Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need Help Removing Virtumondo.C

Started by gofishingguys , Jan 13 2006 02:57 AM

  • This topic is locked This topic is locked
6 replies to this topic

#1 gofishingguys

gofishingguys

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 13 January 2006 - 02:57 AM

I recently downloaded and ran Microsoft Anti-Spyware and set it to update and scan daily. Each scan brings the same results - virtumondo.c is located in the H-KEY registry. I go through the removal process and restart, but virtumondo.c remains the next time I scan. It's driving me nuts! Any assistance would be GREATLY appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:47:44 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\Wanda Guy\Local Settings\Apps\2.0\3JRO1ND3.9K5

\DEYRBT5O.1NB\kelo..tion_568abed66c69fbf3_0001.0001_238b2cee33e6fa8e\KeloDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\WANDAG~1\LOCALS~1\Temp\Temporary Directory 1 for

hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanda Guy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -

C:\WINDOWS\system32\ssqqr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"

/STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common

Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [KelolandDesktop.exe] C:\Documents and Settings\Wanda Guy\Local

Settings\Apps\2.0\3JRO1ND3.9K5

\DEYRBT5O.1NB\kelo..tion_568abed66c69fbf3_0001.0001_238b2cee33e6fa8e\KeloDesktop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base

Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {5FA91BF0-39F1-11D3-8093-0060080A776C} (FileDrop Class) -

http://pacific.photo...oads/upload.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} -

http://sms.napster.c.../npdownload.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) -

http://www.samsphoto...ploadClient.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} -

http://pdf.forbes.co...oaderSigned.cab
O20 - Winlogon Notify: ssqqr - C:\WINDOWS\system32\ssqqr.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program

Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 13 January 2006 - 09:52 PM

STEP 1.
======
SpySweeper
Please download http://www.webroot.c...ode=af1&rc=3597
(It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
STEP 2.
======
Download Ewido
  • Download and install Ewido Security Suite It is a free trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


STEP 5.
======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

STEP 6.
======

Please do an onlione scan here http://housecall.trendmicro.com/ and allow it to clean/remove what it finds.


Please post the results from SpySweeper, ewido and a new hijackthis log.

Also please open notepad and clcick on options and then make sure wordwrap is uncheked before you post the new log.

#3 gofishingguys

gofishingguys

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 January 2006 - 12:22 PM

I completed the recommended steps....here are the results you requested.


