|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
October 18th, 2005, 03:39 AM
|
|||
|
|||
|
Search engines keep directing me to other search engines.
Alright I am pretty sure there is a virus on this pc or some sort of spyware/adware. For the past few days when I type information into the yahoo search engine I don't get directed to the actual site of web address. Instead I get directed to another search engine. It takes multiple times to get directed to the actual site I intended to. I have done a full system scan on with McAfee antivirus and no viruses are found on the computer. I am not sure how to proceed with fixing this. Any suggestions? I am running windows xp home ed.
|
|
#2
October 18th, 2005, 05:34 AM
|
|||
|
|||
|
Please download HijackThis. It will create a directory folder for you. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help determine what,if any, spyware/malware is on your computer.
|
|
#3
October 18th, 2005, 06:51 AM
|
|||
|
|||
|
Thanks for the reply. This is what I got as a result.
Logfile of HijackThis v1.99.1 Scan saved at 1:49:14 AM, on 10/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe C:\Program Files\Dell Support\DSAgnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\FinePixViewer\QuickDCF.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Verizon Online\SupportCenter\bin\mad.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\Program Files\Verizon Online\Verizon Online Control Pad\UIEngines\FlashUIEngine\cpskin.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...0&bm=ho_search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Bho - {900CA02A-990F-4f0d-8E8E-28A3F82F08D8} - C:\WINDOWS\system32\urkahoma.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Verizon Online Control Pad] "C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...to/install.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87780E36-CDD7-4847-A664-3BA99EFD0A8C}: NameServer = 151.203.0.84 151.203.0.85 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
|
|
#4
October 18th, 2005, 07:30 AM
|
|||
|
|||
|
Hi
Run HJT and fix these items and see if that helps... O2 - BHO: Bho - {900CA02A-990F-4f0d-8E8E-28A3F82F08D8} - C:\WINDOWS\system32\urkahoma.dll O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ----------------------------------------- Then do a cleanup.Please download Ewido Security Suite and do a scan when you first go into Safe Mode Install Ewido Security Suite. When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu" To open the main screen double click the icon on the desktop. You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK. Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates. Now Click on Scanner and Click on Complete System Scan and the scan will start. During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one. If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections' If you are unsure of any entry found play safe and select None as the action. Press the button marked Save Report Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.
|
|
#5
October 19th, 2005, 03:08 AM
|
|||
|
|||
|
Thanks Amillion for all that information. My computer is back to functioning normally. Again I really appreciate your help!
ewido security suite - Scan report + Created on: 10:02:31 PM, 10/18/2005 + Report-Checksum: C50ED0D4 + Scan result: C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Ignored C:\Documents and Settings\Tenisha Walton\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Ignored C:\Documents and Settings\Tenisha Walton\My Documents\My Downloads\WFXScanR.exe -> Not-A-Virus.Downloader.Agent.c : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0293386.dll -> Spyware.WildTangent : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0293397.dll -> Spyware.WildTangent : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0293407.dll -> Spyware.WildTangent : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP700\A0293410.dll -> Spyware.WildTangent : Ignored C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@highbeam.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@link4ads[1].txt -> Spyware.Cookie.Link4ads : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Tenisha Walton\Cookies\tenisha walton@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\WINDOWS\SYSTEM32\gebcb.dll -> TrojanDownloader.Small.bpk : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 10:04:49 PM, on 10/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe C:\Program Files\Dell Support\DSAgnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\FinePixViewer\QuickDCF.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Verizon Online\SupportCenter\bin\mad.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\Program Files\Verizon Online\Verizon Online Control Pad\UIEngines\FlashUIEngine\cpskin.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\mcafee.com\agent\mcupdate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...0&bm=ho_search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Verizon Online Control Pad] "C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...to/install.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87780E36-CDD7-4847-A664-3BA99EFD0A8C}: NameServer = 151.203.0.84 151.203.0.85 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
|
|
#6
October 19th, 2005, 03:22 AM
|
|||
|
|||
|
Thats all looking fine.Your log is now clean.
Please use this as Your Guide to Spyware Prevention and feel free to use any of the tools provided.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| search engines.. | Jaytee | Internet / Browsers | 11 | April 28th, 2015 02:29 PM |
| search engines | krisb7 | Internet / Browsers | 2 | December 11th, 2006 01:51 PM |
| ALL search engines are DOWN! | Spider | Open Discussion | 5 | September 16th, 2005 05:19 PM |
| Using Search Engines | Jim Smith | Internet / Browsers | 4 | October 25th, 2003 03:39 AM |
| online search engines wont search | fast68 | Malware Removal | 36 | October 16th, 2003 04:49 PM |
All times are GMT +1. The time now is 07:13 AM.