Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Stupid spyware


  • This topic is locked This topic is locked
9 replies to this topic

#1 nosehair

nosehair

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 29 October 2007 - 08:34 PM

Trojan-Spy.win32@mx and System Alert! Yadda, Yadda. It's those pop up baloon things. Here are the logs. What shoud I kill?

There's also Security Toolbar 7.1 that's where the problem lies I suppose. Lord knows what my Dad did to this thing. He just click, click clicks with no regard.

Logfile of HijackThis v1.99.1
Scan saved at 9:44:02 PM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1160866940\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common

files\aol\1160866940\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP

Scheduler.exe
c:\program files\common files\aol\1160866940\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.emachines.com
R3 - URLSearchHook: AOLTBSearch Class -

{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar

5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -

c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -

C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program

Files\Video Add-on\isfmdl.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no

file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no

file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -

C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} -

C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media

Reader\shwiconem.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program

Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

/IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program

Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic]

"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1160866940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program

Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program

Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program

Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program

Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program

files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -

C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -

C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program

files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc.

- C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. -

C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program

Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America

Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega

Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

System Processes

Process list saved on 10:09:59 PM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
780 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
892 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
936 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
948 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1100 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1296 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1784 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 7.0.2.3 Lavasoft AB
1852 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation
1996 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
320 C:\Program Files\Video Add-on\isfmntr.exe
340 C:\Program Files\Video Add-on\icthis.exe
360 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 5.0.0.0 Cyberlink Corp.
368 C:\Program Files\Digital Media Reader\shwiconem.exe 1.4.0.8 Alcor Micro, Corp.
384 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 2.3.0.162 Hewlett-Packard
412 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe 3.2.1.5 Iomega Corporation
420 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe 6.3.0.56 Iomega
552 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe 2.80.0.0 HP
572 C:\WINDOWS\System32\hphmon03.exe 3.5.11.0 Hewlett-Packard
596 C:\Program Files\SiteAdvisor\6172\SiteAdv.exe 2.5.0.6172
588 C:\Program Files\Video Add-on\icmntr.exe
612 C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe 1.3.21.2353 Verizon
640 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe 5.8.22.6405 Motive Communications, Inc.
656 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe 6.0.20.6 Sun Microsystems, Inc.
380 C:\Program Files\Verizon\McciTrayApp.exe 5.0.2.56 Motive Communications, Inc.
700 C:\Program Files\McAfee.com\Agent\mcagent.exe 8.0.237.0 McAfee, Inc.
720 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 5.1.707.23222 Google
748 C:\Program Files\QuickTime\QTTask.exe 7.2.0.240 Apple Inc.
728 C:\Program Files\Video Add-on\isfmm.exe
828 C:\Program Files\iTunes\iTunesHelper.exe 7.4.3.1 Apple Inc.
856 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe 2.6.0.162
1064 C:\Program Files\Common Files\AOL\1160866940\ee\aolsoftware.exe 1.5.6.1 America Online, Inc.
988 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
1392 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2.0.301.1654 Google Inc.
1412 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 5.1.707.23222 Google
1540 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe 4.6.1.2 AOL LLC
1564 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe 5.0.1.0 The Weather Channel Interactive
1524 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1.14.0.0 Apple, Inc.
1736 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1.5.0.9 Safer Networking Limited
1892 C:\PROGRA~1\Iomega\System32\AppServices.exe 2.0.2.5 Iomega Corporation
2180 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 8.0.238.0 McAfee, Inc.
2352 C:\Program Files\BigFix\BigFix.exe 1.7.6.0 BigFix Inc.
2360 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 6.21.25.62 Eastman Kodak Company
2368 C:\Program Files\Microsoft Office\Office\FINDFAST.EXE 8.0.0.4120
2376 C:\Program Files\WinZip\WZQKPICK.EXE 1.0.7403.0 WinZip Computing, S.L.
2388 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe 8.4.623.0 MicrosoftŪ Corporation
2596 c:\program files\common files\mcafee\mna\mcnasvc.exe 2.0.136.0 McAfee, Inc.
2688 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 2.0.150.0 McAfee, Inc.
2800 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 14.0.0.349 McAfee, Inc.
2856 C:\Program Files\McAfee\MPF\MPFSrv.exe 9.0.136.0 McAfee, Inc.
3032 C:\Program Files\McAfee\MSK\MskSrver.exe 9.0.214.0 McAfee, Inc.
3136 C:\Program Files\SiteAdvisor\6172\SAService.exe 2.5.0.6172
3468 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
3592 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2.0.0.54 Viewpoint Corporation
3640 C:\WINDOWS\wanmpsvc.exe 9.0.0.0 America Online, Inc.
3760 C:\Program Files\Iomega\AutoDisk\ADService.exe 3.2.1.5 Iomega Corporation
2324 C:\WINDOWS\System32\HPHipm09.exe 4.5.0.770 HP
2756 C:\Program Files\iPod\bin\iPodService.exe 7.4.3.1 Apple Inc.
3876 c:\program files\common files\aol\1160866940\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
152 c:\program files\common files\aol\1160866940\ee\aolsoftware.exe 1.5.6.1 America Online, Inc.
472 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe 2.0.0.54 Viewpoint Corporation
1728 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 12.0.188.0 McAfee, Inc.
1724 C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe 6.0.20.6 Sun Microsystems, Inc.
2012 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
2668 c:\program files\aol\aol toolbar 5.0\AolTbServer.exe 5.0.33.3 AOL LLC
3268 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 1.5.1.15 Safer Networking Limited
3344 C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

