• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
millleft

I,m dying!!!! Help

31 posts in this topic

I'm not sure if this is where to start or if this is the right forum but here goes.

 

I just bought a new computor on 1-17-07 to replace this one I'm using now (I format/recovered my disk and now it's working better han it has in a LONG while (and now my new one is working worse than this one ever did).

 

I used my MStick to transfer files from old comp to new (BAD IDEA)and used new updated McAfee that came with my computor to scan after they were put on my desktop , but one of the reasons that I bought another comp is because of the POOR customer service I've been getting from Symantec over the years as a paying customer (they wanted $80.00 to tell me how to fix it). Anyway...

 

It runs SLOWWW on the internet, it won't open sites or email now.

At first it started going alittle crazy when I went to sites like Kimmkomando after I went to grc.com.

When grc's Shields-Up (I wanted to check my new McAfee firewall) was checking my ports it really really started going crazy and would not stop until I actually unplugged my DSL cable. It did indicated however that I had ports 1029 and 1030 "closed" not "stealth".

 

I'm sure it picked up something from my old computor despite my scanning attempts at each MStick "batch".

 

Also can My MStick (ScanDisk Cruiser Mini 1-GB) itself be infected or scanned?

Should I "sign it in" to scan it or just "plug and scan"?

 

I know I'm asking alot of questions but I need help and I have been putting hours and hours into this brand new computor with no luck (9 uot of the 11 days of it brand new life).

 

I'm using the McAfee (for the first time) that came with my now 11 day old computor and I found the tool

that denies access to certain "unsolicited attempt to access port #***" and I hit the "ban this

address" button (without knowing what I was doing) and things started getting worse.

When I hit the Allow this address" button, it acted as if I was hitting the "Ban" button again and said

"You must remove from banned list..." etc. I found the "remove prior whatever whatever" button but my log still displays "unsolicited attempt by banned site" to the power of ten times more.

 

I have downloaded some of the free tools from Komando, one of the first is Ad-Aware but the

more tools I tried the worse it got. After doing some more research I discovered that those

viruses sure have gotten alot more complicated. When I ran AdAware it found the Exploit virus

and said it removed it but I still have some BIG problem now.

 

Also when I'm on the internet my LAN internet indicator comes up next to my internet indicator displaying twin indicators.

 

I know I downloaded HijackThis to both computors and I think I may have run them in FIX mode

(again, without knowing what I was doing), afterwhich I format/recovered my old one and it is doing MUCH

better, though I still don't trust it yet (we'll do this one later).

 

I have used regedit to remove viri before and used to be a pretty good DOS man but that was a long Time ago, between that time and the time when I got my first computor (a 3 yr old Win ME) almost two decades had passed.

 

I want to make sure I understand some of the instuctions.I've read a few of the posts in here and I'm not

too sure of a few things so I figure I'll ask.

 

When you say "close windows" or "close all programs" are you talking about using Task Manager via

control-alt-del to stop running processes or should I close anything on the toolbar?

 

Thanks for any support and I can tell that they are keeping everyone busy.

 

And sorry about being so long winded.

 

HELP!!!

Share this post


Link to post
Share on other sites

I just figured out how to transfer my hjThis log ( I hope) to this) I got a couple error boxes stating that file may not be complete but I'm trying.

 

And I thuoght I read somewhere "Dont post HJThis log untill requested" but I could not find it.

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:35:21 PM, on 1/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\SiteAdvisor\6009\SAService.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6009\SiteAdv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\bigfix.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

C:\Program Files\Stuff\SlapThisShit.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O23 - Service: McAfee Application Installer Cleanup (0229081169732505) (0229081169732505mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\022908~1.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe

Share this post


Link to post
Share on other sites

Hi,Millleft

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune

 

Download and Install AVG Anti-Spyware© by Grisoft

 

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.

The program will now go to the main screen

You will need to update AVG Anti-Spyware to the latest definition files.

On the main screen select the icon Update then select the Update now link

Next select the Start Update button, the update will start and a progress bar will show the updates being installed.

Close AVG Anti-Spyware

 

( Don't run just Yet )

 

 

===============

 

Reboot to Safe mode

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load

If done right a Windows Advanced Options menu will appear.

Select the Safe Mode option and press Enter

 

===============

 

Run ATF Cleaner

Double-click ATF Cleaner.exe

Under Main choose: Select All

Click the Empty Selected button.

Click Exit on the Main menu to close the program

 

 

Run AVG Anti-Spyware

Click on Scanner at top

Click on Settings

Once in the Settings screen click on Recommended actions and then select Quarantine

Under Reports, Select Automatically generate report after every scan

Un-Select Only if threats were found

Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time

Once the scan is complete do the following :

If you have any infections you will prompted, then select Apply all actions

Next select the Reports icon at the top.

Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Now close AVG Anti-Spyware

 

===============

 

Reboot into Normal Mode and do this for me

 

 

Please download ComboFix and save it to your desktop.

 

Double click combofix.exe and follow the prompts.

 

When it's done running it will produce a log for you. Please post that log in your next reply.

 

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

 

Gogo ^_^

Share this post


Link to post
Share on other sites

Thanks for the help!

 

Now for the bad news

 

I could download AVG & ATF Cleaner (I haven't ran either yet) but I keep getting an "Update Aborted" on the AVG (I've tried 6 times and it has taken aprox 4 hrs).

 

That "LAN network connection" indicater I mentioned that pops up next to the "Broadband Connection" indicator reads "Searching Network Address" when I hold my mouse pointer over it.

I think this is a symptom of my blocking the those "pingers" with McAfee.

 

I don't trust allowing them because I can't get a "trace this address" result because it wont pull it up.

 

Is there anything I can change to get a safe allow to update AVG

 

OR install it to disk on this PC and transfer it over

 

OR install it onto this PC, update it and then copy the updated file and any updated component files into a disk and then delete and replace them on the infected PC which does have AVG installed?

 

Should I run non-updated AVG (in safe mode) along with the ATF and post those results?

Edited by Millleft

Share this post


Link to post
Share on other sites

Thanks! Much Better

 

I downloaded it and double cliked it and it extracted and did it's thing so now should I take up from your instrucions about running it in safe mode? (please say yes) or did I mess up by double clicking it???

 

Also I downloaded the AVG update on top not the "full Database"

Edited by Millleft

Share this post


Link to post
Share on other sites

Hi,Millleft

 

Yes once you updated AVG anti-spyware goto Safe Mode and move

on with the work.

 

Gogo ;)

Share this post


Link to post
Share on other sites

The AVG found no virus and had no report created.

 

Heres the combofix report.

 

 

"Owner" - 07-01-27 8:37:18 Service Pack 2

ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Owner\Desktop"

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))

 

 

2007-01-27 08:33 <DIR> d-------- C:\WINDOWS\LastGood

2007-01-26 21:01 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Sun

2007-01-26 18:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-01-26 18:07 <DIR> d-------- C:\Program Files\Grisoft

2007-01-25 22:31 <DIR> d-------- C:\Program Files\Stuff

2007-01-23 23:41 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\McAfee

2007-01-23 22:24 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-01-23 22:24 <DIR> d-------- C:\Program Files\Trend Micro

2007-01-22 23:27 <DIR> d-------- C:\Program Files\Lavasoft

2007-01-22 23:27 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Lavasoft

2007-01-21 23:14 19,328 --a------ C:\WINDOWS\system32\NotSleep.dll

2007-01-21 23:13 <DIR> d-------- C:\Program Files\NoTrax

2007-01-21 20:12 <DIR> d-------- C:\Program Files\Erace

2007-01-20 12:23 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Template

2007-01-20 11:31 114,744 --a------ C:\WINDOWS\system32\hpzlnt04.dll

2007-01-20 11:28 <DIR> d-------- C:\Program Files\hp deskjet 825c series

2007-01-20 11:28 <DIR> d-------- C:\Program Files\Hewlett-Packard

2007-01-20 10:17 1,933,312 --a------ C:\WINDOWS\system32\Tropix.scr

2007-01-19 22:53 802,816 --a------ C:\WINDOWS\feedingfrenzy.scr

2007-01-19 22:43 <DIR> d-------- C:\My Games

2007-01-19 22:36 <DIR> d-------- C:\My Download Files

2007-01-19 22:31 774,144 --a------ C:\Program Files\RngInterstitial.dll

2007-01-18 22:57 <DIR> d-------- C:\Program Files\Common Files\Adobe

2007-01-18 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe

2007-01-18 22:51 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\AdobeUM

2007-01-18 22:50 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Adobe

2007-01-18 22:41 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Google

2007-01-18 22:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google

2007-01-18 22:00 <DIR> d-------- C:\Program Files\SiteAdvisor

2007-01-18 22:00 <DIR> d-------- C:\Program Files\Mozilla Firefox

2007-01-18 22:00 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\SiteAdvisor

2007-01-18 22:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\SiteAdvisor

2007-01-18 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SiteAdvisor

2007-01-18 21:59 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2007-01-18 21:58 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-01-18 21:58 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-01-18 21:58 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-01-18 21:58 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-01-18 21:58 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-01-18 21:58 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-01-18 21:55 <DIR> d-------- C:\Program Files\Common Files\McAfee

2007-01-18 21:26 <DIR> d-------- C:\Program Files\Common Files\AolCoach

2007-01-18 18:22 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\WildTangent

