MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Major Problems with my computer, help appreciated (HijackThis log included)
October 15, 2019, 05:29:12 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 15, 2019, 05:29:12 AM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Major Problems with my computer, help appreciated (HijackThis log included)  (Read 2022 times)
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« on: April 07, 2006, 10:59:05 PM »

Hello, I am a new user here. I've been trying to manage with these problems, but all i'm getting very frustrated. Problems include: massive pop-ups, IE homepage hijacked, random reboots, fatal errors, reloading desktop, randomly minimized and restored down windows, and I get new trojans downloaded almost daily. The worse part is that it is not even my computer, and I don't want to make this person feel that I was irresponsible. Anyways, here is the HiJackThis log, any help would be greatly appreciated.

Quote
Logfile of HijackThis v1.99.1
Scan saved at 5:31:03 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\ICROSO~1.NET\msdtc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [zGSl] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinnrag.exe FI002
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Eprc] "C:\WINDOWS\ICROSO~1.NET\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Sdn] C:\Program Files\?ymbols\j?vaw.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [Popups Nuker] C:\Program Files\Popups Nuker\PopNuker.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinnrag.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nmstarter/NMStarter22.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload100a.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {828DEFB6-7F3F-49B1-A024-2B849D619E24} - C:\WINDOWS\system32\y7xnyala7.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\mvn8l95u1.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: April 08, 2006, 12:54:42 AM »

Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed.

-------------------------------------------------------------

Before we start working with your log, you are running Hijack This from a temporary location. If we leave it where it is, backups will not be saved so lets move the file to it's own folder in C:\Program Files.

To do this, go here and download Move_HijackThis.vbs to your Desktop.


Doubleclick on Move_hijackthis.vbs to run it. If you get a warning about a malicious script, please ignore that and allow this to run.

When the script has finished running, it will start Hijackthis from its new location in C:\Program Files\Hijackthis\hijackthis.exe. To run Hijack This next time, please go to C:\Programs Files or use the Run box.

-----------------------------------------------------------

Download any of the required programs before attempting to start any of the fixes.

  ------------------------------------------------------------------


Please go here and run the Purity Scan Uninstaller.Reboot after completion.

--------------------------------------------------------------------
To help clean out Trusted Zones,download and run  DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


--------------------------------------------------------------------

Please download Look2Me-Destroyer.exe to your desktop and close all windows before continuing.

Doubleclick Look2Me-Destroyer.exe to run it and put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK. When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK.

When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown.

Restart your computer and please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


--------------------------------------------------------------------

Download the trial version of Ewido Security Suite

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
 http://www.ewido.net/en/download/updates/. Do not run a scan yet.

When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts).

Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.Please post its log here.

----------------------------------------------------------------
SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
 ------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.

Folders that have been highlighted RED will need to be uninstalled.



-----------------------------------------------------------------------

Please start by going into SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
 ------------------------------------------------------------------


               
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.

O4 - HKLM\..\Run: [zGSl] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinnrag.exe FI002
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKCU\..\Run: [Eprc] "C:\WINDOWS\ICROSO~1.NET\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Sdn] C:\Program Files\?ymbols\j?vaw.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinnrag.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nmstarter/NMStarter22.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload100a.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {828DEFB6-7F3F-49B1-A024-2B849D619E24} - C:\WINDOWS\system32\y7xnyala7.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\mvn8l95u1.dll


------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted  file/s
Also delete the following red folder/s
 
 C:\WINDOWS\system32\mvn8l95u1.dll
C:\WINDOWS\system32\y7xnyala7.dll
C:\WINDOWS\system32\qwinnrag.exe
C:\windows\mousepad9.exe
C:\windows\newname9.exe
C:\windows\keyboard9.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\irssyncd.exe

 -------------------------------------------------------------------



When finished please  post a new log......
Logged

An Australian Member of

EDDY
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: April 08, 2006, 01:59:57 AM »

When I try to download the Move_HijackThis.vbs, all I get is some text in my browser.
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: April 08, 2006, 02:07:12 AM »

Remove the one you have and download HijackThis from here.  It will create a directory folder for you in C\Program files.
Logged

An Australian Member of

EDDY
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #4 on: April 08, 2006, 02:35:37 AM »

