MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Winsoftware Net Installer
November 15, 2019, 06:09:15 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 15, 2019, 06:09:15 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Winsoftware Net Installer  (Read 1661 times)
Pili Potter
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 50


Bookmark and Share

View Profile
« on: November 06, 2005, 06:23:37 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Windows XP SP2
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hi This is my HJK log. I am getting a lot of popups and I have ZoneAlarm plus two other popup blockers and it still gets through, especially one called WinSoftware Net Installer (that's how it shows in ZA). I've got it on 'kill' in ZA, and I've even typed in the url manually in my popup blockers and it still gets through.
I've also run AdAware yesterday and this morning.
HJT log follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:24 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\lexpps.exe
C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Downloaded Program

Files\CONFLICT.4\UWFX5_0001_N56M0311NetInstaller.exe
C:\Documents and Settings\Pili\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} -

C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: MSEvents Object -

{FC148228-87E1-4D00-AC06-58DCAA52A4D1} -

C:\WINDOWS\system32\geebc.dll
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} -

C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe]

c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [FreeMem Pro]

"C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mydotnames.net
O15 - Trusted Zone: http://petpages.neopets.com
O15 - Trusted Zone: http://webmail.neopets.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB}

(BrowseFolderPopup Class) -

http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

(McAfee.com Operating System Class) -

http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/mu

web_site.cab?1124328678703
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -

http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}

(YahooYMailTo Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

(PopCapLoader Object) -

http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popc

aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo!

Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program

Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: November 06, 2005, 09:55:01 PM »

Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

Your log is very difficult to read.
Kindly turn off the word wrap feature in your text editor.
With notepad, this can be done by going to Format -> untick "Word Wrap".


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download this tool and save it to your desktop. Then double click the tool and follow the instructions.

VirtumundoBeGone.exe

When its done, reboot and post the log that is created on your desktop called VBG.TXT in your next reply


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\geebc.dll
O15 - Trusted Zone: http://www.mydotnames.net
O15 - Trusted Zone: http://petpages.neopets.com
O15 - Trusted Zone: http://webmail.neopets.com
O15 - Trusted Zone: http://www.neopets.com
O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Start HiJackThis & go to  Config>Misc.Tools> Delete a file on reboot...
In the popup box that appears, type in   C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N56M0311NetInstaller.exe
Click the Open button.
Click YES when prompted to restart your computer.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Download and install  CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Then, perform an online scan with Internet Explorer with  Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  • Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  • Click Scan Now
  • Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls    

Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.  
  • Click on see report. Then click Save report


Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and into this topic.
« Last Edit: November 06, 2005, 09:55:56 PM by sUBs » Logged

 
Pili Potter
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 50


Bookmark and Share

View Profile
« Reply #2 on: November 07, 2005, 12:46:21 AM »

homepage.html script is the one I use to make my own custom homepage.

VBG

[11/06/2005, 16:30:16] - Starting Process...
[11/06/2005, 16:30:16] - Looking for Browser Helper Object [MSEvents Object]
[11/06/2005, 16:30:16] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/06/2005, 16:30:16] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/06/2005, 16:30:16] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/06/2005, 16:30:16] - Checking for WinLogon Notify reference. (File: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll)
[11/06/2005, 16:30:16] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/06/2005, 16:30:16] - 3: {724d43a9-0d85-11d4-9908-00400523e39a} -
[11/06/2005, 16:30:16] - WARNING: 3: {724d43a9-0d85-11d4-9908-00400523e39a} - BHO Name is blank.
[11/06/2005, 16:30:16] - Checking for WinLogon Notify reference. (File: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll)
[11/06/2005, 16:30:16] - Couldn't find roboform in Winlogon Notify. Ignoring {724d43a9-0d85-11d4-9908-00400523e39a}.
[11/06/2005, 16:30:16] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/06/2005, 16:30:16] - 5: {CD292324-974F-4224-D074-CACA427AA030} - Neopets
[11/06/2005, 16:30:16] - 6: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/06/2005, 16:30:16] - Found MSEvents Object!
[11/06/2005, 16:30:16] - File location: C:\WINDOWS\system32\geebc.dll
[11/06/2005, 16:30:16] - Attempting to kill C:\WINDOWS\system32\geebc.dll
[11/06/2005, 16:30:16] - Terminating Process: RUNDLL32.EXE
[11/06/2005, 16:30:16] - Terminating Process: IEXPLORE.EXE
[11/06/2005, 16:30:19] - Disabling Automatic Shell Restart
[11/06/2005, 16:30:19] - Terminating Process: EXPLORER.EXE
[11/06/2005, 16:30:20] - Suspending the NT Session Manager System Service
[11/06/2005, 16:30:23] - Terminating Windows NT Logon/Logoff Manager
[11/06/2005, 16:30:25] - Re-enabling Automatic Shell Restart
[11/06/2005, 16:30:25] - Renaming C:\WINDOWS\system32\geebc.dll -> C:\WINDOWS\system32\geebc.dll.vir
[11/06/2005, 16:30:25] - File successfully renamed!
[11/06/2005, 16:30:25] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/06/2005, 16:30:25] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/06/2005, 16:30:25] - Removing Winlogon Notify Entry: geebc
[11/06/2005, 16:30:25] - BHO list has been changed! Starting over...
[11/06/2005, 16:30:25] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/06/2005, 16:30:25] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/06/2005, 16:30:25] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/06/2005, 16:30:25] - Checking for WinLogon Notify reference. (File: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll)
[11/06/2005, 16:30:25] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/06/2005, 16:30:25] - 3: {724d43a9-0d85-11d4-9908-00400523e39a} -
[11/06/2005, 16:30:25] - WARNING: 3: {724d43a9-0d85-11d4-9908-00400523e39a} - BHO Name is blank.
[11/06/2005, 16:30:25] - Checking for WinLogon Notify reference. (File: C:\Program Files\Siber Systems\AI RoboForm\roboform.dll)
[11/06/2005, 16:30:25] - Couldn't find roboform in Winlogon Notify. Ignoring {724d43a9-0d85-11d4-9908-00400523e39a}.
[11/06/2005, 16:30:25] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/06/2005, 16:30:25] - 5: {CD292324-974F-4224-D074-CACA427AA030} - Neopets
[11/06/2005, 16:30:25] - Finished searching for [MSEvents Object]
[11/06/2005, 16:30:25] - Finishing up...
[11/06/2005, 16:30:25] - Enabling Automatic Reboot on STOP Error.
[11/06/2005, 16:30:25] - Attempting to Restart via STOP error (Blue Screen!)