2007-01-18 17:16 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\Help

2007-01-18 07:06 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll

2007-01-18 07:06 32,768 --a------ C:\WINDOWS\system32\instlsp.exe

2007-01-18 07:06 131,072 --a------ C:\WINDOWS\system32\mclsp(2)(2).dll

2007-01-18 07:06 11,264 --a------ C:\WINDOWS\system32\sporder.dll

2007-01-18 05:52 <DIR> d-------- C:\WINDOWS\WBEM

2007-01-18 05:52 <DIR> d-------- C:\WINDOWS\system32\en-US

2007-01-18 05:51 <DIR> d--h-c--- C:\WINDOWS\ie7

2007-01-18 05:50 121,856 --------- C:\WINDOWS\system32\xmllite.dll

2007-01-18 05:49 <DIR> d-------- C:\WINDOWS\network diagnostic

2007-01-18 05:46 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-01-18 05:46 <DIR> d-------- C:\89db9ade18ab4de354a1

2007-01-18 05:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage

2007-01-18 05:29 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-01-18 05:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll

2007-01-18 05:27 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-01-17 22:19 46,352 --a------ C:\WINDOWS\setdebug.exe

2007-01-17 22:19 313,856 --a------ C:\WINDOWS\system32\dx3j.dll

2007-01-17 22:19 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll

2007-01-17 22:19 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2007-01-17 22:19 171,280 --a------ C:\WINDOWS\system32\jit.dll

2007-01-17 22:19 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2007-01-17 22:19 113 --a------ C:\WINDOWS\system32\zonedon.reg

2007-01-17 22:19 113 --a------ C:\WINDOWS\system32\zonedoff.reg

2007-01-17 22:18 947,472 --a------ C:\WINDOWS\system32\msjava.dll

2007-01-17 22:18 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll

2007-01-17 22:18 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2007-01-17 22:18 404,752 --a------ C:\WINDOWS\system32\javart.dll

2007-01-17 22:18 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll

2007-01-17 22:18 187,152 --a------ C:\WINDOWS\system32\javacypt.dll

2007-01-17 22:18 172,304 --a------ C:\WINDOWS\system32\jview.exe

2007-01-17 22:18 154,384 --a------ C:\WINDOWS\system32\msawt.dll

2007-01-17 22:18 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe

2007-01-17 22:17 253,952 --------- C:\WINDOWS\SBCDSL.exe

2007-01-17 22:16 99,544 --------- C:\WINDOWS\system32\GetFlash.exe

2007-01-17 22:01 <DIR> d--hs---- C:\DOCUME~1\Owner\UserData

2007-01-17 21:22 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS

2007-01-17 21:22 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\You've Got Pictures Screensaver

2007-01-17 21:22 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\SampleView

2007-01-17 21:12 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-27 08:33 -------- d-------- C:\Program Files\mcafee

2007-01-23 23:17 -------- d-------- C:\Program Files\real

2007-01-20 22:37 126 --a------ C:\DOCUME~1\Owner\Application Data\wklnhst.dat

2007-01-20 22:37 -------- d---s---- C:\DOCUME~1\Owner\Application Data\microsoft

2007-01-18 22:09 -------- d-------- C:\Program Files\google

2007-01-18 22:03 -------- d-------- C:\Program Files\mcafee.com

2007-01-18 21:27 -------- d-------- C:\Program Files\pure networks

2007-01-18 21:26 -------- d-------- C:\Program Files\windows nt

2007-01-18 21:26 -------- d-------- C:\Program Files\Common Files\aol

2007-01-18 19:08 -------- d-------- C:\Program Files\online services

2007-01-18 06:12 -------- d-------- C:\DOCUME~1\Owner\Application Data\macromedia

2007-01-18 05:38 -------- d-------- C:\Program Files\messenger

2006-12-07 00:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll

2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll

2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll

2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll

2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll

2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll

2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Power2GoExpress"="NA"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"

"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"RTHDCPL"="RTHDCPL.EXE"

"SkyTel"="SkyTel.EXE"

"Alcmtr"="ALCMTR.EXE"

"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\

55,41,52,44,2e,45,58,45,00

"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\

69,6e,64,5f,58,50,2e,65,78,65,00

"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6009\\SiteAdv.exe"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90b60451-656d-11db-9e07-806d6172696f}]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\ISP signup reminder 3.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

Completion time: 07-01-27 8:39:45

Share this post


Link to post
Share on other sites

I'm not sure if this will help or if I should post it without request but I fould the first Ad-Aware log that identified the virus (that I thougt was exploit but it was iehijack) I had deleted the quarentine archive and assumed that it automaticly deleted the log (I wish I would have found this forum before I tried to fix things on my own).

 

I'm not sure if this helps with the problems that I'm still having but these viri I'm almost sure came from transferring files from my old PC.

