spysheriff victim and mcafee virus

spysheriff addendum to the morning

My mistake, my smithfraud unzip and folder with the prior rapport.txt WAS still on my desktop - just moved by the restore!
Prior question still stands: Re-do prior steps before this morning's rash of errors, boot problems and system restore, BEFORE the cmd and redo ? or just keep going.? (sorry)
 
spysheriff continued - aside

I keep getting McAfee trojan cleaned messages followed by recommendations to run McAfee Virus scan.
Will this interfere with your procedure for cleaning me of the aftermath of Spy Sherrif, or should I go ahead and scan before we are done?
 
spysheriff continued...............

I assume you mean repeat your post BEFORE the last one (noted below), with the black lite, smithfraud and hyjackthis instructions, again, WITHOUT changing anything! as per your post. and THEN wait for you to have me do the cmd thing after you view the logs (??)

Yes or no will do.

"Old Yesterday, 23:27 #15
LonnyRJones
Member of Team Spybot
LonnyRJones's Avatar"
 
Lets try it this way

Disconnect from the internet, turn off mcafees' resident protection, that will be in the programs options.

Run blacklite again scan then have it rename those two files (if they are still there)
let blacklite restart your pc

After that restart
Open a command prompt (start run type cmd press enter) type
sc delete "se500mdmd"
press enter, type exit and press enter to exit the command prompt
Did yiu see a succeed message ?

Run smithfraudfix again and choose option 2 fix, (no need for safe mode )

Do a full scan with mcafee let it deal with anything found, then turn on its resident (active) protection

Post a fresh hijackthis log
 
spy sheriff cont'd

OK.

I am just pulling the desktop's plug from my broadband router but since my wireless router is still connected to my broadband modem, when I am done with your routine and my desktop still offline, I can pick up your emails and visit your site using my wireless laptop (which has McAfee but seems to be working.

Thanks for your patience.

your patient patient,

Holsman.
 
spy sheriff the home stretch ?

After disconnecting from internet and turning off Mcafee resident, I ran Blacklite twice (log files below) and had it rename each of two files and let it restart. Then I ran sc delete “se500mdmd” and got “success” with message “registry cleaning, system received file services error” but windows started to run disk cleanup at the same time so I canceled it and got “cannot access file used by another DF4FC3 and then a blue screen, memory dump. So I ran blacklite again, stopped disk cleanup and then it said registry cleaned.

Then I ran smithfraudfix with option 2 (no safe mode) and got Mcafee “suspicious script”, which I allowed, after which smithfraud said “ JoeDanger NOT involved etc…” and then log, which I saved (having to cancel disk cleanup while smithfraud was still going, each time, bothered me a little) Then I did a full Mcafee scan and it came up with three items:
1. “smithfraudfix.zip” PUP (which I quarantined)
2. “smithfraudfix\process.exe” PUP (which I deleted) , and
3. “WINNT\system32\se500mdmd.sys.ren” Trojan (which I quarantined)
I think I may have entered sc delete “sc500mdmd” instead or se500, because otherwise Mcafee would not have found it as a .ren file, but I think it’s gone either way. RIGHT ??

So below are the last blacklilte log, the last smithfraudfix log and the final hijackthis logs.

06/08/06 12:56:06 [Info]: BlackLight Engine 1.0.37 initialized
06/08/06 12:56:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/08/06 12:56:06 [Note]: 7019 4
06/08/06 12:56:06 [Note]: 7005 0
06/08/06 12:56:11 [Note]: 7006 0
06/08/06 12:56:11 [Note]: 7011 296
06/08/06 12:56:12 [Note]: 7026 0
06/08/06 12:56:12 [Note]: 7026 0
06/08/06 12:56:25 [Note]: FSRAW library version 1.7.1015
06/08/06 12:58:19 [Info]: Hidden file: c:\WINNT\system32\se500mdm.dll
06/08/06 12:58:19 [Note]: 10002 1
06/08/06 12:58:19 [Info]: Hidden file: c:\WINNT\system32\se500mdmd.sys
06/08/06 12:58:19 [Note]: 10002 1
06/08/06 13:05:59 [Note]: 7007 0

SmitFraudFix v2.55
Scan done at 13:17:25.68, Thu 06/08/2006
Run from C:\Documents and Settings\J.Peter Holsman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 4:43:53 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINNT\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINNT\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINNT\explorer.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\NEW DOWNLOADS\Spybot and Panda\safer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://construction.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: se500mdm - se500mdm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\jclcmkhp.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

By the way, what’s teatime and do I need it?
And, do I need to tell Comcast to take of the block on my outgoing email or will their system detect that I am clean -assuming I am clean ?
 
