13 replies to this topic

[dangedcoyote]

Ok so now that I am good to go on my main computer I was worried about my secondary computer and thought I should get some help here for it as well. I have done the spy-bot s&d all updates included as well as AdAware. Here are my logs. Please help me fix anything I need to. ( or tell me good news)

Logfile of HijackThis v1.99.1
Scan saved at 10:25:16 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:42:12 PM, 2/18/2006
+ Report-Checksum: F77E75E0

+ Scan result:

C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@e-2dj6wjnygidzsdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\catspack\Application Data\Earthlink\6.0\catspaw05@earthlink.net\Cookies\catspack@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@e-2dj6wjlokjcjshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@microsoftwga.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\catspack\Cookies\catspack@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0018294.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0018296.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned with backup


::Report End
Thank you for the help

[LDTate]

Welcome back,

Your HJT log looks good except you need to update your Java.

Be sure to keep SunJava, updated

In Add/Remove programs click on these and press *remove* if listed:
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE


It is important to remove older versions as these are the ones with the holes in them. You will be surprised when you go to add/remove to see all of the versions sitting there.

Download Newest >>>> http://www.java.com/...nload/index.jsp

Once installed you can test to see that it is in fact installed >>>>

Sun Java Test


Sun Microsystems has fixed five security bugs in Java that expose computers running Linux, Solaris and Windows to hacker attack.

[dangedcoyote]

Thank you for the quick attention. I went into add remove and got rid of JAVA2 runtime environment SE v1.4.2_03 this was the omly one I did see. Should I have seen more? I have not added the one you told me to get for fear I might have missed an older version and as you said do not run more than one.

[LDTate]

Thank you for the quick attention. I went into add remove and got rid of JAVA2 runtime environment SE v1.4.2_03
this was the omly one I did see. Should I have seen more? I have not added the one you told me to get for fear I might have missed an older version and as you said do not run more than one.

That's OK if only one old one. Now install the new one I posted and you should be good to go.

[dangedcoyote]

thank you for your help again. I shall do the downloadright now and reboot. I am glad at least one of these computers is not ready to blow up!!

[LDTate]

thank you for your help again. I shall do the downloadright now and reboot. I am glad at least one of these computers is not ready to blow up!!

Let me know how it goes

[dangedcoyote]

It has been verified and said that I have the latest updated version. Will I need to go into msconfig and delete any javain there or into regedit? other than that I have done everything to this computer you told me to do to the other and all seems good right now. I went to the page about how did I get this virus and did all that they said and went to jasons toolbox and did what I was told to do there too, the only annoying thing is all the time the cookie question comming up on my computers and needing to allow or decline the cookies. do you have any suggestions on what to do here or just live with it? What do you think?

[LDTate]

Will I need to go into msconfig and delete any javain there or into regedit?

No.

the only annoying thing is all the time the cookie question comming up on my computers and needing to allow or decline the cookies.

I guess you'll need to adjusting the cookies. See if this helps:
http://vlaurie.com/c...rivacy_file.htm

[dangedcoyote]

this is going to take some time to do I have downloaded the files and can not get my computer to pull them up for some reason so I am going to try and download them again and put them to the desktop where I can find them easily. I have to run out for a bit with the family so this will be a slow process for me until then thank you for the help I will get back with you here to get this finished soon. It will just be a bit slow for this but I am sure I can live with the inconvieniance for a little while. Please keep this thread open so I can get back wit you later Dangecoyote

[dangedcoyote]

Ok, so I have done the download for the cookie thing and did the import of the settings ( I have done this for both computers) Is there anything else I need to know or do? by the way thanks again. I am sure it hard at times working with a person like me that has little expieriance with computers but I do believe it also brings self satisfaction.

[LDTate]

I think you're good to go

[dangedcoyote]

thanks, another problem solved and closed!!

[LDTate]

Great job You're more then welcome. Glad we were able to help Peace be with you

[LDTate]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php