Go Back   WorldStart Tech & Computer Help Forums > PC Ask and Answer Questions

Reply
 
Thread Tools Display Modes
  #21  
Old 08-18-2010, 11:43 PM
tman80 tman80 is offline
Senior Member
 
Join Date: Jul 2004
Location: Middle Tn.
Posts: 713
Here is the correct link from another thread. Follow Mikes advice.

http://www.sophos.com/products/free-...i-rootkit.html

* Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
* Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
* A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
* Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
* If the scan did not start automatically, make sure the following are checked:
o Running processes
o Windows Registry
o Local Hard Drives
* Click Start scan.
* Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
* When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
* Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
o Files tagged as Removable: No are not marked for removal and cannot be removed.
o Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
o Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
* Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
* A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
* After reboot, a dialog box displays the files you selected for removal and the action taken.
* Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
* When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
* This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
__________________
Dell Optiplex 745,Intel Pentium D, 3.0 GHz, Dual Boot W7sp1 & Ubuntu 14.04LTS, 120 GigHD, 3GigRam, Avast, Malwarebytes, Spywareblaster, Ccleaner, Pale Moon 24.7.1, Firefox 31.0, Comcast Internet
Reply With Quote
  #22  
Old 08-18-2010, 11:57 PM
surferdude's Avatar
surferdude surferdude is offline
Learning everyday
 
Join Date: Aug 2005
Location: In God's Hands
Posts: 11,072
Quote:
Originally Posted by KAE View Post
Cleaned my temp files. This link returns a page not found. Pls advise.

http://www.sophos.com/products/free-...i-rootkit.html
WAIT for verification, but I think this is the link http://www.sophos.com/products/free-...i-rootkit.html
__________________
Sunnys Blog

Kind words don't wear out the tongue
Reply With Quote
  #23  
Old 08-19-2010, 05:20 AM
MikeN.
Guest
 
Posts: n/a
Quote:
Originally Posted by surferdude View Post
WAIT for verification, but I think this is the link http://www.sophos.com/products/free-...i-rootkit.html
Its the exact same link as correctly posted by Tman. Thanks for correcting that link Tman
Reply With Quote
  #24  
Old 08-19-2010, 09:50 AM
surferdude's Avatar
surferdude surferdude is offline
Learning everyday
 
Join Date: Aug 2005
Location: In God's Hands
Posts: 11,072
Quote:
Originally Posted by MikeN. View Post
Its the exact same link as correctly posted by Tman. Thanks for correcting that link Tman
Well, I sure as heck didn't see his link , sorry tman.
__________________
Sunnys Blog

Kind words don't wear out the tongue
Reply With Quote
  #25  
Old 08-19-2010, 08:51 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
None of the files were marked for removal. There were 10 files. There Removable status is: Yes (but clean up not recommended for this file).


Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 8/19/2010 at 19:42:07 PM
User "" on computer ""
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Documents and Settings\K\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Hidden: file C:\Program Files\Outlook Express\msoeres.dll
Hidden: file C:\Documents and Settings\K\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
Hidden: file C:\Documents and Settings\R\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\DellSupportODBK[1].exe
Hidden: file C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e 88561d2ddb53e183dc05c3e\wmm2res.dll
Hidden: file C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
Hidden: file C:\Documents and Settings\R\Local Settings\Temporary Internet Files\Content.IE5\YPGVYTU5\1235926482257981%2FK%3D yqUBmY0F8GP.kXraG.KQ0g%2FA%3D5404710%2FR%3D0%2F%2A %24,http%3A%2F%2Fus.mc808.mail.yahoo.com%2Fmc%2Fsh owfolder%3Ffid%3Dinbox%26[1].htm
Hidden: file C:\Documents and Settings\R\Local Settings\Temporary Internet Files\Content.IE5\SLOBKR87\ttp%3A%2F%2Fus.mc808.ma il.yahoo.com%2Fmc%2Fshowfolder%3B_ylt%3Dar8ee8wyt6 29afztmyrzux.7m70x%3F%26fid%3Dinbox%26[1].rand%3D913134575%26da%3D0,;ord=1235926558
Hidden: file C:\Documents and Settings\R\Local Settings\Temporary Internet Files\Content.IE5\SLOBKR87\1235926582792309%2FK%3D c.QVQ676wfiz1eB9USxbBw%2FA%3D5404710%2FR%3D0%2F%2A %24,http%3A%2F%2Fus.mc808.mail.yahoo.com%2Fmc%2Fsh owfolder%3Ffid%3Dinbox%26[1].htm
Hidden: file C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
Stopped logging on 8/19/2010 at 20:21:43 PM
Reply With Quote
  #26  
Old 08-19-2010, 09:13 PM
MikeN.
Guest
 