Do any files show if you run blackilite now ?

Start Hijackthis and place a check next to these items If there.
O20 - Winlogon Notify: se500mdm - se500mdm.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\jclcmkhp.dll (file missing)
Optional fix >
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tea timer is SpyBots resident or active protection for spyware, we turned it off earlyer in your thread so it would not interfear. leave it off for now.

Update suns java manualy
Sun Java V1.5.0_07 is Available:
http://forums.spybot.info/showthread.php?t=2559

Provided no files show in a blacklite scan You should be safe telling comcast
to unblock your email services
Post another hijackthis log, mention any current problems
 
spy sherriff fix the last mile?

I found all three of the following files in hyjackhthis, checked them, fixed them and rebooted.
 
Good

Im not sure why there was errors with acstart16.exe, if it happens again you might have to reinstall or repair install autocad

Let us know of any problems over the next few days, in the meantime Another online scan is a good idea

Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.
 
Spysherrif Last Foot ?

THE FILES FIXED BY HIJACK WERE THE SAME EXACT ONES YOU LISTED, I.E:
O20 - Winlogon Notify: se500mdm - se500mdm.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\jclcmkhp.dll (file missing) Optional fix >
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE

(except that 021 did not say "OPTIONAL FIX" at the end. I assume that was your comment)


THIS MICROSOFT ERROR REPORT POPPED UP AFTER THE LAST RESTART:
BCCode : c2 BCP1 : 00000007 BCP2 : 00000CD4 BCP3 : 852957B0
BCP4 : 86822228 OSVer : 5_1_2600 SP : 2_0 Product : 256_1
WITH THESE DETAILS:
C:\DOCUME~1\J67DB~1.PET\LOCALS~1\Temp\WERb61b.dir00\Mini060906-01.dmp
C:\DOCUME~1\J67DB~1.PET\LOCALS~1\Temp\WERb61b.dir00\sysdata.xml


MCAFEE RESIDENT VIRUS SCAN WAS TURNED OFF (BLACK ICON IN TRAY) SO I TURNED IT ON AND SO FAR IT HAS STAYED ON!.

SHOULD I PUT SPYBOT'S TEATIMER BACK ON ? PLEASE WALK ME BACK THRU IT?

WHAT'S NEXT AFTER THAT ?

I AM STARTING TO FEEL A SIGH OF RELIEF COMMING ON!




HERE'S THE LAST HIJACK LOG

Logfile of HijackThis v1.99.1
Scan saved at 9:56:45 AM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINNT\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\NEW DOWNLOADS\Spybot and Panda\HijackThis scan & logs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://construction.webex.com/client/v_mywebex-t20/training/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
 
Spy Sheriff Fix - The Last Foot

THREE FOLLOW UP QUESTIONS:

1. Do I need to reset, or set a new restore point in XP?

2. Should I use Panda, Look2me, Blacklite, Smithfraudfix or hyjackthis, to scan my internal backup HD on my desktop, my external Firewire drive (redundant backup) and/or my two flash memory sticks (all data only) in case they might also be infected and might re-infect my C drive? If so, how do I do that. I normally backup either using Second Copy or manually cutting and pastingr, but have not backed up any data, since the Spy sheriff incident..

3. Does my wireless router (for my laptop and my grown kids’laptops) that is plugged into one of the four ports on my broadband router (plus computer, and two VOIP units) protect my laptop to any greater extent than is provided by the direct computer connection to the broadband router (dynamic IPs etc, etc) ? If so, perhaps I should either plug my desktop connection into one of the ports on my wireless router, or, get a wireless card for my desktop computer and access the net only through that? Would that help?

4. Should I call Comcast now and get the block removed?

5. HOw long does our thread stay on your site or should I copy it all to a WORD file for later review?

Is is soup yet??
 
spy sheriff fix the last foot

I followed your link to administrator, then support and found the following: Should I open all the links, one at a time? Should I delete Java from Control panel/add/delete programs first?

I did a final panda Scan shows "112 detected spyware" Report included below, but they all look like just cookies. This is OK isn't it? Panda just calls cookies spyware, right? Doesn't mean anything bad, right?