SpySweeper Log
********
5:57 AM: | Start of Session, Saturday, January 14, 2006 |
5:57 AM: Spy Sweeper started
5:57 AM: Sweep initiated using definitions version 601
5:57 AM: Starting Memory Sweep
5:59 AM: Found Adware: virtumonde
5:59 AM: Detected running threat: C:\WINDOWS\system32\ssqqr.dll (ID = 77)
6:11 AM: Memory Sweep Complete, Elapsed Time: 00:13:58
6:11 AM: Starting Registry Sweep
6:12 AM: Found Adware: delfin
6:12 AM: HKLM\software\dsi\ (2 subtraces) (ID = 124852)
6:12 AM: Found Adware: wild media - minigolf
6:12 AM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062)
6:12 AM: Found Adware: netratings
6:12 AM: HKCR\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135917)
6:12 AM: HKCR\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135918)
6:12 AM: HKCR\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135919)
6:12 AM: HKLM\software\classes\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135921)
6:12 AM: HKLM\software\classes\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135922)
6:12 AM: HKLM\software\classes\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135923)
6:12 AM: HKLM\software\classes\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135925)
6:12 AM: HKCR\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135929)
6:12 AM: Found Adware: websearch toolbar
6:12 AM: HKLM\software\microsoft\windows\currentversion\installer\userdata\sto\ (1 subtraces) (ID = 146480)
6:12 AM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
6:12 AM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
6:12 AM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
6:12 AM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
6:12 AM: HKCR\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954591)
6:12 AM: HKLM\software\classes\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954593)
6:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (ID = 954595)
6:12 AM: Found Adware: cws_cassandra
6:12 AM: HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\software\microsoft\internet explorer\main\ || hpded (ID = 117048)
6:12 AM: HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\software\microsoft\internet explorer\main\ || spded (ID = 117049)
6:12 AM: Found Adware: ie driver
6:12 AM: HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
6:12 AM: Found Adware: sidesearch
6:12 AM: HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
6:12 AM: Registry Sweep Complete, Elapsed Time:00:01:08
6:13 AM: Starting Cookie Sweep
6:13 AM: Found Spy Cookie: 2o7.net cookie
6:13 AM: wanda guy@2o7[2].txt (ID = 1957)
6:13 AM: Found Spy Cookie: yieldmanager cookie
6:13 AM: wanda guy@ad.yieldmanager[2].txt (ID = 3751)
6:13 AM: Found Spy Cookie: specificclick.com cookie
6:13 AM: wanda guy@adopt.specificclick[2].txt (ID = 3400)
6:13 AM: Found Spy Cookie: adrevolver cookie
6:13 AM: wanda guy@adrevolver[2].txt (ID = 2088)
6:13 AM: wanda guy@adrevolver[3].txt (ID = 2088)
6:13 AM: Found Spy Cookie: addynamix cookie
6:13 AM: wanda guy@ads.addynamix[1].txt (ID = 2062)
6:13 AM: Found Spy Cookie: ads.adsag cookie
6:13 AM: wanda guy@ads.adsag[1].txt (ID = 2108)
6:13 AM: Found Spy Cookie: pointroll cookie
6:13 AM: wanda guy@ads.pointroll[2].txt (ID = 3148)
6:13 AM: Found Spy Cookie: apmebf cookie
6:13 AM: wanda guy@apmebf[1].txt (ID = 2229)
6:13 AM: Found Spy Cookie: belnk cookie
6:13 AM: wanda guy@belnk[1].txt (ID = 2292)
6:13 AM: Found Spy Cookie: bluestreak cookie
6:13 AM: wanda guy@bluestreak[1].txt (ID = 2314)
6:13 AM: Found Spy Cookie: bravenet cookie
6:13 AM: wanda guy@bravenet[1].txt (ID = 2322)
6:13 AM: Found Spy Cookie: casalemedia cookie
6:13 AM: wanda guy@casalemedia[1].txt (ID = 2354)
6:13 AM: Found Spy Cookie: centrport net cookie
6:13 AM: wanda guy@centrport[1].txt (ID = 2374)
6:13 AM: Found Spy Cookie: dealtime cookie
6:13 AM: wanda guy@dealtime[2].txt (ID = 2505)
6:13 AM: wanda guy@dist.belnk[2].txt (ID = 2293)
6:13 AM: Found Spy Cookie: ru4 cookie
6:13 AM: wanda guy@edge.ru4[2].txt (ID = 3269)
6:13 AM: Found Spy Cookie: go.com cookie
6:13 AM: wanda guy@espn.go[1].txt (ID = 2729)
6:13 AM: wanda guy@go[1].txt (ID = 2728)
6:13 AM: wanda guy@insider.espn.go[1].txt (ID = 2729)
6:13 AM: Found Spy Cookie: questionmarket cookie
6:13 AM: wanda guy@questionmarket[1].txt (ID = 3217)
6:13 AM: wanda guy@rsi.espn.go[1].txt (ID = 2729)
6:13 AM: Found Spy Cookie: serving-sys cookie
6:13 AM: wanda guy@serving-sys[2].txt (ID = 3343)
6:13 AM: wanda guy@sports-att.espn.go[1].txt (ID = 2729)
6:13 AM: wanda guy@sports.espn.go[2].txt (ID = 2729)
6:13 AM: wanda guy@stat.dealtime[2].txt (ID = 2506)
6:13 AM: Found Spy Cookie: statcounter cookie
6:13 AM: wanda guy@statcounter[1].txt (ID = 3447)
6:13 AM: Found Spy Cookie: tribalfusion cookie
6:13 AM: wanda guy@tribalfusion[1].txt (ID = 3589)
6:13 AM: Found Spy Cookie: web-stat cookie
6:13 AM: wanda guy@web-stat[2].txt (ID = 3648)
6:13 AM: Found Spy Cookie: zedo cookie
6:13 AM: wanda guy@zedo[2].txt (ID = 3762)
6:13 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
6:13 AM: Starting File Sweep
6:13 AM: Found Adware: exact searchbar
6:13 AM: c:\program files\exact (ID = -2147481023)
6:25 AM: Found Adware: winantispyware 2005
6:25 AM: winfixerscannerinstall[1].exe (ID = 212545)
7:06 AM: Found Adware: moneytree
7:06 AM: nem216.dll (ID = 70084)
7:06 AM: Found Adware: xpehbam dialer
7:06 AM: seksdialer.exe (ID = 90847)
7:06 AM: Found Adware: directrevenue-abetterinternet
7:06 AM: susp.inf (ID = 83526)
7:06 AM: File Sweep Complete, Elapsed Time: 00:53:42
7:06 AM: Full Sweep has completed. Elapsed time 01:08:44
7:06 AM: Traces Found: 168
7:07 AM: Removal process initiated
7:08 AM: Quarantining All Traces: cws_cassandra
7:08 AM: Quarantining All Traces: directrevenue-abetterinternet
7:08 AM: Quarantining All Traces: ie driver
7:08 AM: Quarantining All Traces: virtumonde
7:08 AM: virtumonde is in use. It will be removed on reboot.
7:08 AM: C:\WINDOWS\system32\ssqqr.dll is in use. It will be removed on reboot.
7:08 AM: Quarantining All Traces: websearch toolbar
7:08 AM: Quarantining All Traces: delfin
7:08 AM: Quarantining All Traces: sidesearch
7:08 AM: Quarantining All Traces: exact searchbar
7:08 AM: Quarantining All Traces: moneytree
7:08 AM: Quarantining All Traces: netratings
7:08 AM: Quarantining All Traces: wild media - minigolf
7:08 AM: Quarantining All Traces: xpehbam dialer
7:08 AM: Quarantining All Traces: 2o7.net cookie
7:08 AM: Quarantining All Traces: addynamix cookie
7:08 AM: Quarantining All Traces: adrevolver cookie
7:08 AM: Quarantining All Traces: ads.adsag cookie
7:08 AM: Quarantining All Traces: apmebf cookie
7:08 AM: Quarantining All Traces: belnk cookie
7:08 AM: Quarantining All Traces: bluestreak cookie
7:08 AM: Quarantining All Traces: bravenet cookie
7:08 AM: Quarantining All Traces: casalemedia cookie
7:08 AM: Quarantining All Traces: centrport net cookie
7:08 AM: Quarantining All Traces: dealtime cookie
7:08 AM: Quarantining All Traces: go.com cookie
7:08 AM: Quarantining All Traces: pointroll cookie
7:08 AM: Quarantining All Traces: questionmarket cookie
7:08 AM: Quarantining All Traces: ru4 cookie
7:08 AM: Quarantining All Traces: serving-sys cookie
7:08 AM: Quarantining All Traces: specificclick.com cookie
7:08 AM: Quarantining All Traces: statcounter cookie
7:08 AM: Quarantining All Traces: tribalfusion cookie
7:08 AM: Quarantining All Traces: web-stat cookie
7:08 AM: Quarantining All Traces: winantispyware 2005
7:08 AM: Quarantining All Traces: yieldmanager cookie
7:08 AM: Quarantining All Traces: zedo cookie
7:09 AM: Preparing to restart your computer. Please wait...
7:09 AM: Removal process completed. Elapsed time 00:01:53
********
5:53 AM: | Start of Session, Saturday, January 14, 2006 |
5:53 AM: Spy Sweeper started
5:57 AM: | End of Session, Saturday, January 14, 2006 |



