View Full Version : MY SPyBot log
There is this program yahabags that i think hijacked my browser
Here is my hijackthis log Newbie sry if i didnt to everthing right
Thanx
Logfile of HijackThis v1.99.1
Scan saved at 11:43:20 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ajeixvvm.dll",setvm
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
Angelfire777
2007-03-14, 13:56
Hi, welcome to Safer Networking Forums!
*Since HijackThis creates backups of all it fixes and we want them safe and secured should they be required later, we need to move HijackThis to a permanent folder.
a.) While in your Desktop, right click in the background > Go to New > click Folder > Name the Folder HJT
b.) After creating the folder, find your HijackThis.exe (it looks like a detonator with some dynamites). Then, drag and drop that file to the new folder you created.
__________
*It is possible that some of the entries are hiding from us, so please rename HijackThis.exe to something like angelfire777.exe
*Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
*I would like you to scan a few files for me.
Please go HERE (http://virusscan.jotti.org/). Click browse then, navigate to this file:
C:\WINDOWS\system32\msdpsv.exe
Then click submit.
Please post the results to your next reply.
If Jotti is too busy, you can go HERE (www.virustotal.com) and do the same as above.
I still have the prob i followed everthying except i couldnt find the file that i was to submit
VundoFix V6.3.15
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 8:27:18 PM 3/10/2007
Listing files found while scanning....
C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\fcccdbx.dll
C:\WINDOWS\system32\heriirns.dll
C:\WINDOWS\system32\hiwwaxgi.dll
C:\WINDOWS\system32\igtvekfa.dll
C:\WINDOWS\system32\iifffde.dll
C:\WINDOWS\system32\jkkiifd.dll
C:\WINDOWS\system32\khffdba.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\qxgyqyyb.dll
C:\WINDOWS\system32\xkpcffxl.exe
C:\WINDOWS\system32\yayyaxw.dll
Beginning removal...
Attempting to delete C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\owner\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\egjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccdbx.dll
C:\WINDOWS\system32\fcccdbx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\heriirns.dll
C:\WINDOWS\system32\heriirns.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hiwwaxgi.dll
C:\WINDOWS\system32\hiwwaxgi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\igtvekfa.dll
C:\WINDOWS\system32\igtvekfa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifffde.dll
C:\WINDOWS\system32\iifffde.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkiifd.dll
C:\WINDOWS\system32\jkkiifd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khffdba.dll
C:\WINDOWS\system32\khffdba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\opnollj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qxgyqyyb.dll
C:\WINDOWS\system32\qxgyqyyb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xkpcffxl.exe
C:\WINDOWS\system32\xkpcffxl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayyaxw.dll
C:\WINDOWS\system32\yayyaxw.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.16
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 1:25:11 PM 3/14/2007
Listing files found while scanning....
C:\WINDOWS\system32\fcccdax.dll
C:\WINDOWS\system32\fcccdbx.dll
C:\WINDOWS\system32\frpjbtvq.exe
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gjxkycya.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\xxywtrs.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fcccdax.dll
C:\WINDOWS\system32\fcccdax.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccdbx.dll
C:\WINDOWS\system32\fcccdbx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\frpjbtvq.exe
C:\WINDOWS\system32\frpjbtvq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\gjjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjxkycya.dll
C:\WINDOWS\system32\gjxkycya.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxywtrs.dll
C:\WINDOWS\system32\xxywtrs.dll Has been deleted!
Performing Repairs to the registry.
Done!
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 2:08:04 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe
O2 - BHO: (no name) - {161FC481-8800-4845-9178-12D16F46A5D6} - C:\WINDOWS\system32\shjyoebh.dll
O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\xxywtrs.dll (file missing)
O2 - BHO: (no name) - {3D28CC26-F80E-416B-B389-CE9346938D19} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9DD00531-3A59-4053-B1F8-5E11774D790A} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B3AD8926-78DA-4AF2-A001-DB17A0E444D8} - C:\WINDOWS\system32\mljjg.dll (file missing)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ajeixvvm.dll",setvm
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
Angelfire777
2007-03-15, 07:02
*Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Do not use it Yet.
*Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune
Do not use it yet.
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O2 - BHO: (no name) - {161FC481-8800-4845-9178-12D16F46A5D6} - C:\WINDOWS\system32\shjyoebh.dll
O2 - BHO: (no name) - {1FFB1A32-1D58-46CF-BE8B-237586AF7F2F} - C:\WINDOWS\system32\xxywtrs.dll (file missing)
O2 - BHO: (no name) - {3D28CC26-F80E-416B-B389-CE9346938D19} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: (no name) - {9DD00531-3A59-4053-B1F8-5E11774D790A} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {B3AD8926-78DA-4AF2-A001-DB17A0E444D8} - C:\WINDOWS\system32\mljjg.dll (file missing)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ajeixvvm.dll",setvm
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
____________________
You may want to print these instructions here or save them in notepad since you'll work offline.
Reboot into Safe Mode.
To enter Safe Mode..
Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.
*Configure your machine to view hidden files:
Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.
*Using Windows Explorer, find and delete these files:
C:\WINDOWS\system32\shjyoebh.dll
C:\WINDOWS\system32\ajeixvvm.dll
C:\WINDOWS\repair\svchost.exe<<IMPORTANT:Delete only the svchost.exe that you find in that specific folder.
Empty your Recycle bin.
*Important: Make sure all your browsers are closed before running ATF Cleaner..
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Run CureiT!
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply
On your next reply, please post a fresh HijackThis log, CureiT log log and a description on how your machine is running.