Posts: n/a
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to use Internet Explorer to to complete this scan and you will need to allow an Active X to be installed or you may use Firefox if you have the IE tab add on.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Reply With Quote
  #27  
Old 08-19-2010, 10:20 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0c100cce1e6bed4683b2ff25746c116a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-08-20 03:09:14
# local_time=2010-08-19 10:09:14 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 2343192 34276550 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72000
# found=7
# cleaned=7
# scan_time=2326
C:\Documents and Settings\k\My Documents\MUSIC\chrisette michelle- morning 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 518C678B27A868CA440E7CDF3ECC5A87 C
C:\Documents and Settings\k\My Documents\MUSIC\epiphacy chrisette michelle [256k quality].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) B209BB84CDD08668624279B4D6D61074 C
C:\Documents and Settings\k\My Documents\MUSIC\i decided solange.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 89F40A88A2D8325AD7BF73ED242B4304 C
C:\Documents and Settings\k\My Documents\MUSIC\Keyshia Cole - A Different Me - 04 - Erotic.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 92D5C11030F35624D1B95F9020E2EBD4 C
C:\Documents and Settings\k\My Documents\MUSIC\leela james hot new track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 1F0B23E039353B2933EA0CAFEDFFA29E C
C:\Documents and Settings\k\My Documents\MUSIC\leela james.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 71B46AF29C39DC0D4C8AC8E7DAF6D6A7 C
C:\Documents and Settings\k\My Documents\MUSIC\love is really my game.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) B209BB84CDD08668624279B4D6D61074 C
Reply With Quote
  #28  
Old 08-20-2010, 07:00 AM
MikeN.
Guest
 
Posts: n/a
Please give me an uninstall list


Uninstall list from HiJackThis

http://free.antivirus.com/hijackthis/

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
click on the Save list... button and specify where you would like to save this file, desktop is easy to find and remember. When you press Save button a notepad will open with the contents of that file.
Copy/Paste that file back here.




Next tool. Install Superantispyware, update it and run another Full scan. Post the log when done.

http://www.superantispyware.com/download.html
Reply With Quote
  #29  
Old 08-20-2010, 07:48 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
Should I run hijack?

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AOLIcon
Business Contact Manager for Outlook 2007
Business Contact Manager for Outlook 2007
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Games
Dell Photo Printer 720
Dell Photo Printer 720 Logger
DellSupport
Digital Content Portal
Digital Line Detect
D-Link AirPlus G DWL-G122
EducateU
ESET Online Scanner v3
GemMaster Mystic
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 2.0 (KB923319)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 21
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Modem Helper
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MyWay Search Assistant
NetWaiting
NetZeroInstallers
OCR Software by I.R.I.S. 10.0
Otto
PaperPort
PowerDVD 5.5
QuickTime
RealPlayer Basic
SBC Self Support Tool
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shop for HP Supplies
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Rootkit 1.5.4
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Wheel Of Fortune
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
WordPerfect Office 12
Reply With Quote
  #30  
Old 08-20-2010, 07:53 PM
MikeN.
Guest
 
Posts: n/a
Before going any further, this needs to be uninstalled immediately LimeWire 4.12.6 Its most likely the reason for all your infections. I will post more about this later in this thread but it needs to be uninstalled then run SAS and post the log. Once you have posted the log from SAS then do a HJT log


edited: uninstall this one also if its in Add/Remove MyWay Search Assistant
Reply With Quote
  #31  
Old 08-20-2010, 08:41 PM
MikeN.
Guest
 
Posts: n/a
I wont be around tomorrow, here are the next steps. I will look at your HJT after work unless you post again tonight. Uninstall these also. Post the SAS log, HJT log, run the next tool.

