Options
HELP infected with a new virus!!!
Hi
I have recently been infected with the W32/Alemod.e.dll virus and Spyre trojan have no idea how to remove them. They are causing my computer tos low right down and for my windows explorer to crash at rondom times. Any help would be muchly appreciated.
Oh and also mcAfee tells me that oleext.dll is the file infected with the spyre tojan and that wininet.dll is infected with the W32/Alemod.e.dll virus.
thanks again for any help you provide.
I have recently been infected with the W32/Alemod.e.dll virus and Spyre trojan have no idea how to remove them. They are causing my computer tos low right down and for my windows explorer to crash at rondom times. Any help would be muchly appreciated.
Oh and also mcAfee tells me that oleext.dll is the file infected with the spyre tojan and that wininet.dll is infected with the W32/Alemod.e.dll virus.
thanks again for any help you provide.
0
Comments
Logfile of HijackThis v1.99.1
Scan saved at 6:34:20 PM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler P\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.48.7:8080
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmbvl.exe] C:\WINDOWS\System32\dmbvl.exe
O4 - Startup: ITE Smart Guardian.lnk = C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28CB2B5E-626D-407D-A83D-E56FE29F9EFF}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA8EBA8-2A16-4C1F-A100-14284370FBC1}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F03D0A4-0C6E-4630-8A27-FC069D02AB4E}: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Open my computer>click tools>click folder options>
click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit
Run activescan, save the results and then post the results here.
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
Incident Status Location
Adware:adware/sbsoft No disinfected C:\WINDOWS\rdt.ini
Spyware:spyware/wareout No disinfected C:\DOCUMENTS AND SETTINGS\TYLER P\APPLICATION DATA\wo.tmp
Adware:adware/psguard No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tyler P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-56526238.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tyler P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-56526238.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tyler P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-56526238.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Tyler P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-56526238.zip[Beyond.class]
Virus:Trj/Autodelete.A Disinfected C:\Documents and Settings\Tyler P\Local Settings\Temp\mmpl.bat
Virus:Trj/Downloader.DYV Disinfected C:\Documents and Settings\Tyler P\Local Settings\Temp\tmp3D.tmp
Virus:Trj/Vidro.A Disinfected C:\WINDOWS\system32\cscbc.exe
Adware:Adware/Troyanov No disinfected C:\WINDOWS\system32\dcom_7.dll
Adware:Adware/Troyanov No dis
infected C:\WINDOWS\system32\dcom_8.dll
Virus:Trj/DMeco.A Disinfected C:\WINDOWS\system32\dmrvc.exe
C:\WINDOWS\rdt.ini
C:\DOCUMENTS AND SETTINGS\TYLER P\APPLICATION DATA\wo.tmp
C:\WINDOWS\system32\dcom_7.dll
C:\WINDOWS\system32\dcom_8.dll
Reboot.
Run a full system scan with ewido security suite.
Run activescan again and let me know the results of that scan.
Post a new HJT log.
ewido security suite - Scan report
+ Created on: 11:33:09 PM, 8/11/2005
+ Report-Checksum: E67B7E34
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
[1300] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[1320] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[1704] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
:mozilla.12:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Tyler P\Cookies\tyler [email]p@ad1.clickhype[1].txt[/email] -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Tyler P\Local Settings\Temp\egol.exe -> TrojanDropper.Small.act : Cleaned with backup
C:\WINDOWS\system32\dmjsd.exe -> Trojan.Small.fb : Cleaned with backup
::Report End
My Active Scan results:
Incident Status Location
Adware:adware/sbsoft No disinfected Windows Registry
And my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:19:56 AM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler P\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.48.7:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - Startup: ITE Smart Guardian.lnk = C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28CB2B5E-626D-407D-A83D-E56FE29F9EFF}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA8EBA8-2A16-4C1F-A100-14284370FBC1}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F03D0A4-0C6E-4630-8A27-FC069D02AB4E}: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Here is the new ewido report:
ewido security suite - Scan report
+ Created on: 7:29:49 PM, 8/12/2005
+ Report-Checksum: BBC05915
+ Scan result:
:mozilla.18:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Tyler P\Application Data\Mozilla\Firefox\Profiles\t10itkcy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:50:23 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tyler P\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.48.7:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcvsshld.exe] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe -regserver
O4 - Startup: ITE Smart Guardian.lnk = C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28CB2B5E-626D-407D-A83D-E56FE29F9EFF}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA8EBA8-2A16-4C1F-A100-14284370FBC1}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F03D0A4-0C6E-4630-8A27-FC069D02AB4E}: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
and here is the active scan results:
Incident Status Location
Adware:adware/sbsoft No disinfected Windows Registry
You need to get a clean wininet.dll file and replace the infected file as soon as possible.
http://www.dll-files.com/dllindex/dll-files.shtml?wininet
Try renaming the infected file before unzipping the new file. Once the uninfected file is installed then delete the infected/renamed file. To rename the file right click on the file and go to rename.
Let me know if this process is successful.