    Advertisements

Register to Remove


#2 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 30 October 2007 - 05:23 AM

Welcome to the forum.

Can you please repost the HJT log but this time please turn off word wrap in notepad so it will have the correct format, MrC


#3 nosehair

nosehair

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 October 2007 - 03:12 PM

No problem. Here's what the HJT log says now and processes running is below that.

Logfile of HijackThis v1.99.1
Scan saved at 5:00:02 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Common Files\AOL\1160866940\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\common files\aol\1160866940\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1160866940\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160866940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Process list saved on 5:08:25 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
788 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
876 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
920 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
932 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1088 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1284 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1692 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 7.0.2.3 Lavasoft AB
1800 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
160 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation
276 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe 4.6.1.2 AOL LLC
288 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1.14.0.0 Apple, Inc.
360 C:\PROGRA~1\Iomega\System32\AppServices.exe 2.0.2.5 Iomega Corporation
376 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 8.0.238.0 McAfee, Inc.
448 c:\program files\common files\mcafee\mna\mcnasvc.exe 2.0.136.0 McAfee, Inc.
500 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 2.0.150.0 McAfee, Inc.
568 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 14.0.0.349 McAfee, Inc.
628 C:\Program Files\McAfee\MPF\MPFSrv.exe 9.0.136.0 McAfee, Inc.
772 C:\Program Files\McAfee\MSK\MskSrver.exe 9.0.214.0 McAfee, Inc.
1232 C:\Program Files\SiteAdvisor\6172\SAService.exe 2.5.0.6172
1652 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1728 c:\PROGRA~1\mcafee.com\agent\mcagent.exe 8.0.237.0 McAfee, Inc.
1752 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2.0.0.54 Viewpoint Corporation
968 C:\WINDOWS\wanmpsvc.exe 9.0.0.0 America Online, Inc.
2024 C:\Program Files\Iomega\AutoDisk\ADService.exe 3.2.1.5 Iomega Corporation
2424 C:\Program Files\Video Add-on\isfmntr.exe
2444 C:\Program Files\Video Add-on\icthis.exe
2464 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 5.0.0.0 Cyberlink Corp.
2512 C:\Program Files\Digital Media Reader\shwiconem.exe 1.4.0.8 Alcor Micro, Corp.
2524 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 2.3.0.162 Hewlett-Packard
2544 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe 3.2.1.5 Iomega Corporation
2572 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe 6.3.0.56 Iomega
2660 C:\Program Files\Video Add-on\icmntr.exe
2688 C:\Program Files\Common Files\AOL\1160866940\ee\AOLSoftware.exe 1.5.6.1 America Online, Inc.
2708 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe 2.80.0.0 HP
2732 C:\WINDOWS\System32\hphmon03.exe 3.5.11.0 Hewlett-Packard
2740 C:\Program Files\SiteAdvisor\6172\SiteAdv.exe 2.5.0.6172
2748 C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe 1.3.21.2353 Verizon
2756 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe 5.8.22.6405 Motive Communications, Inc.
2780 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe 6.0.20.6 Sun Microsystems, Inc.
2792 C:\Program Files\Verizon\McciTrayApp.exe 5.0.2.56 Motive Communications, Inc.
