Sign in to follow this  
tarantino

IE isn't recognized by any website..

Recommended Posts

I cant even do windows validation (yes, i got legit version of windows and everything is up to date, automatic updates are on and etc) my mcafee antivirus found some kind of backdoor. can any1 look at this?

THANKS in advance.

-----------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 12:09:15 PM, on 11/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Documents and Settings\Owner\Desktop\My Stuff\Programs\aaaTaskManager\procexp.exe

C:\Program Files\Winamp\winamp.exe

c:\program files\mcafee\spamkiller\mskagent.exe

c:\program files\mcafee.com\vso\mcmnhdlr.exe

c:\program files\mcafee.com\shared\mghtml.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Documents and Settings\Owner\Desktop\My Stuff\Programs\Mozilla 2\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\My Stuff\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.56.186.199:3128

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Share this post


Link to post
Share on other sites

Hello,Andy{Leet_krew} & Welcome

 

Please have a look at the quote box at the bottom of this page

there are two links do as asked then show us new HijackThis logfile.

 

Gogo :unsure:

Share this post


Link to post
Share on other sites

EDIT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!: i dont know y, but startup folder is located on my start menu!!! y is that?

 

 

Aight, here is adaware log

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Saturday, November 25, 2006 12:37:40 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:Se1R134 20.11.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):23 total references

Tracking Cookie(TAC index:3):10 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

11-25-2006 12:37:40 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\ahead\nero - burning rom\recent file list

Description : list of recently used files in nero burning rom

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3687628075-1165688971-1273529905-1006\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 564

ThreadCreationTime : 11-25-2006 4:19:09 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 620

ThreadCreationTime : 11-25-2006 4:19:10 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 644

ThreadCreationTime : 11-25-2006 4:19:11 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 688

ThreadCreationTime : 11-25-2006 4:19:11 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 700

ThreadCreationTime : 11-25-2006 4:19:11 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 872

ThreadCreationTime : 11-25-2006 4:19:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 11-25-2006 4:19:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1056

ThreadCreationTime : 11-25-2006 4:19:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1184

ThreadCreationTime : 11-25-2006 4:19:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1256

ThreadCreationTime : 11-25-2006 4:19:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1480

ThreadCreationTime : 11-25-2006 4:19:13 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:12 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1736

ThreadCreationTime : 11-25-2006 4:19:15 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:13 [ehtray.exe]

FilePath : C:\WINDOWS\ehome\

ProcessID : 1868

ThreadCreationTime : 11-25-2006 4:19:16 PM

BasePriority : Normal

FileVersion : 5.1.2715.2765 (xpsp(wmbla).050928-2135)

ProductVersion : 5.1.2715.2765

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Media Center Tray Applet

InternalName : ehtray

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ehtray.exe

 

#:14 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1884

ThreadCreationTime : 11-25-2006 4:19:16 PM

BasePriority : Normal

FileVersion : 3.0.0.4410

ProductVersion : 7.0.0.4410

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2004, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:15 [mpftray.exe]

FilePath : C:\Program Files\McAfee.com\Personal Firewall\

ProcessID : 1928

ThreadCreationTime : 11-25-2006 4:19:16 PM

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Tray Monitor

InternalName : MpfTray

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFTRAY.EXE

Comments : Tray Icon for McAfee Personal Firewall

 

#:16 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1992

ThreadCreationTime : 11-25-2006 4:19:16 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:17 [cisvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 220

ThreadCreationTime : 11-25-2006 4:19:21 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:18 [ehrecvr.exe]

FilePath : C:\WINDOWS\eHome\

ProcessID : 264

ThreadCreationTime : 11-25-2006 4:19:22 PM

BasePriority : Above Normal

FileVersion : 5.1.2715.2812 (xpsp(wmbla).051215-1116)

ProductVersion : 5.1.2715.2812

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Media Center Receiver Service

InternalName : ehRecvr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ehRecvr.exe

 

#:19 [ehsched.exe]

FilePath : C:\WINDOWS\eHome\

ProcessID : 284

ThreadCreationTime : 11-25-2006 4:19:22 PM

BasePriority : Normal

FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)

ProductVersion : 5.1.2710.2732

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Media Center Scheduler Service