J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
MyWay Search Assistant
Sophos Anti-Rootkit 1.5.4

Next tool
http://www.microsoft.com/security/ma...e/default.aspx
Reply With Quote
  #32  
Old 08-20-2010, 09:34 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
Mike - thanks for your help as always.
I've attached the hijack log.
Currently looking for the SAS log.
I removed Limewire.
I'll remove the other program you recommended and run the next step.

--
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:33 PM, on 8/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\k\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mps/en-us/...df091&langid=1
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1261229035474
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1261229024677
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service (mcafee siteadvisor service) - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (mcproxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11188 bytes
Reply With Quote
  #33  
Old 08-20-2010, 09:47 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2010 at 08:47 PM

Application Version : 4.41.1000

Core Rules Database Version : 5388
Trace Rules Database Version: 3200

Scan type : Complete Scan
Total Scan Time : 00:38:25

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 8750
Registry threats detected : 0
File items scanned : 26532
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\k\Cookies\k@hitbox[1].txt
C:\Documents and Settings\k\Cookies\k@ehg-eset.hitbox[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
interclick.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
m1.2mdn.net [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
media.mtvnservices.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
media.scanscout.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
msnbcmedia.msn.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
objects.tremormedia.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
service.twistage.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
spe.atdmt.com [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]
udn.specificclick.net [ C:\Documents and Settings\k\Application Data\Macromedia\Flash Player\#SharedObjects\UF2QMAD5 ]

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP588\A0041893.DLL
Reply With Quote
  #34  
Old 08-20-2010, 09:53 PM
MikeN.
Guest
 
Posts: n/a
Rerun HJT, put a check in the box next to these then Fix Checked, reboot Very important to get these removed and dont start clicking on them please

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html


Large number of startups to deal with. Download this small startup utility,install it, to start it look in Control Panel for Startup Icon. Once the program is opened, look under each tab for these, uncheck them, close the program, reboot.

http://www.mlin.net/StartupCPL.shtml

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe

For this one C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Open Superantispyware, click Preferences then Startup Options, uncheck the top three boxes. (if this is the free version, paid version leave it alone)



Let me know what happened with the Microsoft tool whether or not anything was found, this will be the next tool to use. http://housecall.trendmicro.com/


edited: Go to Add/Remove, uninstall that Wildtangent entry that showed in your Uninstall list WildTangent Web Driver
Reply With Quote
  #35  
Old 08-21-2010, 11:07 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
Latest hijack after suggested removals:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:00 PM, on 8/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\k\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mps/en-us/...df091&langid=1
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1261229035474
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1261229024677
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service (mcafee siteadvisor service) - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (mcproxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10660 bytes
Reply With Quote
  #36  
Old 08-21-2010, 11:13 PM
MikeN.
Guest
 
Posts: n/a
What happened with the scan from #31? Plus all the startups are still there

Quote:
Originally Posted by MikeN. View Post
Reply With Quote
  #37  
Old 08-21-2010, 11:17 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
Currently searching for the log from the microsoft process - it didn't find anything.
Reply With Quote
  #38  
Old 08-21-2010, 11:19 PM
MikeN.
Guest
 
Posts: n/a
Ok, run this next online scan. http://housecall.trendmicro.com/

Did you uninstall that Wildtangent entry?

Deal with those startups I already posted also

You also need to consider which AV you are going to change to, Avira or Avast. It wont be done yet but think about it.
Reply With Quote
  #39  
Old 08-21-2010, 11:22 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
I'm getting this popup New Network Connection message after restart from McAfee:

Your computer has connected to a new network.

You can add this network as Trusted (for example, at home); as Standard (for example, in a corporate network); or as Public (for example, at an Internet café, hotel, or airport). Learn more

About this Connection
Gateway: (i removed this number - not sure if it identifies location)
Mask: 255.255.255.0

It's asking what I want to do:
Add this network as Public, Trusted or Standard.
Reply With Quote
  #40  
Old 08-21-2010, 11:23 PM
KAE KAE is offline
Senior Member
 
Join Date: Sep 2005
Posts: 674
I'm in the process of running the start up utility.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:13 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc