 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 03 July 2004 - 09:48 PM

Other than that pesky peper it look good. Let's try the manual uninstall procedure on that one. It's been getting harder and harder to remove with the programs lately!

Try the manual removal instructions here: http://www.kephyr.co...jan/index.phtml

Other than that you're doing great!

:)

#12 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 04 July 2004 - 11:05 PM

Hey meeeeee! Hope you had a great fourth! I ran the manual instructions to remove the peper trojan. I hope it looks better! Things are so much better on my computer. Take a peek!

Logfile of HijackThis v1.97.7
Scan saved at 11:02:05 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Malware Removal\a2\a2guard.exe
C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [a²] "C:\Malware Removal\a2\a2guard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1083715472615
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7865.4602430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#13 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 05 July 2004 - 07:08 AM

Looks wonderful! Could you do one more thing to make sure all is well?

Download VX2Finder from this link:
http://www.downloads...g/VX2Finder.exe


Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Copy and paste the contents of the log into your next reply here.

:)

#14 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 July 2004 - 08:03 PM

Here is that log:

Log for VX2.BetterInternet File Finder

Files Found---


Guardian Key--- is called:

User Agent String---
{2E9B3406-1B65-423B-9158-EBB7EB767170}


Let me know what that means!

#15 meeeeeee

meeeeeee

    Member

  • Helper
  • Pip
  • 86 posts

Posted 05 July 2004 - 08:09 PM

It means all is well with your pc! Happy surfing!

Read this: http://boards.cexx.o...topic.php?t=957

It will help you learn how NOT to let this happen again.

:)

#16 Tray2364

Tray2364

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 July 2004 - 09:52 PM

Thanks for all your help! I have done all the steps in that note to not let this happen again!

You have one more satisfied customer!

Thanks meeeeeee!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button