 

THANKS AGAIN and here it is

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, January 22, 2007 11:28:44 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R146 22.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IEHIjacker.SearchExe(TAC index:6):5 total references

MRU List(TAC index:0):20 total references

Tracking Cookie(TAC index:3):5 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

1-22-2007 11:28:44 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2471188847-1457541131-3360027596-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 480

ThreadCreationTime : 1-22-2007 4:48:41 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 536

ThreadCreationTime : 1-22-2007 4:48:42 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 572

ThreadCreationTime : 1-22-2007 4:48:43 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 616

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 628

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 772

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 6.14.10.4121

ProductVersion : 6.14.10.4121

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 784

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 856

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 892

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 948

ThreadCreationTime : 1-22-2007 4:48:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1008

ThreadCreationTime : 1-22-2007 4:48:45 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1224

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 6.14.10.4121

ProductVersion : 6.14.10.4121

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1292

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1316

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:15 [hwapi.exe]

FilePath : C:\Program Files\Common Files\McAfee\HackerWatch\

ProcessID : 1508

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 8.1.105.0

ProductVersion : 8.1.105.0

ProductName : McAfee HackerWatch Service

CompanyName : McAfee, Inc.

FileDescription : McAfee HackerWatch Service

LegalCopyright : © McAfee, Inc. All rights reserved.

OriginalFilename : HWAPI.exe

 

#:16 [mclogsrv.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 1544

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 7,1,131,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : MSC Log Manager

InternalName : mclogsrv

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mclogsrv.exe

 

#:17 [mcupdmgr.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 1588

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 7,1,137,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Update Manager Service

InternalName : mcupdmgr

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mcupdmgr.exe

 

#:18 [mcnasvc.exe]

FilePath : c:\program files\common files\mcafee\mna\

ProcessID : 1616

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 1,1,110,0

ProductVersion : 1,1,0,0

ProductName : McAfee Integrated Security Platform

CompanyName : McAfee, Inc.

FileDescription : McAfee Network Agent

InternalName : McNASvc

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McNASvc.exe

 

#:19 [mcods.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 1640

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 11,1,124,0

ProductVersion : 11,1,0,0

ProductName : McAfee VirusScan

CompanyName : McAfee, Inc.

FileDescription : McAfee VirusScan - On Demand Scan

InternalName : mcods.exe

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mcods.exe

 

#:20 [mcpromgr.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 1656

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 7,1,131,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Integrated Security Platform

InternalName : McProMgr

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McProMgr.exe

 

#:21 [mcproxy.exe]

FilePath : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\

ProcessID : 1684

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 1,1,118,0

ProductVersion : 1,1,0,0

ProductName : McAfee Proxy

CompanyName : McAfee, Inc.

FileDescription : McAfee Proxy Service Module

InternalName : McProxy

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McProxy.exe

Comments : McAfee Proxy Service

 

#:22 [redirsvc.exe]

FilePath : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\

ProcessID : 1720

ThreadCreationTime : 1-22-2007 4:48:46 AM

BasePriority : Normal

FileVersion : 1,1,116,0

ProductVersion : 1,1,0,0

ProductName : McAfee Redirector

CompanyName : McAfee, Inc.

FileDescription : McAfee Redirector Service Module

InternalName : McRedirector

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : RedirSvc.exe

Comments : McAfee Redirector Service

 

#:23 [mcshield.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 1780

ThreadCreationTime : 1-22-2007 4:48:47 AM

BasePriority : High

 

 

#:24 [mcsysmon.exe]

FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\

ProcessID : 1844

ThreadCreationTime : 1-22-2007 4:48:47 AM

BasePriority : Normal

FileVersion : 11,1,130,0

ProductVersion : 11,1,0,0

ProductName : McAfee VirusScan API

CompanyName : McAfee, Inc.

FileDescription : McAfee SystemGuards Service

InternalName : sysmon

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : sysmon.exe

 

#:25 [mctskshd.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 1868

ThreadCreationTime : 1-22-2007 4:48:48 AM

BasePriority : Normal

FileVersion : 7,1,133,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Tqsk Scheduler

InternalName : McTskShd

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mctskshd.exe

 

#:26 [mcusrmgr.exe]

FilePath : C:\PROGRA~1\McAfee\MSC\

ProcessID : 1996

ThreadCreationTime : 1-22-2007 4:48:48 AM

BasePriority : Normal

FileVersion : 7,1,131,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : MISP User Manager

InternalName : McUsrMgr

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McUsrMgr.exe

 

#:27 [mpfsrv.exe]

FilePath : C:\Program Files\McAfee\MPF\

ProcessID : 120

ThreadCreationTime : 1-22-2007 4:48:49 AM

BasePriority : Normal

FileVersion : 8.1.123.0

ProductVersion : 8.1.123.0

ProductName : McAfee Personal Firewall

CompanyName : McAfee, Inc.

