• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
Tray2364

Invaded by look2me.com and other things

16 posts in this topic

Get the Error loading C:\windows\bxxs5dll The specified module could not be found. Too many popups. Ran Spyhunter and got rid of a lot of stuff - still way too much out there. Numerous boxes of programs not being able to run - send error report don't send boxes.

 

Here is my hijackthis log

 

Logfile of HijackThis v1.97.7

Scan saved at 10:31:00 PM, on 6/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\RCPrograms\RCSync.exe

C:\Program Files\RCPrograms\v2\prizesurfer.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\System32\SahAgent.exe

C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe

C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

C:\WINDOWS\System32\IEHost.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe

C:\WINDOWS\System32\NDrv.exe

C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\AdDestroyer\AdDestroyer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\MsiExec.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\MSN\MSNCoreFiles\msn.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

C:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\com_microsoft.Q814033_XP_SP2_5989\Q814033_WXP_SP2_x86_ENU.exe

c:\8452a3bb1588a55efc783a5fe0295178\xpsp1hfm.exe

c:\8452a3bb1588a55efc783a5fe0295178\sp2\update\update.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.windowws.cc/sp.htm?id=632

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm.../?search200.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hand-book.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hand-book.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xivodo.t.rack.cc/hp.php (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hand-book.com/search/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://wfix.com/passthrough/index.html?htt...com/main/hp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xivodo.t.rack.cc/hp.php (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50064

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.hand-book.com/search/

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [sys] regedit -s sys.reg

O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe

O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\FONTS\fonts.hta

O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"

O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe

O4 - HKLM\..\Run: [Jreg] "C:\Program Files\Common Files\Java\Jreg2b.exe"

O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe

O4 - HKCU\..\Run: [ucbr] C:\Documents and Settings\Tracy Enriquez\Application Data\twea.exe

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - HKCU\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [isda] C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm

O9 - Extra button: Sidesearch (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix: http://ehttp.cc/?

O13 - WWW Prefix: http://ehttp.cc/?

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: Win32 Classes -

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...8106/button.cab

O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.com/bannerfarm/47309/Bun...r1132031209.EXE

O19 - User stylesheet: C:\WINDOWS\my.css (file missing)

 

Thanks so much for your help! How do I get hijackthis out of the temporary folder? Thanks

Share this post


Link to post
Share on other sites

Hi, I ran the CWShredder because I knew that Cool Web Search was out there. I also ran all Windows Updates. Took a LONG time to install. When I go back to Windows Update there are no critical updates so I believe that was successful. I know there is a lot more to do! Thanks so very much! Here is my new log:

 

Logfile of HijackThis v1.97.7

Scan saved at 7:08:49 AM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\RCPrograms\RCSync.exe

C:\Program Files\RCPrograms\v2\prizesurfer.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\System32\SahAgent.exe

C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe

C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

C:\WINDOWS\System32\IEHost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\Tgtf54GV.exe

C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe

C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\AdDestroyer\AdDestroyer.exe

C:\WINDOWS\System32\Ahm9EO78.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...p://about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50064

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O1 - Hosts: 69.20.16.183 ieautosearch

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll (file missing)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [RCSync] C:\Program Files\RCPrograms\RCSync.exe

O4 - HKLM\..\Run: [PrizeSurfer] C:\Program Files\RCPrograms\v2\prizesurfer.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"

O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe

O4 - HKLM\..\Run: [Jreg] "C:\Program Files\Common Files\Java\Jreg2b.exe"

O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\Bin9.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ucbr] C:\Documents and Settings\Tracy Enriquez\Application Data\twea.exe

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [isda] C:\Documents and Settings\Tracy Enriquez\Application Data\soma.exe

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm

O9 - Extra button: Sidesearch (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...8106/button.cab

O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://cdn2.adsdk.com/bannerfarm/47309/Bun...r1132031209.EXE

Share this post


Link to post
Share on other sites

Please download, update and run (one at a time of course!) Spybot and Adaware. You can find links to each of these at the bottom of this post. Fix whatever they suggest.

 

Also, run this pc through the Panda Online virus scanner. You can also find the link for it at the bottom of this post.

 

Next, reboot and post a fresh HijackThis log to this thread.

 

 

:D

Share this post


Link to post
Share on other sites

Thanks meeeeeee! I ran Spybot S&D, Ad-aware, and also did the Panda Online Virus Scanner. Found a lot of spyware (341 items) and 11 viruses that were removed. I was a little surprised because I had run a spyware eliminator and also my virus software right after the problems started. Oh, well. I rebooted and reran the Hijackthis log. Here are the new results:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:52:51 AM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

C:\WINDOWS\System32\Fqk9O5.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\System32\JgbwxMF.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - Default URLSearchHook is missing

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com/hpadvisorcn/DTMigAdv.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

I look forward to further instructions! Thanks!

Share this post


Link to post
Share on other sites

Here you go. It looks like a lot, but take it step by step and feel free to ask if you have any problems and/or questions!

 

 

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of osmim.dll and nothing else . Reboot.

 

***************************************

 

Next, we need to kill the Peper Trojan that you've picked up.

Download and run the uninstallers for the peper infection.

 

http://www.memorywatcher.com/uninst.exe

 

When you run the uninstaller, you MUST have an internet connection active for it to work.

 

Please run this twice with a reboot in between.

 

Then run download and run this one also, you don't need an internet connection for this one.

http://downloads.subratam.org/PeperFix.exe

 

***************************************

 

Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...B_PVER}&ar=home

R3 - Default URLSearchHook is missing

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O3 - Toolbar: Cool Cake - {4C854332-9A86-02C5-3E20-6AABBD781F96} - C:\PROGRA~1\CASHUP~1\bind gram.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [send peak] C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

O4 - HKLM\..\Run: [3fG2e] C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

O4 - HKLM\..\Run: [fgn] C:\WINNT\fgn.exe

O4 - HKLM\..\Run: [2HS@X8F4MC2TSN] C:\WINDOWS\System32\EqbOv5.exe

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com/hpadvisorcn/DTMigAdv.cab

 

***************************************

 

While still in safe mode find and delete the following. Please delete only the files in bold.

 

C:\PROGRA~1\PILEFA~1\Balm mix meal.exe

C:\documents and settings\tracy enriquez\local settings\temp\3fG2e.exe

C:\WINNT\fgn.exe

C:\WINDOWS\System32\EqbOv5.exe

C:\WINDOWS\xdim0goef5.exe

 

***************************************

 

You need to delete your temp files and cookies:

 

Goto Start > Settings > Control Panel

 

Select "Internet Options"

 

Select "Delete Cookies" and "Delete Files" Make sure you select “delete all offline content.”

 

It may take some time, so let it. If it seems overly long, walk away and grab a snack. :wink:

 

***************************************

 

Now reboot and post a fresh HijackThis log here. There will probably be more cleanup to do.

 

:)

Share this post


Link to post
Share on other sites

Ok - I followed your directions. When I was in safe mode I was only able to select 14 of the 19 items that you mentioned. When I went to delete the five files I recieved messages of either "access denied" or "couldn't be displayed". Is that ok or did I do anything incorrectly?

 

I did notice on my last restart that I had a new item - a daily horoscope- that wasn't there before. I obviously need to close down some opening. Please let me know where that is after we finalize this monstrous task.

 

I want to say how much I appreciate your help. Your comment on taking your time, walking away for a while was cool. Shows you have a very kind soul!

 

I await your next directives!

Share this post


Link to post
Share on other sites

Sorry - forgot my latest log!!

 

Logfile of HijackThis v1.97.7

Scan saved at 11:46:02 AM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE

C:\Program Files\My Daily Horoscope\MyDailyHoroscope.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [3fG2e] C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Good job! You got rid of a bunch of stuff, but we still have some ick left to clean up.

 

***************************************

 

http://downloads.subratam.org/Newuninst.exe

http://tools.zerosrealm.com/uninst.exe

http://downloads.subratam.org/PeperFix.exe

 

Download and run all three of these to see if one can kill your Peper trojan. Run them all a few times and if any ask, let them connect to the internet through any software firewalls you have. You will know Peper is dead when this line no longer shows up in your log:

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

 

You may want to try them in safe mode (only the two that don't need to connect to the internet though!)

***************************************

 

Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...B_PVER}&ar=home

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [3fG2e] C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe

O4 - HKCU\..\Run: [44ytu9eez4] C:\WINDOWS\xdim0goef5.exe

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

 

Find and delete the following:

C:\Program Files\VBouncer\ << the whole folder and everything in it

C:\PROGRA~1\MYDAIL~1<< the whole folder and everything in it

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\3fG2e.exe

 

***************************************

 

Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.

 

***************************************

 

Next, reboot and let's see a fresh HijackThis log.

 

:)

Share this post


Link to post
Share on other sites

Question for you meeeeeee. The three downloads for the peper virus. The first one doesn't complete when I run it. The blue bar only goes half way across and then it closes. The Peper one finds no items (it did the first time). And the last one uninstalls the first one. Am I confused? I still see that item in my hijackthis log. I haven't rebooted yet. Please advise!

Share this post


Link to post
Share on other sites

Hi. Things are looking a lot better. I appear to be clear of those annoying popups. That is definately progress! I still have the peper trojan line (...Sek6Mto.exe)

 

Was finally able to fix in hijackthis those seven items. My first two scans didn't have those items. Odd. But this last time they all appeared. Never been so happy to check something in my life.

 

Ran A2 - it deleted 11 malware items.

 

I await further instructions!

 

Logfile of HijackThis v1.97.7

Scan saved at 9:08:28 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Malware Removal\a2\a2guard.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [3FJB6FH2XG3MKT] C:\WINDOWS\System32\Sek6Mto.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [a²] "C:\Malware Removal\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hey meeeeee! Hope you had a great fourth! I ran the manual instructions to remove the peper trojan. I hope it looks better! Things are so much better on my computer. Take a peek!

 

Logfile of HijackThis v1.97.7

Scan saved at 11:02:05 PM, on 7/4/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Malware Removal\a2\a2guard.exe

C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Tracy Enriquez\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [a²] "C:\Malware Removal\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Global Startup: MyCorkboard.lnk = C:\Program Files\Corkboard\CORK.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Privacy Bar (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1083715472615

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7865.4602430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Here is that log:

 

Log for VX2.BetterInternet File Finder

 

Files Found---

 

 

Guardian Key--- is called:

 

User Agent String---

{2E9B3406-1B65-423B-9158-EBB7EB767170}

 

 

Let me know what that means!

Share this post


Link to post
Share on other sites

Thanks for all your help! I have done all the steps in that note to not let this happen again!

 

You have one more satisfied customer!

 

Thanks meeeeeee!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0