(Now I will do a CA scan and send results to you after following you instructions)


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.xmts.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[c.enhance.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[c.goclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/41409448]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/42435556]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\7lsb9xjd.Default User\cookies.txt[server.iad.liveperson.net/hc/LPservicemagic]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected
 
spy sheriff fix the last foot continued

and more of the final Panda report:

C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.centrport.net/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.rn11.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.target.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/11501984]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/4268343]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/78893611]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[server.iad.liveperson.net/hc/LPservicemagic]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\J.Peter Holsman\Application Data\Mozilla\Firefox\Profiles\ejmezjvt.default\cookies.txt[www.web-stat.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@ad.yieldmanager[1].txt
 
spy sheriff the last foot continued

and the balance of the final panda report :

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@atwola[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@centrport[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@go[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@questionmarket[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@searchportal.information[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\J.Peter Holsman\Cookies\j.peter holsman@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Techsupport\Cookies\techsupport@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Techsupport\Cookies\techsupport@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\Techsupport\Cookies\techsupport@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Techsupport\Cookies\techsupport@doubleclick[1].txt
Spyware:Cookie/Bfast Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\ad@bfast[2].txt
Spyware:Cookie/RealMedia Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\ad@realmedia[1].txt
Spyware:Cookie/Bfast Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt
Spyware:Cookie/CentrPort Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
Spyware:Cookie/RealMedia Not disinfected F:\Jph\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@adtech[1].txt
Spyware:Cookie/Atlas DMT Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@ehg-ati.hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@hitbox[2].txt
Spyware:Cookie/HotLog Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@hotlog[1].txt
Spyware:Cookie/QuestionMarket Not disinfected F:\Jph\Documents and Settings\J. Peter Holsman\Cookies\jph@questionmarket[1].txt
 
spy sheriff the last foot continued

While CA AV web scan was running, I tried to change the XP updates, in control panel, from "automatic install, to automatic download but notify me to install" and then this popped up:

"Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience"

Then the web scan was gone. Did I screw up by not waiting or is this something new and important? I am starting the CA web scan again and leaving everything alone until finished.
 
Those are all just cookies, nothing to worry about, but it would be a good idea to clear then via you browsers options.

1. Do I need to reset, or set a new restore point in XP?
Click to expand...
Generally once we cleanup and your PC is still stable for a few days we suggest deleting windows restore point's reboot and enable system restore.

2. Should I use Panda, Look2me, Blacklite, Smithfraudfix or hyjackthis, to scan my internal backup HD on my desktop, my external Firewire drive (redundant backup) and/or my two flash memory sticks (all data only) in case they might also be infected and might re-infect my C drive? If so, how do I do that. I normally backup either using Second Copy or manually cutting and pastingr, but have not backed up any data, since the Spy sheriff incident..
Click to expand...
Your backups are likely to be infected, id delete them and make new ones.
that is if you have backed up more than just paperwork.

3. Does my wireless router (for my laptop and my grown kids’laptops) that is plugged into one of the four ports on my broadband router (plus computer, and two VOIP units) protect my laptop to any greater extent than is provided by the direct computer connection to the broadband router (dynamic IPs etc, etc) ? If so, perhaps I should either plug my desktop connection into one of the ports on my wireless router, or, get a wireless card for my desktop computer and access the net only through that? Would that help?
Click to expand...
By all means plug your pc into the router, thats what it is for.

4. Should I call Comcast now and get the block removed?
Click to expand...
I had already suggest that :)

5. HOw long does our thread stay on your site or should I copy it all to a WORD file for later review?
Click to expand...
we archive them when solved, we dont delete, it will still be in the forum.
Is is soup yet??
Click to expand...
:)

"Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience"
Click to expand...
Dont worry about that unless it happens regularly.
 
spy sheriff fix CA virus web scan dejavu

I have tried running the CA virus program: http://www3.ca.com/virusinfo/virusscan.aspx
thru IE three times, with all my power options set to "never" but when I come back in and hour, my machine is in standby anyway, and etrust is "not responding" and terminates. Is there a particular signature download file on their website that I should download and run from a folder - I read them but I am not comfortable with the choices.
 
spy sheriff frix the last few inches

Shouldn't I turn Spybot's tea timer back on to block future spyware? I started to do it but as soon as I checked the box that you had me un-check before, I got a Spybot message that was trying to change the case of the mcafee file and then a series of "registry change denied" messages, so I unchecked it before accepting or closing. what does that mean? Is the Mcafee program infected ?????????????
confused !
 
You must log in or register to reply here.
Back
Top