FileDescription : McAfee Personal Firewall Service

InternalName : MPFService

LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

OriginalFilename : MpfService.exe

Comments : McAfee Personal Firewall Service

 

#:28 [msksrver.exe]

FilePath : C:\Program Files\McAfee\MSK\

ProcessID : 364

ThreadCreationTime : 1-22-2007 4:48:49 AM

BasePriority : Normal

FileVersion : 8.1.117.0

ProductVersion : 8.1

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller MskServer

InternalName : MskServe

LegalCopyright : Copyright © 2006, McAfee Inc.

OriginalFilename : MskServe.exe

 

#:29 [saservice.exe]

FilePath : C:\Program Files\SiteAdvisor\6009\

ProcessID : 252

ThreadCreationTime : 1-22-2007 4:48:50 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : SAService Application

CompanyName : McAfee, Inc.

FileDescription : SAService Application

InternalName : SAService

LegalCopyright : Copyright McAfee, Inc. 2006

OriginalFilename : SAService.exe

 

#:30 [pdvdserv.exe]

FilePath : C:\Program Files\CyberLink\PowerDVD\

ProcessID : 1100

ThreadCreationTime : 1-22-2007 4:48:54 AM

BasePriority : Normal

FileVersion : 6.00.1027

ProductVersion : 6.00.1027

ProductName : PowerDVD

CompanyName : Cyberlink Corp.

FileDescription : PowerDVD RC Service

InternalName : PowerDVD RC Service

LegalCopyright : Copyright © CyberLink Corp. 1997-2004

OriginalFilename : PDVDSERV.EXE

 

#:31 [rthdcpl.exe]

FilePath : C:\WINDOWS\

ProcessID : 1128

ThreadCreationTime : 1-22-2007 4:48:54 AM

BasePriority : Normal

FileVersion : 2.1.0.6

ProductVersion : 2.1.0.6

ProductName : Realtek HD Audio Sound Effect Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek HD Audio Control Panel

LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.

OriginalFilename : RTHDCPL.EXE

 

#:32 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 1268

ThreadCreationTime : 1-22-2007 4:48:55 AM

BasePriority : Normal

FileVersion : 6.14.10.5168

ProductVersion : 6.14.10.5168

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:33 [mskagent.exe]

FilePath : C:\Program Files\McAfee\MSK\

ProcessID : 1988

ThreadCreationTime : 1-22-2007 4:48:55 AM

BasePriority : Normal

FileVersion : 8.1.117.0

ProductVersion : 8.1

ProductName : McAfee SpamKiller

CompanyName : McAfee Inc.

FileDescription : McAfee SpamKiller MskAgent Application

InternalName : MskAgent

LegalCopyright : Copyright © 2006, McAfee Inc.

OriginalFilename : MskAgent.exe

 

#:34 [siteadv.exe]

FilePath : C:\Program Files\SiteAdvisor\6009\

ProcessID : 2008

ThreadCreationTime : 1-22-2007 4:48:55 AM

BasePriority : Normal

FileVersion : 2.3.0

ProductVersion : 2.3.0

ProductName : SiteAdvisor

CompanyName : McAfee, Inc.

FileDescription : SiteAdvisor

InternalName : SiteAdv

LegalCopyright : Copyright McAfee, Inc. All rights reserved.

OriginalFilename : SiteAdv

 

#:35 [hpztsb04.exe]

FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\

ProcessID : 2012

ThreadCreationTime : 1-22-2007 4:48:55 AM

BasePriority : Normal

FileVersion : 2,76,0,0

ProductVersion : 2,76,0,0

ProductName : HP DeskJet

CompanyName : HP

LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

 

#:36 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2080

ThreadCreationTime : 1-22-2007 4:48:55 AM

BasePriority : Normal

FileVersion : 6.5

ProductVersion : QuickTime 6.5

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:37 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2164

ThreadCreationTime : 1-22-2007 4:48:58 AM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:38 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2184

ThreadCreationTime : 1-22-2007 4:48:58 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:39 [mcagent.exe]

FilePath : C:\PROGRA~1\mcafee.com\agent\

ProcessID : 2192

ThreadCreationTime : 1-22-2007 4:48:59 AM

BasePriority : Normal

FileVersion : 7,1,133,0

ProductVersion : 7,1,0,0

ProductName : McAfee SecurityCenter

CompanyName : McAfee, Inc.

FileDescription : McAfee Integrated Security Platform

InternalName : McAgent

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : McAgent.exe

 

#:40 [googletoolbarnotifier.exe]

FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\

ProcessID : 2248

ThreadCreationTime : 1-22-2007 4:48:59 AM

BasePriority : Normal

FileVersion : 1, 2, 908, 8472

ProductVersion : 1, 2, 908, 8472

ProductName : GoogleToolbarNotifier

CompanyName : Google Inc.