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:55:05 AM, 1/14/2006
+ Report-Checksum: F0EB0B8F

+ Scan result:

HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41D13E9A-BB94-402A-8502-AFA78526B63D} -> Spyware.i-Lookup : Cleaned with backup
HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1597234714-4036164967-2552189465-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C886256C-7A63-4213-AD2F-02AD3735DF06} -> Spyware.HotBar : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Wanda Guy\Application Data\Mozilla\Firefox\Profiles\41hb56uh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wfkogmcjgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wfkogoajibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wjligjc5kep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wjlyenczwcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wjlyogc5okp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wjmyghcpglp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Cookies\wanda guy@e-2dj6wjmyqhazilq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Wanda Guy\Local Settings\Temp\Cookies\wanda guy@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Lycos\ss_IGN1_setup.exe -> Spyware.Sidesearch.d : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 12:15:15 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\DOCUME~1\WANDAG~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanda Guy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [KelolandDesktop.exe] C:\Documents and Settings\Wanda Guy\Local Settings\Apps\2.0\3JRO1ND3.9K5\DEYRBT5O.1NB\kelo..tion_568abed66c69fbf3_0001.0001_238b2cee33e6fa8e\KeloDesktop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {5FA91BF0-39F1-11D3-8093-0060080A776C} (FileDrop Class) - http://pacific.photo...oads/upload.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.c.../npdownload.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.samsphoto...ploadClient.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.co...oaderSigned.cab
O20 - Winlogon Notify: ssqqr - C:\WINDOWS\system32\ssqqr.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 15 January 2006 - 12:54 AM

Scan with hijackthis and put a heck beside these lines and choose FIX

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

O20 - Winlogon Notify: ssqqr - C:\WINDOWS\system32\ssqqr.dll (file missing)

Then reboot and a new hijackthis log pleae. How is it running after the reboot?

#5 gofishingguys

gofishingguys

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 15 January 2006 - 07:38 AM

Siggyx - Ran the HJT, "fixed" the indicated items, now the computer is running much faster and more efficiently. Here's the new log after the "fix" and the reboot...

Logfile of HijackThis v1.99.1
Scan saved at 7:29:31 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\DOCUME~1\WANDAG~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanda Guy
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [KelolandDesktop.exe] C:\Documents and Settings\Wanda Guy\Local Settings\Apps\2.0\3JRO1ND3.9K5\DEYRBT5O.1NB\kelo..tion_568abed66c69fbf3_0001.0001_238b2cee33e6fa8e\KeloDesktop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.samsphoto...ploadClient.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 15 January 2006 - 12:29 PM

Looks good,

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

f you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. In my signature below is also a tutorial on how to harden IE, a good read and very helpful to stop these things in the future. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.

Safe Surfing. :D

#7 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 15 January 2006 - 12:29 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·