2836 C:\Program Files\Video Add-on\isfmm.exe
2860 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 5.1.707.23222 Google
2912 C:\Program Files\QuickTime\QTTask.exe 7.2.0.240 Apple Inc.
2920 C:\Program Files\iTunes\iTunesHelper.exe 7.4.3.1 Apple Inc.
3000 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
3128 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2.0.301.1654 Google Inc.
3136 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe 5.0.1.0 The Weather Channel Interactive
3148 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1.5.0.9 Safer Networking Limited
3332 C:\Program Files\BigFix\BigFix.exe 1.7.6.0 BigFix Inc.
3372 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 6.21.25.62 Eastman Kodak Company
3400 C:\Program Files\Microsoft Office\Office\FINDFAST.EXE 8.0.0.4120
3412 C:\Program Files\WinZip\WZQKPICK.EXE 1.0.7403.0 WinZip Computing, S.L.
3432 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe 8.4.623.0 MicrosoftŪ Corporation
3460 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe 2.6.0.162
3620 C:\Program Files\Video Add-on\isfmm.exe
3740 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 5.1.707.23222 Google
3788 C:\WINDOWS\System32\HPHipm09.exe 4.5.0.770 HP
3524 C:\Program Files\iPod\bin\iPodService.exe 7.4.3.1 Apple Inc.
1200 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe 2.0.0.54 Viewpoint Corporation
2136 c:\program files\common files\aol\1160866940\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
192 c:\program files\common files\aol\1160866940\ee\aolsoftware.exe 1.5.6.1 America Online, Inc.
2960 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 12.0.188.0 McAfee, Inc.
3736 C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe 6.0.20.6 Sun Microsystems, Inc.
3420 c:\program files\aol\aol toolbar 5.0\AolTbServer.exe 5.0.33.3 AOL LLC
2128 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1812 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 1.5.1.15 Safer Networking Limited
3856 C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 30 October 2007 - 03:36 PM

This should get it.....

1. Download RVAXO.exe into a folder.

2. Double click on RVAXO.exe, then click "Installeren" to install the program.
("Bladeren" = Browse for Folder and "Annuleren" = Cancel)
It will install to a folder called Rvaxo

3. Now open up the Rvaxo folder and double click on RVAXO.cmd

You will see a small window pop up, and quickly some lines will run , then the window will close by itself, this is normal behavior.
Then it is possible for an uninstaller of some roque scanner to start up, do not close this but follow all prompts there, and let it run its course.

4. When it's done....reboot the computer.
Now double click on RVAXO.cmd again to run the program........Let it finish.

5. After it's done it will create a file called RVAXO-results.log in C:\
(C:\RVAXO-results.log)

Copy and paste it back here.

-----------------

Next.......

Please download SUPERAntiSpyware Home Edition (free)

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes, Let it through your firewall!
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Ignore System Restore/Volume Information on ME and XP
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
Yes.

To retrieve the removal information - please do the following:
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
  • Click Preferences . Click the Statistics/Logs tab .
  • Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything , then right-click and choose copy.
  • Click close and close again to exit the program.
Now please paste the removal information along with a fresh HijackThis log in your reply. If it's a large log, you may need several replies to post it.
Please don't forget the log from RVAXO.