FileDescription : GoogleToolbarNotifier

LegalCopyright : Copyright © 2005-2006

OriginalFilename : GoogleToolbarNotifier.exe

 

#:41 [bigfix.exe]

FilePath : C:\Program Files\BigFix\

ProcessID : 2572

ThreadCreationTime : 1-22-2007 4:49:05 AM

BasePriority : Normal

FileVersion : 2, 0, 2, 3

ProductVersion : 2, 0, 2, 3

ProductName : BigFix

CompanyName : BigFix Inc.

FileDescription : BigFix Client Application

InternalName : BigFix

LegalCopyright : Copyright © 2002

OriginalFilename : BigFix.exe

 

#:42 [mps.exe]

FilePath : C:\PROGRA~1\McAfee\MPS\

ProcessID : 2740

ThreadCreationTime : 1-22-2007 4:49:11 AM

BasePriority : Normal

FileVersion : 9.1.137.0

ProductVersion : 9.1.137.0

ProductName : McAfee Privacy Service

CompanyName : McAfee, Inc.

FileDescription : McAfee Privacy Service 9.0

InternalName : mps9

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mps.exe

 

#:43 [mpsevh.exe]

FilePath : C:\Program Files\McAfee\MPS\

ProcessID : 2828

ThreadCreationTime : 1-22-2007 4:49:15 AM

BasePriority : Normal

FileVersion : 9.1.130.0

ProductVersion : 9.1.130.0

ProductName : McAfee Privacy Service

CompanyName : McAfee, Inc.

FileDescription : McAfee Privacy Service 9.0 Event Handler

InternalName : MpsEventHandler

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : mpsevh.exe

 

#:44 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3196

ThreadCreationTime : 1-22-2007 4:49:25 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:45 [emproxy.exe]

FilePath : C:\PROGRA~1\COMMON~1\McAfee\EmProxy\

ProcessID : 3416

ThreadCreationTime : 1-22-2007 4:54:32 AM

BasePriority : Normal

FileVersion : 11,2,115,0

ProductVersion : 11,2,0,0

ProductName : McAfee Email Proxy

CompanyName : McAfee, Inc.

FileDescription : McAfee Email Proxy

InternalName : EmProxy

LegalCopyright : Copyright © 2006 McAfee, Inc.

OriginalFilename : EmProxy.exe

 

#:46 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 3860

ThreadCreationTime : 1-23-2007 5:27:19 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 20

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

IEHIjacker.SearchExe Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 21

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:[email protected]/

Expires : 1-19-2017 11:18:32 PM

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 1-17-2027 11:18:06 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:[email protected]/

Expires : 1-21-2012 6:00:00 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:24

Value : Cookie:[email protected]/

Expires : 3-23-2007 5:28:42 PM

LastSync : Hits:24

UseCount : 0

Hits : 24

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:[email protected]/

Expires : 1-21-2010 12:42:20 AM

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 5

Objects found so far: 26

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 26

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

IEHIjacker.SearchExe Object Recognized!

Type : RegValue

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Search Bar

 

IEHIjacker.SearchExe Object Recognized!

Type : RegValue

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\search

Value : SearchAssistant

 

IEHIjacker.SearchExe Object Recognized!

Type : RegValue

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Search Page

 

IEHIjacker.SearchExe Object Recognized!

Type : RegData

Data : 1

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Use Custom Search URL

Data : 1

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 30

 

11:37:16 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:08:32.187

Objects scanned:156155

Objects identified:10

Objects ignored:0

New critical objects:10

Share this post


Link to post
Share on other sites

Hi,Millleft

 

First make sure to update Ad-Aware Se

 

Next run this tool here then run your scan with Ad-Aware see if it shows up again.

 

 

Download & install CCleaner

 

Please select/download the toolbar-free CCleaner v1.36.430 - Basic or Slim (English-only) version instead of the Standard Build (which will also install Yahoo Toolbar).

 

Once installed, run CCleaner & select the Windows tab

 

Select ONLY the options illustrated below (Nothing in Applications tab should be checked):

 

cleaner.gif

 

 

(The illustration above's a bit outdated but most the options are still there. You may check Cookies, too, if you wish.)

 

Next: click Options > click Advanced > Uncheck "Only delete files older than 48 hrs" > click [OK]

 

Return to Cleaner main then click Run Cleaner (bottom right)

 

A pop up box will appear advising this process will permanently delete files from your system.

 

Click "OK" and it will scan and clean your system.

 

Click "exit" when done.

 

CCleaner should be run with the above settings in each User Profile! Don't forget to do this.