ActiveScan

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/ist.istbar      No disinfected                C:\WINDOWS\SYSTEM32\aupdate.conf                                                                                                                                                                                                                                
Spyware:spyware/betterinet    No disinfected                C:\WINDOWS\SYSTEM32\in10b6s.dll                                                                                                                                                                                                                                
Dialer:dialer.cge             No disinfected                C:\WINDOWS\SYSTEM32\wininetd.log                                                                                                                                                                                                                                
Adware:adware/keenvalue       No disinfected                C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho                                                                                                                                                                                                                      
Adware:adware/exact.bargainbuddyNo disinfected                C:\WINDOWS\msxct1.ini                                                                                                                                                                                                                                          
Adware:adware/cws             No disinfected                C:\Documents and Settings\Pili\Favorites\Fun & Games                                                                                                                                                                                                            
Adware:adware/sidesearch      No disinfected                C:\Documents and Settings\Pili\Application Data\Lycos                                                                                                                                                                                                          
Adware:adware/wupd            No disinfected                Windows Registry                                                                                                                                                                                                                                                
Spyware:Spyware/Virtumonde    No disinfected                C:\asdf.exe                                                                                                                                                                                                                                                    
Virus:JS/Fortnight.D@M        Disinfected                   C:\Documents and Settings\Pili\Local Settings\Application Data\IM\Identities\{15962F1A-7B10-4E60-AB3C-DBD8C565D902}\Message Store\Inbox.imm[~0000033.~]                                                                                                        
Adware:Adware/Trymedia        No disinfected                C:\Documents and Settings\Pili\My Documents\BlastThru-dm.exe                                                                                                                                                                                                    
Adware:Adware/Otx             No disinfected                C:\Documents and Settings\Pili\My Documents\HJT\backups\backup-20050702-070811-195.dll                                                                                                                                                                          
Virus:Trj/Downloader.DTQ      Disinfected                   C:\Program Files\Ricochet Lost Worlds\CRACK.ZIP[RLWres.dll]                                                                                                                                                                                                    
Possible Virus.               No disinfected                C:\Program Files\Ricochet Lost Worlds\RLWres.dll                                                                                                                                                                                                                
Virus:Trj/Conhook.E           Disinfected                   C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP83\A0025720.exe                                                                                                                                                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP83\A0026079.dll                                                                                                                                                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\geebc.dll.vir                                                                                                                                                                                                                              
Adware:Adware/InstaFinder     No disinfected                C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe                                                                                                                                                                                                                    
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\SYSTEM32\jkklk.dll                                                                                                                                                                                                                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\ssqpm.dll                                                                                                                                HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 6:44:36 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pili\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mydotnames.net
O15 - Trusted Zone: http://petpages.neopets.com
O15 - Trusted Zone: http://webmail.neopets.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124328678703
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

                                                                                               
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #3 on: November 07, 2005, 06:04:11 AM »

Please reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following files/folders:
  • C:\WINDOWS\SYSTEM32\aupdate.conf
    C:\WINDOWS\SYSTEM32\in10b6s.dll
    C:\WINDOWS\SYSTEM32\wininetd.log
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
    C:\WINDOWS\msxct1.ini
    C:\Documents and Settings\Pili\Favorites\Fun & Games
    C:\Documents and Settings\Pili\Application Data\Lycos
    C:\asdf.exe
    C:\Documents and Settings\Pili\My Documents\BlastThru-dm.exe
    C:\WINDOWS\SYSTEM32\geebc.dll.vir
    C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe
    C:\WINDOWS\SYSTEM32\jkklk.dll
    C:\WINDOWS\SYSTEM32\ssqpm.dll

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please post a new HJT log & let m eknow if you still have issues with your machine
Logged

 
Pili Potter
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 50


Bookmark and Share

View Profile
« Reply #4 on: November 07, 2005, 02:08:24 PM »

Ok I've done everything, except under the Standard Cleanup, there was an Option called Cleanup All Users, that I didn't do, because I didn't know if it was just going to clean up 'bad' files or if it would clean up everything. I should have asked first, I know. If it's just going to do the 'bad' files, I'll go ahead and do that if you want.

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 8:06:57 AM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pili\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/Favorites%20Home%20Page/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mydotnames.net
O15 - Trusted Zone: http://petpages.neopets.com
O15 - Trusted Zone: http://webmail.neopets.com
O15 - Trusted Zone: http://www.neopets.com
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124328678703
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 11, 2005, 03:31:01 AM »

You can run Cleanup as it will only take out all the old temp files.
Logged

An Australian Member of

EDDY
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #6 on: November 11, 2005, 07:55:51 AM »

Kindly respond after you have done CleanUp by posting a new HJT log
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 02, 2017, 02:45:58 PM