Good Luck, MrC


#5 nosehair

nosehair

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 October 2007 - 08:00 PM

Thank You So Very Much! It's gone. There are possibly some minor glitches, a couple of online games don't work. No biggie. It's fixable... now that that darned thing is gone. I never have this stuff happen to me! My pc hac been fine for years.

I have no idea what my Father might have done to his pc before he even bothered to call me. At least I know not to click on insane carp** and where to ask for help.

He really should clean out his history too. **shudder** I didn't need to know those things. I really didn't.

Here's the logs now.

Logfile of HijackThis v1.99.1
Scan saved at 9:40:44 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\AOL\1160866940\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\common files\aol\1160866940\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1160866940\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160866940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - IntelŪ Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2007 at 09:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3333
Trace Rules Database Version: 1334

Scan type : Complete Scan
Total Scan Time : 02:41:30

Memory items scanned : 680
Memory threats detected : 0
Registry items scanned : 5726
Registry threats detected : 35
File items scanned : 93004
File threats detected : 93

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficbet[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.viruslocker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@brightcove.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkouid5ibp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiamc5wfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6whl4aldzofp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyugd5ebo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyalajcgq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ifilm.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ezzs.valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ice.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linkstattrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@microsoftconsumermarketing.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@njmvc.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nttcommunications.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@petiteteenager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pornstarslikeitbig[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realnetworks.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@secure1.effexmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ststcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tour.pornstarslikeitbig[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficbet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webstat.yamaha[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.gaycollegesexparties[1].txt
C:\WINDOWS\Temp\Cookies\owner@2o7[1].txt

Malware.VirusRescue
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid32
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib#Version

Malware.VirusRanger
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\aXEvePlepa
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Implemented Categories
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#ThreadingModel
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Myuxhayxbj
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\pivZzlIyk
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ProgID
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\Programmable
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\rlttxYcFZaqv
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\smgukv
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\TypeLib
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\uxxmVp
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\VersionIndependentProgID
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\wtgNqlqFha
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid32
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib#Version

Trojan.Media-Codec/V4
HKU\S-1-5-21-3553833299-3522039286-2982268607-1003\Software\Online Add-on
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on#Publisher

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\11U7GX6Z\INSTALL_EN[2].EXE

Malware.VirusLocker
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ASPPNV73\VL_SETUP[1].EXE

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4J2JRLF\button_privacy_pressed[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\11U7GX6Z\viruslocker[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B8H1NS8K\line_dotted[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\V1SK477J\home[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JT08CBJJ\button_privacy[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ASPPNV73\button_affiliates[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5T0YSFPZ\logo[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S9AFOP27\bn_download[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5T0YSFPZ\top_bg[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7GHYLSV\icon_scan[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63ONER6H\features[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IBOX2N\main_bg_fill[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W1IN4LIV\button_company_pressed[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XEVC16V\images[1].js
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A8TPBFF7\icon_update[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X2T889GB\button_support_pressed[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AVVAL7FU\button_features[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TDPVQBH3\button_buy[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X2T889GB\button_buy_pressed[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W1IN4LIV\button_support[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A8TPBFF7\email[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4J2JRLF\button_company[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\11U7GX6Z\style[1].css
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IBOX2N\special_offer[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I7GHYLSV\button_download[1].gif

Edited by nosehair, 30 October 2007 - 08:05 PM.


#6 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 30 October 2007 - 08:10 PM

Well Done...

To clear out all temp files on the system:

1. Clean out temp files: ATF Cleaner
Download ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All (cookies optional)
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All (cookies optional)
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All (cookies optional)
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

-------------------------

Please disable TeaTimer and SDHelper by opening Spybot SD, click Mode>Advanced>and on the left menu choose Tools and then Resident. In the right hand pane you will see a check box for TeaTimer and for SDHelper . Please uncheck both boxes and then close Spybot. You can reinstate it later but we don't want it interfering with what we need to do. Reboot when done

-------------------

Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items if found:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)

Click on Fix Checked and exit HijackThis.

Can you post the log from RVAXO ---> C:\RVAXO-results.log

MrC


#7 nosehair

nosehair

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 October 2007 - 08:47 PM

Sorry I forgot the RVAXO log. I was happy the pc was normal again. The logs I posted were from before I tried to surf the net or anything. I zapped the other two you just told me to. ----------------RVAXO.exe first run------------- Files found: C:\WINDOWS\system32\fqgwiw.dll Uninstallers Rogue scanners: Folders Found: C:\Program Files\VirusRanger C:\Program Files\Video Add-on Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished----------------

#8 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 31 October 2007 - 05:30 PM

OK....sounds like we're OK now?


If you have any questions - please post back

I'll leave you with........

Some Preventive Maintenance:

Some of the programs you may have run create backups of what was deleted - you can safely delete them now: (delete folders in blue) You can also delete/uninstall the programs themselves.

C:\!KillBox (KillBox)
C:\VundoFix Backups (VundoFix)
C:\QooBox (ComboFix)
C:\SDFix\backups\backups.zip (SDFix)
C:\avenger\backup.zip (Avenger)

If you used AVG Anti-Spyware and/or SuperAntiSpyware...........

Open up SuperAntiSpyware > Preferences > General and Start-up > Start-up Options > Uncheck > Start SAS when Windows Starts.
"SAS free" provides no real time protection so there's no need for it to be running, I suggest you keep the program and update regularly - you can use it to scan for malware. It's an excellent program. When you want to start it - just double click on the SAS icon.

AVG Anti-Spyware will provide 30 days of real time protection and then after that you can use it to scan for malware - you'll have to manually update it first.


------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point (XP only):

Note: This will remove all previous Restore Points!

1. Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer,

2. Turn on System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UnCheck Turn off System Restore.
Click Apply, and then click OK.

Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked.

SpywareBlaster Check for updates weekly.

SpywareGuard

IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
or try the new ZonedOut

Blocking Unwanted Parasites with a Hosts File
Direct Download - MVPS HOSTS <==> MVPS HOSTS Tutorial

Need a free anti virus?
AVG*free
Avast Free
AntiVirŪ PersonalEdition Classic
-->Check for updates - daily<---

How about a firewall? The front door to your computer.
Windows firewall is not suffient...install a better one.
Comodo Free Firewall
ZoneAlarm*free
Other free firewalls

Keep those temp files off your system use
ATF Cleaner - hit "select all" then just uncheck "cookies" (uncheck cookies is optional - leave it checked if you want to delete all cookies) then "empty selected"
or
CCleaner
Uncheck "Cookies" under "Internet Explorer".
That will clear out all the temp files on the system.

IMPORTANT!!
Keep your Sun Java up-to-date JRE Version 6 Update 3<--newest version
Delete ALL old versions from add/remove programs if listed first!
Check HERE

Keep the registry backed up - use ERUNT
Print this out and save it
ERUNT Tutorial

Starter Manage you startup programs and services.

----------Free malware removal programs:----------

AVG Anti-Spyware<---VERY GOOD! (XP and 2K only)
SUPERAntiSpyware (free edition)<---Excellent!
AVG Anti-Rootkit Free Edition Run it!!
SpyBot
AD-Aware
CW-Shredder

Please consider using FireFox instead of Internet Explorer. A more secure browser! Easy to make the change!
FireFox Tutorial


Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable "Windows Messenger Service" XP - 2K (stops pop-up ads -etc):
Shoot The Messenger

Anti-Rootkit Software - Detection, Removal & Protection

Reduce Online Fraud

Slow Computer - Check Here

Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC


#9 nosehair

nosehair

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 November 2007 - 12:47 AM

Thank you again. It's looking clean over here. Running good. No idea what happened before I was asked to help. Topic closed I guess.

Edited by nosehair, 01 November 2007 - 12:56 AM.


#10 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 01 November 2007 - 05:50 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users