Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have posted before about a problem I was having with IE taking 6 minutes to load. Well today I was looking in my history, and came across b.whataboutadog.com I googled it and found that it is a virus. I have been trying to figure out how to kill it, but just no sure if I am doing it right. From what I can tell its very new as of 10/1/07
Anyone have any luck getting rid of this thing, and how? McAfee found a trojan called downloader-bew and removed it like 11 times. I think they are related? Its scanning right now and has already found 23 things and its not done yet.
Im worried!Gateway P4 2.6GHz
DDR PC2 gig RAM
IE 7
Please download FindAWL from this link FindAWF
Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.
0 
I just got done with the mcafee scan and it said it fixed a bunch of things, i did run that program, and here is the log:
Find AWF report by noahdfear ©2006
Version 1.40The current date is: Sun 10/14/2007
The current time is: 12:53:43.04
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\ITUNES\BAK05/26/2007 12:45 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytesDirectory of C:\PROGRA~1\QUICKT~1\BAK
04/27/2007 09:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytesDirectory of C:\PROGRA~1\SP2CON~1\BAK
05/10/2005 10:41 AM 409,600 SP2ConnPatcher.exe
1 File(s) 409,600 bytesDirectory of C:\PROGRA~1\WINDOW~2\BAK
10/18/2006 09:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytesDirectory of C:\WINNT\SYSTEM32\BAK
08/04/2004 02:56 AM 15,360 ctfmon.exe
04/05/2005 03:19 PM 77,824 hkcmd.exe
04/05/2005 03:23 PM 114,688 igfxpers.exe
04/05/2005 03:22 PM 94,208 igfxtray.exe
07/09/2001 04:50 AM 155,648 NeroCheck.exe
5 File(s) 457,728 bytesDirectory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/27/2007 08:39 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytesDirectory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK
09/22/2005 07:29 PM 303,104 mcagent.exe
01/11/2006 01:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytesDirectory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK
06/07/2003 06:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytesDirectory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
01/18/2006 08:31 PM 180,269 realsched.exe
1 File(s) 180,269 bytesDirectory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK
08/19/2003 01:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytesDirectory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 May 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 5 2007 "C:\WINNT\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Oct 5 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
108096 Dec 30 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WXTZRLK\iTunesSetupAdmin[1].exe"
116024 Oct 5 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9RSDDIM\iTunesSetupAdmin[1].exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
409600 May 10 2005 "C:\Program Files\SP2 Connection Patcher\bak\SP2ConnPatcher.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINNT\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINNT\system32\bak\ctfmon.exe"
118784 Nov 18 2003 "C:\OEMDRVRS\HKCMD.exe"
77824 Apr 5 2005 "C:\WINNT\system32\bak\hkcmd.exe"
118784 Nov 18 2003 "C:\WINNT\system32\ReinstallBackups\0016\DriverFiles\hkcmd.exe"
114688 Apr 5 2005 "C:\WINNT\system32\bak\igfxpers.exe"
155648 Nov 18 2003 "C:\OEMDRVRS\IGFXTRAY.exe"
94208 Apr 5 2005 "C:\WINNT\system32\bak\igfxtray.exe"
155648 Nov 18 2003 "C:\WINNT\system32\ReinstallBackups\0016\DriverFiles\igfxtray.exe"
155648 Jul 9 2001 "C:\WINNT\system32\bak\NeroCheck.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar4user.exe"
69632 Jan 5 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
559784 Jan 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jun 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
566872 Jan 5 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
390744 Jan 5 2007 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
180269 Jan 18 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
end of report
Gateway P4 2.6GHz
DDR PC2 gig RAM
IE 7
0
This may appear to fix the computer but there are more steps after this one.
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak foldersA text file opens called: files.txt
Click below the line and paste the following list of files to be restored:
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\SP2 Connection Patcher\bak\SP2ConnPatcher.exe"
"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
"C:\WINNT\system32\bak\ctfmon.exe"
"C:\WINNT\system32\bak\hkcmd.exe"
"C:\WINNT\system32\bak\igfxpers.exe"
"C:\WINNT\system32\bak\igfxtray.exe"
"C:\WINNT\system32\bak\NeroCheck.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folderWhen done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
0
Okay, all is done like you asked, here is the new log.