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Hey HJT

 

OK, I,ve completed those steps and AdAware only found 1 MRU file

(also, just in case I confused things more by my last post, that AdAware log was from Mon 1-22-07 not recent. It was the first one I ran after file transfer from old PC), it hasn't found anything that negative since.

 

I'm wondering about when you said "each user profile", I logged off of windows and the only profile to log back on was Owner. It didn't show Administer profile....so is this what you're talking about? Do I need to do something else?

 

I'm not sure how much is left to do but I eagerly await your expertise!

 

Thanks again

Share this post


Link to post
Share on other sites

Hi,Millleft

 

Sorry for the hold-up and yes that for all users on the PC

now so the files Ad-Aware Se had found before are now gone

is this what you are saying.

 

Gogo :)

Share this post


Link to post
Share on other sites

No prob about the hold up we all have things to do.

 

 

Yes that is correct,

 

I posted the old log because I didn't realize I still had it and thougt it might help with the problems I'm still having.

 

Sorry about the confusion!

 

Also do I need to "enable" administrator and re-run CCleaner?

Edited by Millleft

Share this post


Link to post
Share on other sites

Hey,Millleft

 

Yes please and the problme you are talking about is the PC is

still running slow to you.

 

if so here is something to try for me please do this for just a Min or 2

disable McAfee and till me if the same thing happens to you.

again do this only for a Min or 2

 

Gogo ;)

Share this post


Link to post
Share on other sites

I disabled McAfee and it had no improvement,

 

as far as accounts go, when I hit Log Off and then Switch User User the only option is Owner

 

When I go to Control Panel User Accounts the only options are;

 

Owner

computor administrator and

 

 

Guest

Guest account is off

 

I can access Administrator account in safe mode but then the CCleaner (and other tools) are not accessable.

Help!!!

 

My symptoms are still slow slow slow internet and email, it 2 to 3 mins sometime to open an internet and it still has the twin internet indicators, the fan runs a little fast even when idle and still speeds up when I go to sites like kimkomando and grc.com. Sometimes it dont want to disconnect from the net unless I turn off the modem, and when I connect (before going to any sites) there seems to be alot of computor/modem activity.

 

It acts like something is still trying to re-direct my internet page.

 

When It's not connected to the modem it seems ok, it's not quite as quick as it seemed when I first got it but it does real good on my RealArcade games and other non-internet tasks.

 

I just got it and at first, before I got virused it was WAY faster than the "old" computor (though it's less than 1 1/2 yrs old),

I haven't had much use time since I got tagged right after transferring my pics (and Favorites, I know now that I shouldn't have done that).

 

should I post another hijack-this log?

 

Also I started another topic with my "old" PC since I beleive it is the source of my new PC's (this one) infection. I dont feel safe checking my credit card accounts or any other senitive data.

 

Here is a link

 

http://www.lavasoftsupport.com/index.php?showtopic=6611

 

It started running slower after I ran AdAware so I posted it as a new topic since it is a different PC and I am still worried about it. Maybe it can help point to the problem here. I just don't know what to do.

Edited by Millleft

Share this post


Link to post
Share on other sites

Hi,Millleft

 

Not a bad idea now lit me ask by chance did you happen to add

Ram to the new PC and yes i have done this.

 

and what if anything did you plug in to the new PC

talking about hardware did you try Unpluging any of them.

i will be looking for more info see what if anythng i can find.

 

Gogo :(

Share this post


Link to post
Share on other sites

Hey man,

 

No, haven't added RAM or anything else inside, machine is an eMachines T3516 desktop, only items plugged in is a new Envision LCD flat screen (with auto adjust), my HP printer and the Siemans SpeedStream 4100 DSL modem which I unplug to hook it to my "better old" computor to access the net.

 

The secondary internet indicator seemed to start popping up after blocked those sites w/ McAfee but it didn't help disabling it.

 

It just acts like some evil little creatures are living inside.

 

I'm almost ready to try destructive Format/Recover on this one, it seemed to help the other one.

 

Many Thanks!

 

Heres my new log;

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:47:22 AM, on 1/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\McAfee\MSC\mctskshd.exe

C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\SiteAdvisor\6009\SAService.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6009\SiteAdv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\bigfix.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Stuff\SlapThisShit.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{706DA73F-4A05-4869-856D-F5F097BB38BC}: NameServer = 68.94.156.1 68.94.157.1

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll

O23 - Service: McAfee Application Installer Cleanup (0112911170070116) (0112911170070116mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\011291~1.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe

Edited by Millleft

Share this post


Link to post
Share on other sites

I'm not sure if this means anything but when pulled up the forums and hit refresh because it pulled up a very old page the address in the address bar read;

 

 

http://www.lavasoftsupport.com/index.php?showforum=36

 

with the hex code in it. I never saw that before and I kept hitting refresh on my posts and it would not show the last post I posted this morning.

 

I switched to my other computor and the address bar read;

 

http://www.lavasoftsupport.com/index.php?showtopic=6538

 

more hex, after that I couldn't get any more hex codes to display but I could read my last post on the old PC

 

I'm going CRAZY!!!

 

NEVER MIND it wont display the hex in this post, appearently it deleted it.

 

But I AM going crazy!!

Edited by Millleft

Share this post


Link to post
Share on other sites

Hi,Millleft

 

Yes i know just how you feel, now before you go doing that try this for me

 

Device Manager: 1.Click Start, and then click Control Panel.

 

2. Click Performance and Maintenance, and then click System.

 

3. Click the Hardware tab, and then click Device Manager.

 

 

And have a look see if there are any symbols like say question marks "?"

and so on lit me know.

 

Gogo :(

Share this post


Link to post
Share on other sites

No evrything looks legit.

 

I did notice something that I forgot about and didn't get a good answer fom symantec about (I had never seen it before) but

 

what is the 1394 Connection that is in my network connections? it always says connected even when I have the modem cord unplugged.

 

Also something that I just remembered after reading someone elses post a few mins ago was that one of the things that got me (on my old PC before I bougt this one and transferred files over) was some type of false codec page popped up and when I tried to close it things just turned to crap.

 

I know, I always have alot of questions but I sure am thankful for your time.

 

One other thing is that I discovered is, that when I right click over the "exta" internet indicator when it pops up and then left click on repair, it does a few things and things almost goes normal for amost 1 minute and then things start dragging again.

Share this post


Link to post
Share on other sites

Hi,Millleft

 

For that IP see if this is any help

 

http://support.microsoft.com/kb/307736

 

 

And do this here i don't think you have it but lit's be safe here.

now i have to step out with mums for about 20 Mins i will be back.

 

 

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

 

Please do not run any other options until you are asked to do so.

 

 

Gogo :(

Share this post


Link to post
Share on other sites

OK I think we're onto something, here is the train of events;

 

after reading your post I hit the link (wrong computor I was on the old one) to download the smitfraudfix-no prob., then i realized OOPs wrong computor! So I disconnected it and hooked up the new one, logged on, went to favorites and hit this link and once again it came up without at least 3 or 4 of our last posts, I hit refresh, still no recent posts (even though earlier TODAY I went to a fresh forum page under your "HiJackThis logs" page and relaced my old link in my favs.

 

I could not pull up your last page for your link so I tried to copy to disk the zip file off of the old desktop that I accidentally copied and I got an "incomplete file" error.

 

I than extracted it and got an "incomplete file" error fore every file in the SFF folder...SO

I disconected the old PC (MAN I KNOW THIS IS SO FREAKING CONFUSING) and re-conned the new and I had to Google lavasoftsupport to pull your site up STILL on an old page but I Could refresh it to get to the link to download the SFF (SmitfraudFix) file.

 

Also, you gave me a warning that this might take a while, however this scan was the fastest thing that this new PC has done since the second day that I bought it-it only took less than 4 seconds so I know something is jacking my sh*t.

 

And since I downloaded it on to my old PC first and since I have posted another topic for my old PC I will run it and post it and see if there is any run time difference and length of log created (I haven't ran the old yet).

 

I have a feeling that there is something buried deep in my machines.

 

Here is my SFF post and there don't seem (to me) to be much here

 

Also I'm having to use disks to transfer back and forth so I hope I don't have a re-cross-contamination.

 

the log;

 

 

SmitFraudFix v2.137

 

Scan done at 21:01:49.01, Mon 01/29/2007

Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

Now I am going to run and post the log for my old PC and see if it differs.

I will post it there

Share this post


Link to post
Share on other sites

Sorry we are still working on this one ( the new one) I just posted the other topic because it is the root of all this evil and though you dont have to start on the old one yet I'm hoping that maybe it might help point to what caused the problems.

 

Sorry about that, I know that all of us are keeping you and your staff busy as H*LL, I dont mean for you to start working on that one yet, it's just for referal as a possible source of infection for both PCs.

 

However if you see something like the fatal "Imediatly disconnect your computor from the internet and change bank passwords" PLEASE LET ME KNOW!!!

 

Just stay with me on this with the other one as a reference if need.

 

i just have to have a safe computor to order materials and suppies for my jobs and after the characteristics of BOTH PCs I do think that there is something lurking.

 

THANKS AGAIN

Share this post


Link to post
Share on other sites

Hi,Millleft

 

Ok no problme but just to make sure im on the same page as you on this

so all the tools we have run here have been on the new PC yes :(

 

and the big problme is it's running way slow or is there

more to it then this.

 

Gogo :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0