Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help Me!


  • This topic is locked This topic is locked
4 replies to this topic

#1 cmanuelgc

cmanuelgc

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 16 December 2005 - 03:49 PM

Hi, I'm having trouble starting up my computer. I log on and before it loads my antivirus/firewall, it freezes and I have to restart it only to end up with the same outcome. I started it in safe mode and did system restore and it is okay for now. I still think that something is funny though. Any help would be greatly appreciated. Thank You!

Logfile of HijackThis v1.99.1
Scan saved at 3:44:21 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msupdates.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Manuel\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msupdates] msupdates.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\RunServices: [msupdates] msupdates.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132481205328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEEA1} (TestingCtl Control) - http://esb.alcena.co...arInstaller.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 25 December 2005 - 09:26 AM

Hello Manuel and welcome to TomCoyote forum. While I can not say it is causing your problem, you do have a nasty worm on your computer, read about it here: http://www.sophos.co.../w32rbotjo.html This one is especially nasty as you can see because it compromises your security. I will help you remove it, but you must review the information in the link under all of the tabs and take action to restore a secure computer. This is very, very important.

I would like to do a good cleaning to make sure nothing is hiding as we attempt to remove this worm. I suggest you follow these directions in the posted order:

1) Download, update and run: http://vil.nai.com/vil/stinger/ allow it to remove anything it locates and post the results for me.

2) Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp and please do not run it until I ask you to.

3) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

4) Ewido scan:
Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

The above scans may have removed this trojan, if you do not see it in the balance of the instructions that is good, just be careful not to miss it.

**You are running Microsoft AntiSpyware and SpywareGuard, these programs may block the fix by HJT. If these items are not removed from you log, you will need to turn off (exit) these programs and run HJT again. Remember to activate any protection when you are finished.

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [msupdates] msupdates.exe
O4 - HKLM\..\RunServices: [msupdates] msupdates.exe
(remove the next item unless you are sure it is safe)
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEEA1} (TestingCtl Control) - http://esb.alcena.co...arInstaller.ocx

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\msupdates.exe >>> file

C:\Windows\Prefetch\ >>> delete everything in this folder (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

7) Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do. Then restart the computer and post a new HJT log and the Ewido scan results in this same thread along with any feedback you have. Also include the Stinger information. Let me know how the computer is running now.

Thanks...pskelley
TomCoyote forum
Expert Member

When you are completely finished with the removal procedure and are satisfied that the threat has been removed follow these instructions:
http://service1.syma...src=sec_doc_nam

Edited by pskelley, 25 December 2005 - 09:40 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 cmanuelgc

cmanuelgc

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 26 December 2005 - 05:49 PM

Everything seems to be working fine now. I was wondering what you would recommend for preventing worms like the one I got from installing on my pc. Right now I'm using Zone Alarm Security Suite. Thank you for your time and support. Let me know what else I need to do or if everythin is okay.




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:22:53 PM, 12/26/2005
+ Report-Checksum: 24DCB0FE

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ilsrr3xl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Manuel\Application Data\Azureus\torrents\XPCSpy.Pro.v2.55-TBE\XPCSpy.Pro.v2.55-TBE.rar/XPCSpyPro.exe -> Not-A-Virus.Monitor.Win32.XPCSpy124 : Error during cleaning
:mozilla.38:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Manuel\Application Data\Mozilla\Firefox\Profiles\7nqbtrli.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Manuel\Cookies\manuel@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Manuel\Local Settings\Application Data\Mozilla\Firefox\Profiles\9jtahiy4.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Manuel\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0937A28-E22E-48F8-BC65-A6E17B\0F3F9935-0DBE-4BC2-A8E7-56C49D -> Spyware.ESB : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0937A28-E22E-48F8-BC65-A6E17B\3823D01F-CE0D-413B-9ABD-CD60A4 -> Spyware.ESB : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0937A28-E22E-48F8-BC65-A6E17B\83A4B2E1-D112-467E-82D5-71FDA1 -> Spyware.ESB : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0937A28-E22E-48F8-BC65-A6E17B\D1CDFB97-9053-49C8-9044-EBB821 -> Spyware.SpecialOffers : Cleaned with backup
C:\temp\update.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
C:\WINDOWS\hl2crack.CAB/hl2crack.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
:mozilla.7:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.27:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.28:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.29:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.34:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.35:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.58:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.61:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.62:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.63:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.64:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.80:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.110:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.111:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.112:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.113:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.114:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.115:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.116:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.123:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.136:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.156:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.158:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.159:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.160:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.161:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.162:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.163:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.165:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.166:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.167:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.168:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.169:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.171:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.172:C:\WINDOWS\Mozilla\Firefox\Profiles\t9i2wfua.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\system32\msupdates.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup


::Report End

McAfee AVERT Stinger Version 2.5.9 built on Nov 22 2005

Copyright © 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Nov 22 2005.

Ready to scan for 54 viruses, trojans and variants.



Scan initiated on Mon Dec 26 05:46:59 2005

Number of clean files: 238027



Logfile of HijackThis v1.99.1
Scan saved at 5:44:29 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Manuel\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132481205328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 26 December 2005 - 08:18 PM

Hello Manuel, I hope you read the information about this worm I provided. A hard look at your security is needed and I would suggest changing all passwords. Here is some good information about how these worms spread from McAfee: http://vil.nai.com/v...nt/v_100454.htm I wish to say the information in the links below from the experts is as good advice as I can give.

ewido anti-malware - Scan report Created on: 4:22:53 PM, 12/26/2005

(information about how to control these junk cookies from getting on the computer)
http://privacy.getne...fdisablecookies
http://www.mozilla.o..._priv_help.html

We have a few issues:
C:\Documents and Settings\Manuel\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
I would use search for "WildTangent" and delete anything located.

C:\Program Files\Microsoft AntiSpyware\Quarantine\ <<< clean out the folder
You have junk in the MAS quarantine folder, navigate to that quarantine folder and delete the contents (not the folder)

Logfile of HijackThis v1.99.1 Scan saved at 5:44:29 PM, on 12/26/2005

You HJT log looks clean, good job :thumbup: Don't forget that ewido is a good program but it does use a bunch of resources like any other security suite. Once the trial is over, unless you purchase it, you need to stop it from running. You can still update and use the scanner manually for as long as you wish, you just lose the real time protection you get during the trial.
Since you have a clean log, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

Because this infection may be backed up in System Restore where it could reinfect you if you needed SR for a legitimate reson, follow these directions to get clean System Restore files:
http://service1.syma...src=sec_doc_nam

Safe surfing...Phil

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Edited by pskelley, 26 December 2005 - 08:19 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 29 December 2005 - 10:24 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users