Here's the Look2Me-Destroyer log you asked for,

Quote
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/7/2006 9:26:05 PM

Infected! C:\WINDOWS\system32\m6rmlg9116.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050905.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050930.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050937.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0051940.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051960.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051965.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051987.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051992.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052009.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052018.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052061.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052087.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052102.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052117.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052128.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052133.dll
Infected! C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052138.dll
Infected! C:\WINDOWS\system32\dakquoui.dll
Infected! C:\WINDOWS\system32\dwdmoprp.dll
Infected! C:\WINDOWS\system32\dykquoui.dll
Infected! C:\WINDOWS\system32\en4ml1h11.dll
Infected! C:\WINDOWS\system32\en8sl1l71.dll
Infected! C:\WINDOWS\system32\f8j2li1o18.dll
Infected! C:\WINDOWS\system32\kodmaori.dll
Infected! C:\WINDOWS\system32\l2r0lc9m1f.dll
Infected! C:\WINDOWS\system32\m4pole731h.dll
Infected! C:\WINDOWS\system32\m6rmlg9116.dll
Infected! C:\WINDOWS\system32\mvlml9311.dll
Infected! C:\WINDOWS\system32\nomsapi.dll
Infected! C:\WINDOWS\system32\o6pq0g75e6.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\m6rmlg9116.dll
C:\WINDOWS\system32\m6rmlg9116.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050905.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050905.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050930.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050930.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050937.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0050937.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0051940.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP83\A0051940.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051960.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051960.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051965.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051965.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051987.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051987.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051992.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP84\A0051992.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052009.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052009.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052018.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052018.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052061.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP85\A0052061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052087.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052087.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052102.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052102.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052117.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052117.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052128.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052128.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052133.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052133.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052138.dll
C:\System Volume Information\_restore{5B686006-38BC-4D60-BDB1-AFED744EDC32}\RP86\A0052138.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dakquoui.dll
C:\WINDOWS\system32\dakquoui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dwdmoprp.dll
C:\WINDOWS\system32\dwdmoprp.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dykquoui.dll
C:\WINDOWS\system32\dykquoui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en4ml1h11.dll
C:\WINDOWS\system32\en4ml1h11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en8sl1l71.dll
C:\WINDOWS\system32\en8sl1l71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f8j2li1o18.dll
C:\WINDOWS\system32\f8j2li1o18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kodmaori.dll
C:\WINDOWS\system32\kodmaori.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l2r0lc9m1f.dll
C:\WINDOWS\system32\l2r0lc9m1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m4pole731h.dll
C:\WINDOWS\system32\m4pole731h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m6rmlg9116.dll
C:\WINDOWS\system32\m6rmlg9116.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvlml9311.dll
C:\WINDOWS\system32\mvlml9311.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\nomsapi.dll
C:\WINDOWS\system32\nomsapi.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6pq0g75e6.dll
C:\WINDOWS\system32\o6pq0g75e6.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B35DDEA-D2DC-489B-B469-52E5989DB1BA}"
HKCR\Clsid\{9B35DDEA-D2DC-489B-B469-52E5989DB1BA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3AF1C18F-A8C9-43A9-BB28-BE0B3B1B6E9A}"
HKCR\Clsid\{3AF1C18F-A8C9-43A9-BB28-BE0B3B1B6E9A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8CB3A5DB-402C-499A-9643-C51435E9CB67}"
HKCR\Clsid\{8CB3A5DB-402C-499A-9643-C51435E9CB67}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{17D9C312-46E2-4824-BD20-56C7B468B7E9}"
HKCR\Clsid\{17D9C312-46E2-4824-BD20-56C7B468B7E9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4CFD884F-2B22-4F19-8F3C-9C5981AD0389}"
HKCR\Clsid\{4CFD884F-2B22-4F19-8F3C-9C5981AD0389}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1F9AB693-942D-43F5-AC71-38378A72DE3A}"
HKCR\Clsid\{1F9AB693-942D-43F5-AC71-38378A72DE3A}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
Logged
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #5 on: April 08, 2006, 02:36:55 AM »

And this is the HiJackThis log (Wouldn't let me put it in one post).

Quote
Logfile of HijackThis v1.99.1
Scan saved at 9:33:23 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [zGSl] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinnrag.exe FI002
O4 - HKLM\..\Run: [Coke Music Client 1.4] C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\RarSFX0\RS8bR\Coke Music Client 1.4.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [Popups Nuker] C:\Program Files\Popups Nuker\PopNuker.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinnrag.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nmstarter/NMStarter22.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload100a.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {828DEFB6-7F3F-49B1-A024-2B849D619E24} - C:\WINDOWS\system32\y7xnyala7.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: April 08, 2006, 03:08:10 AM »

These still need to be fixed as they are still in the log.

To help clean out Trusted Zones,download and run  DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O4 - HKLM\..\Run: [zGSl] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinnrag.exe FI002
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe
O4 - HKCU\..\Run: [Eprc] "C:\WINDOWS\ICROSO~1.NET\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [Sdn] C:\Program Files\?ymbols\j?vaw.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinnrag.exe
O4 - HKLM\..\Run: [Coke Music Client 1.4] C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\RarSFX0\RS8bR\Coke Music Client 1.4.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nmstarter/NMStarter22.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload100a.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {828DEFB6-7F3F-49B1-A024-2B849D619E24} - C:\WINDOWS\system32\y7xnyala7.dll



------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted  file/s
Also delete the following red folder/s
 
 C:\WINDOWS\system32\mvn8l95u1.dll
C:\WINDOWS\system32\y7xnyala7.dll
C:\WINDOWS\system32\qwinnrag.exe
C:\windows\mousepad9.exe
C:\windows\newname9.exe
C:\windows\keyboard9.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\irssyncd.exe

 -------------------------------------------------------------------
Reboot and post a new HJT log
Logged

An Australian Member of

EDDY
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #7 on: April 08, 2006, 03:37:05 AM »

Okay, I've done all that, this is what I've got now, thanks by the way for all your help. The performance of my computer has already started to improve. Anyways, here you are:

Quote
Logfile of HijackThis v1.99.1
Scan saved at 10:33:10 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BYOND\bin\dreamseeker.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137923173\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Popups Nuker] C:\Program Files\Popups Nuker\PopNuker.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: April 08, 2006, 03:57:54 AM »

Well done.All clean...nice job.



If you wish to do so, here are a few things that you can do that will help keep your computer a bit more cleaner and a bit more safer..

If you have not already done so, you might want to run   Disk Cleanup and run it in each user's profile:

Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.


Now that you are clean its now is a good time to  flush out your restored files.

To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

How Do I Protect My Computer Against Future Malware Now I'm Clean.

NOTE:You may have already taken some of these steps.

Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches.  How to update your Windows operating system

Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.

Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).

Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:

Open Internet Explorer. Go to Tools > Internet Options
Logged

An Australian Member of

EDDY
Crooked
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #9 on: April 08, 2006, 04:01:40 AM »

All right, thanks for everything, hopefully this is the last time I need to do something like this. Two karma points for you...
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: April 08, 2006, 05:02:53 AM »

Ok.Thanks.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 05, 2018, 08:08:05 AM