C:\WINDOWS\repair\svchost.exe<<IMPORTANT:Delete only the svchost.exe that you find in that specific folder
I Can not find this file. I have not cont'd from there because of fear it is important i have left the comp on safe mode and went to another comp hopefuly u can help me soon Thank you
Angelfire777
2007-03-17, 00:47
Hi,
Just continue with the instructions:bigthumb:
Logfile of HijackThis v1.99.1
Scan saved at 10:55:57 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Distributed Process Services (MSDPSV) - Unknown owner - C:\WINDOWS\system32\msdpsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Port Interpreter For Service Pack 2 and Windows 2000 (Windows Port Interpreter) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
Thanx for helping me my comp works fine
I cant find the other logs
Angelfire777
2007-03-17, 08:18
Hi,
Did you save the report? If so, do a search for this file: DrWeb.csv then open it and post all the contents..
*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type delservices.bat in the File name and save it to your desktop.
@echo off
sc stop MSDPSV
sc delete MSDPSV
sc stop "Windows Port Interpreter"
sc delete "Windows Port Interpreter"
Locate delservices.bat on your Desktop and double-click on it.
*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6 (http://java.sun.com/javase/downloads/index.jsp), and install it to your computer.
Reboot and post a fresh HijackThis log.
I followed all the things sorry for being so late also my int and external speakers on the computer arnt working
Here is DR WeB i didnt know it was on excel
mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;Incurable.Moved.;
vcmon.exe;c:\windows\system32;Win32.HLLW.MyBot.based;Deleted.;
sioc.exe;C:\;Win32.HLLW.MyBot.based;Deleted.;
sioc8.exe;C:\;Win32.HLLW.MyBot.based;Deleted.;
backup-20070316-134751-916.dll;C:\Documents and Settings\owner\Desktop\HJT\backups;Adware.Crew;Incurable.Moved.;
A0014617.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP134;Tool.Prockill;Incurable.Moved.;
A0014619.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP134;Tool.ShutDown.11;Incurable.Moved.;
A0014632.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP134;Tool.Prockill;Incurable.Moved.;
A0014634.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP134;Tool.ShutDown.11;Incurable.Moved.;
A0023463.com;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP163;Win32.HLLW.MyBot.based;Deleted.;
A0028458.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP199;Trojan.Virtumod;Deleted.;
A0028464.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP199;Win32.HLLW.MyBot.based;Deleted.;
A0030470.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP199;Adware.TopSearch;Incurable.Moved.;
A0030565.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Win32.HLLW.MyBot.based;Deleted.;
A0030566.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Win32.HLLW.MyBot.based;Deleted.;
A0030577.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030578.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030579.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030580.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030581.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030582.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030583.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030584.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030585.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Adware.TopSearch;Incurable.Moved.;
A0030586.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Trojan.Virtumod;Deleted.;
A0030600.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Win32.HLLW.MyBot.based;Deleted.;
A0030601.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Win32.HLLW.MyBot.based;Deleted.;
A0030602.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP202;Win32.HLLW.MyBot.based;Deleted.;
A0030761.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0030762.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0030763.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0030786.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Adware.TopSearch;Incurable.Moved.;
A0030793.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0030794.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0030795.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0032806.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0032807.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0032808.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0032819.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Adware.TopSearch;Incurable.Moved.;
A0032822.com;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0038828.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Win32.HLLW.MyBot.based;Deleted.;
A0040835.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Adware.TopSearch;Incurable.Moved.;
A0040902.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Trojan.Virtumod;Deleted.;
A0040903.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Trojan.Virtumod;Deleted.;
A0040905.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Trojan.Virtumod;Deleted.;
A0040906.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Trojan.Virtumod;Deleted.;
A0040907.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP204;Trojan.Virtumod;Deleted.;
A0041978.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP207;Adware.Crew;Incurable.Moved.;
A0041979.dll;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP207;Trojan.Virtumod;Deleted.;
A0042016.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP207;Win32.HLLW.MyBot.based;Deleted.;
A0042017.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP207;Win32.HLLW.MyBot.based;Deleted.;
A0042018.exe;C:\System Volume Information\_restore{392AA1CD-41A2-4120-8C58-FFF595349C9F}\RP207;Win32.HLLW.MyBot.based;Deleted.;
fcccdax.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
fcccdbx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
frpjbtvq.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Moved.;
gjxkycya.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
iifffde.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jkkiifd.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
khffdba.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mljge.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mljjg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
opnollj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
qxgyqyyb.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
xxywtrs.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
yayyaxw.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
cvkdcudu.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
gjqmkpqj.dll;C:\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
napbpdrd.dll;C:\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
sklrr7y6077648.exe;C:\WINDOWS\system32;Trojan.Spambot;Deleted.;
vpnsvc.exe;C:\WINDOWS\system32;Win32.HLLW.MyBot.based;Deleted.;
wdsvc.exe;C:\WINDOWS\system32;Win32.HLLW.MyBot.based;Deleted.;
Hijack this log file
Logfile of HijackThis v1.99.1
Scan saved at 5:15:34 PM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\owner\Desktop\HJT\cool3.exe.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Thanx if this is last reply
Angelfire777
2007-03-24, 15:42
Congratulations! Your log looks clean!
Configure Windows Xp to hide system files:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Do not show hidden files and folders.
Check the Hide protected operating system files option.
Click Yes to confirm.
Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.
Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)
IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.
Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Happy safe surfing!
Angelfire777
2007-03-29, 07:02
Glad we could be of assistance :bigthumb:
Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.