InternalName : ehSched

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ehSched.exe

 

#:20 [mcshield.exe]

FilePath : c:\PROGRA~1\mcafee.com\vso\

ProcessID : 424

ThreadCreationTime : 11-25-2006 4:19:22 PM

BasePriority : High

 

 

#:21 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\

ProcessID : 904

ThreadCreationTime : 11-25-2006 4:19:25 PM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:22 [oasclnt.exe]

FilePath : c:\PROGRA~1\mcafee.com\vso\

ProcessID : 912

ThreadCreationTime : 11-25-2006 4:19:25 PM

BasePriority : Normal

FileVersion : 10, 0, 0, 24

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan OAS Client

InternalName : OasClnt

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : OasClnt.exe

Comments : McAfee VirusScan OAS Client

 

#:23 [mpfservice.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 996

ThreadCreationTime : 11-25-2006 4:19:25 PM

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall

CompanyName : McAfee Corporation

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

 

#:24 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1656

ThreadCreationTime : 11-25-2006 4:19:28 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:25 [spysweeper.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ProcessID : 1368

ThreadCreationTime : 11-25-2006 4:19:29 PM

BasePriority : Normal

FileVersion : 3,2,3,2120

ProductVersion : 3, 2

ProductName : Spy Sweeper SDK

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper Engine

LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved.

LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

OriginalFilename : SpySweeper.exe

 

#:26 [dllhost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2592

ThreadCreationTime : 11-25-2006 4:19:32 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : COM Surrogate

InternalName : dllhost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : dllhost.exe

 

#:27 [mpfagent.exe]

FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\

ProcessID : 2816

ThreadCreationTime : 11-25-2006 4:19:35 PM

BasePriority : Normal

FileVersion : 7.1.0.113

ProductVersion : 7.1.0.113

ProductName : McAfee Personal Firewall (MPF)

CompanyName : McAfee Security

FileDescription : McAfee Personal Firewall Agent Interface

InternalName : MpfAgent

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MPFAGENT.EXE

Comments : McAfee Personal Firewall Security Center Module

 

#:28 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3056

ThreadCreationTime : 11-25-2006 4:19:35 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:29 [ehmsas.exe]

FilePath : C:\WINDOWS\eHome\

ProcessID : 3100

ThreadCreationTime : 11-25-2006 4:19:36 PM

BasePriority : Normal

FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)

ProductVersion : 5.1.2710.2732

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Media Center Media Status Aggregator Service

InternalName : eHMSAS

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ehMSAS.exe

 

#:30 [mcvsshld.exe]

FilePath : c:\program files\mcafee.com\vso\

ProcessID : 1516

ThreadCreationTime : 11-25-2006 4:40:16 PM

BasePriority : Normal

FileVersion : 10, 0, 0, 22

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan ActiveShield Resource

InternalName : McVsShld

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : McVsShld.exe

Comments : McAfee VirusScan ActiveShield Resource

 

#:31 [mcvsescn.exe]

FilePath : c:\progra~1\mcafee.com\vso\

ProcessID : 1960

ThreadCreationTime : 11-25-2006 4:40:16 PM

BasePriority : Normal

FileVersion : 10, 0, 0, 20

ProductVersion : 10, 0, 0, 0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan E-mail Scan Module

InternalName : mcvsescn

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : mcvsescn.EXE

Comments : McAfee VirusScan E-mail Scan Module

 

#:32 [firefox.exe]

FilePath : C:\Documents and Settings\Owner\Desktop\My Stuff\Programs\Mozilla 2\Mozilla Firefox\

ProcessID : 2980

ThreadCreationTime : 11-25-2006 5:05:08 PM

BasePriority : Normal

 

 

#:33 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2260

ThreadCreationTime : 11-25-2006 5:37:16 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:34 [procexp.exe]

FilePath : C:\Documents and Settings\Owner\Desktop\My Stuff\Programs\aaaTaskManager\

ProcessID : 1684

ThreadCreationTime : 11-25-2006 5:37:22 PM

BasePriority : High

FileVersion : 10.2

ProductVersion : 10.2

ProductName : Process Explorer

CompanyName : Sysinternals

FileDescription : Sysinternals Process Explorer

InternalName : Process Explorer

LegalCopyright : Copyright © 1998-2006 Mark Russinovich

OriginalFilename : Procexp.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 23

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 23

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 23

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:32

Value : Cookie:[email protected]/

Expires : 1-20-2007 7:04:38 PM

LastSync : Hits:32

UseCount : 0

Hits : 32

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:292

Value : Cookie:[email protected]/

Expires : 11-7-2007 8:46:48 PM

LastSync : Hits:292

UseCount : 0

Hits : 292

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:[email protected]/

Expires : 10-22-2007 3:29:36 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:[email protected]/

Expires : 11-16-2008 10:02:46 PM

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 11-23-2011 7:00:00 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:307

Value : Cookie:[email protected]/

Expires : 10-22-2007 11:19:08 AM

LastSync : Hits:307

UseCount : 0

Hits : 307

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:147

Value : Cookie:[email protected]/

Expires : 11-7-2007 8:46:48 PM

LastSync : Hits:147

UseCount : 0

Hits : 147

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 11-17-2026 10:02:46 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:30

Value : Cookie:[email protected]/

Expires : 10-23-2009 6:30:28 PM

LastSync : Hits:30

UseCount : 0

Hits : 30

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 11-12-2011 2:53:36 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 10

Objects found so far: 33

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

39 entries scanned.

New critical objects:0

Objects found so far: 33

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

12:48:20 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:10:39.765

Objects scanned:156533

Objects identified:10

Objects ignored:0

New critical objects:10

 

--------------------------------------------------------------------------------

and here's hijack this log--------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:51:28 PM, on 11/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\eHome\ehmsas.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Documents and Settings\Owner\Desktop\My Stuff\Programs\Mozilla 2\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\My Stuff\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.56.186.199:3128

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites

Hi,Andy{Leet_krew}

 

Well i don't see much here

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

 

Update your Java.

 

You have version 1.5.0_06 The current version is 1.5.0.09

 

Older versions have vulnerabilities that malware can use to infect your system.

 

Please follow these steps to remove older version Java components.

 

 

Close any programmes you may have running, ESPECIALLY your web browser

 

Click Start > Control Panel.

 

Click Add/Remove Programs.

 

Check any item with Java Runtime Environment (JRE or J2SE) in the name.

 

Click the Remove or Change/Remove button.

 

Repeat as many times as necessary to remove all versions of Java.

 

Reboot your computer once all Java components are removed.

 

Then download the latest version of Java Runtime Environment and install it to your computer.

 

and are you using this Proxy Server

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.56.186.199:3128

 

 

Please download AVG Anti-Rootkit to your desktop.

 

Double-click the installation file

Just click Next, let it go with default settings.

Once the installation is ready, reboot.

Run AVG Anti-Rootkit Beta.exe.

Click Search for rootkits.

When finished, click Save result to file.

Post back with the results. (Not sure where they are located, either in C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\ folder or on your desktop.)

 

 

Gogo :unsure:

Share this post


Link to post
Share on other sites
and are you using this Proxy Server

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.56.186.199:3128

no i dont run it.. should i delete it? it might be cosing the problem?

ty, i did all that. AVG didnt find any rootkits ;)

 

huh i did that fix but it doesnt work... my ie still isnt recognized.. but autoupdater is working. Really appreciate ur help guys...but i dont mean that my problem is solved.. how do i get my IE to be recognized? im so pissed...

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites

I was wondering, have you tried an online scanner such as Bitdefender or Panda Active Scan?

These are two of the best online scanner, detecting dialers and ad/malware virus's et. cetera.

 

Free Panda Active online scan:

http://www.pandasoftware.com/products/ActiveScan.htm

 

BitDefender Online Scanner:

http://www.bitdefender.com/scan8/ie.html

 

Finds things others cannot.

Share this post


Link to post
Share on other sites

...Internet Explorer 4+ is required for the Online Scanner to work. (both of em)...

EIDT: omg i the license agreement showed up, but quickly disappeared and then it showed me that phrase that i wrote above.

i think my problem is activex... but i dont know what should i do... i think my active scripting options n stuff are configured properly in my ie options...

so i quicky pressed "agree to license" before it disappeared. and now its scanning.. but isn't it weird tho? ty.

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites

Hi,Andy{Leet_krew}

 

Hmm not sure but let's give this a try.

 

go here

 

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

 

look for the HOSTS file and rename it to say HOSTS.old

 

NOTE

 

that's a dot between HOSTS and old

 

Then do a reboot try going online try something let me know.

 

Gogo ;)

Share this post


Link to post
Share on other sites

renamed hosts to hosts.old,rebooted

i went online, windows update site.. nothing changed.

ty tho.

 

EDIT: i researched a bit... maybe my IE doesnt receive certificates? i think it might be my problem, but i don't know how to...

ty to all of u who are trying to help.

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites

no that didn't help. i took some screens to show you what it looks like (i thought you might be curious, or just to give u better view :) )

 

1)1fn5.th.png

 

2)2uk0.th.png

 

and... steamcybercafe (it's a gaming thingy)

 

1)cafe1ny1.th.png

 

2)cafe2zj1.th.png

this happens when i press add pc.

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites
...let me know ur aim or msn...

 

It might be, however, you pass off the AIM worm or something else spread through shares, et. cetera,

or anything else someone would like to pass around.

 

Not Good To Give Info Like That Here, one of my first lessons here at LS. :)

Share this post


Link to post
Share on other sites
bump..

heh, even microsft people are struggling w/ my problem...

Hey Andy,

Everything turn out alright? Were you able to fix the problem, if so I wish you would let us in on it.

Thanks.

Share this post


Link to post
Share on other sites

meh.. still same thing, but removed all the spyware. if u guys are willing to help me out..

EDIT! EDIT! EDIT ! EDIT! EDIT ! EDIT! EDIT!

 

ok, i think my problem is caused by spyware which now is deleted and my pc is pest free. as i told u before i have mcafee, so it wanted to update itself and u might wana read this message carefully .

 

ie explorer opened, i logged in into my mcafee account and i tried to update it, but check this out

-----------------------------

: "We have detected that your primary browser is Netscape. McAfee Application requires a one-time installation of the McAfee Clinic Activator Plug-in to support Application installations and updates.

 

You will be presented with a Plug-in installation dialog box within a few seconds. Simply select the Install button and follow the instructions as they are presented to install the Plug-in.

 

 

 

The Plug-in file is approximately 90K and will take between 10 seconds and 15 seconds to download and install over a 56K modem line. Once the Plug-in has been automatically installed, the McAfee Application install process will automatically begin. "

------------------------------------

Rly amazing... my default browser is Netscape? huh? i still can't figure out what to do, can u guys help me out?> thnx!!

Edited by Andy{Leet_krew}

Share this post


Link to post
Share on other sites

Hi,Andy

 

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

 

Gogo ;)

Share this post


Link to post
Share on other sites

i don't see netscape in this list... funny.

 

---------

µTorrent

Ad-Aware SE Personal

Adobe Flash Player 9 ActiveX

Adobe Reader 7.0.8

Adobe Shockwave Player

AOLIcon

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Digital Content Portal

DivX Codec

ELIcon

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

HP Photo & Imaging 3.1

HP PSC & OfficeJet 3.0

hp psc 2400 series

HP Software Update

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

iTunes

J2SE Runtime Environment 5.0 Update 9

LimeWire PRO 4.12.6

Mavis Beacon Teaches Typing Deluxe 16

McAfee SiteAdvisor

McAfee Uninstall Wizard

MCU

Memories Disc Creator 2.0

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft .NET Framework 2.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Modem Helper

Mozilla Firefox (2.0)

MSXML 4.0 SP2 (KB927978)

Nero 7 Ultra Edition

NetWaiting

Pro Media Director Version 1.1.1.2

QIP 2005 Uninstall

QuickTime

RealPlayer

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

Sonic Activation Module

Sonic Encoders

Spybot - Search & Destroy 1.4

Steam

Trillian

TuneUp Utilities 2006

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update Rollup 2 for Windows XP Media Center Edition 2005

Verizon Online

Winamp (remove only)

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890927

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB908250

WinRAR archiver

XviD 1.1 final uninstall

Share this post


Link to post
Share on other sites
Sign in to follow this