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfullyThe current date is: Sun 10/14/2007
The current time is: 14:02:46.37
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\ITUNES\BAK05/26/2007 12:45 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytesDirectory of C:\PROGRA~1\QUICKT~1\BAK
04/27/2007 09:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytesDirectory of C:\PROGRA~1\SP2CON~1\BAK
05/10/2005 10:41 AM 409,600 SP2ConnPatcher.exe
1 File(s) 409,600 bytesDirectory of C:\PROGRA~1\WINDOW~2\BAK
10/18/2006 09:05 PM 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytesDirectory of C:\WINNT\SYSTEM32\BAK
08/04/2004 02:56 AM 15,360 ctfmon.exe
04/05/2005 03:19 PM 77,824 hkcmd.exe
04/05/2005 03:23 PM 114,688 igfxpers.exe
04/05/2005 03:22 PM 94,208 igfxtray.exe
07/09/2001 04:50 AM 155,648 NeroCheck.exe
5 File(s) 457,728 bytesDirectory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
06/27/2007 08:39 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytesDirectory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK
09/22/2005 07:29 PM 303,104 mcagent.exe
01/11/2006 01:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytesDirectory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK
06/07/2003 06:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytesDirectory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
01/18/2006 08:31 PM 180,269 realsched.exe
1 File(s) 180,269 bytesDirectory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK
08/19/2003 01:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytesDirectory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~257088 May 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 May 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 5 2007 "C:\WINNT\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Oct 5 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
108096 Dec 30 2006 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WXTZRLK\iTunesSetupAdmin[1].exe"
116024 Oct 5 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X9RSDDIM\iTunesSetupAdmin[1].exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
409600 May 10 2005 "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe"
409600 May 10 2005 "C:\Program Files\SP2 Connection Patcher\bak\SP2ConnPatcher.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Oct 18 2006 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
15360 Aug 4 2004 "C:\WINNT\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINNT\system32\bak\ctfmon.exe"
118784 Nov 18 2003 "C:\OEMDRVRS\HKCMD.exe"
77824 Apr 5 2005 "C:\WINNT\system32\hkcmd.exe"
77824 Apr 5 2005 "C:\WINNT\system32\bak\hkcmd.exe"
118784 Nov 18 2003 "C:\WINNT\system32\ReinstallBackups\0016\DriverFiles\hkcmd.exe"
114688 Apr 5 2005 "C:\WINNT\system32\igfxpers.exe"
114688 Apr 5 2005 "C:\WINNT\system32\bak\igfxpers.exe"
155648 Nov 18 2003 "C:\OEMDRVRS\IGFXTRAY.exe"
94208 Apr 5 2005 "C:\WINNT\system32\igfxtray.exe"
94208 Apr 5 2005 "C:\WINNT\system32\bak\igfxtray.exe"
155648 Nov 18 2003 "C:\WINNT\system32\ReinstallBackups\0016\DriverFiles\igfxtray.exe"
155648 Jul 9 2001 "C:\WINNT\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINNT\system32\bak\NeroCheck.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar4user.exe"
69632 Jan 5 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
68856 Jun 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
559784 Jan 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jun 27 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
180269 Jan 18 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Jan 18 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
end of report
Gateway P4 2.6GHz
DDR PC2 gig RAM
IE 7
0
Option 3:
Double-click the FindAWF icon once againIf a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak foldersA text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:C:\Program Files\DellSupport\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\QuickSet\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\VCOM\Recovery Commander\bak
C:\Program Files\VCOM\SystemSuite\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak
C:\Program Files\Intel\PROSetWired\NCS\PROSet\bakNext, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak foldersWhen done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
Next Option 4.
Option 4:
Double-click the FindAWF icon once againIf a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zonesThis removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXITNext,
Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.Post a new Hijack This log please.
0
okay, all is done. I rebooted and my mcafee wasnt working righ, i reinstalled it and now its back up again. i also immunized my spybot.
Here is the hijack report. Tell me it good now? Thank you!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:38 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: NormalRunning processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe--
End of file - 9537 bytes
Gateway P4 2.6GHz
DDR PC2 gig RAM
IE 7
0
That killed the baddie, run Hijack This, close all windows and browsers, place a check to the left of the following items and press "fix checked":
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)
Exit Hijack This.
You need to update your java as soon as possible. Click start> control panel> java> update tab> update now.
You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.
0
Did everything you said. Thank you so much.
If I could ask one more thing, what was that my machine had? Was it anything real bad? Do you think my personal stuff was compromised?
Thanks again.....Gateway P4 2.6GHz
DDR PC2 gig RAM
IE 7
0
Very basically, its a virus that delete programs and registry entries and can cause big problems if not terminated. I don't think your personal stuff was compromised.
Be sure to update java as it may be how you were infected, uncheck the box with "google toolbar".
0
Jerrold, You must start a new thread and you cannot post a log without being requested to do so. Not my idea, forum rules. So start a new thread and state only the problem please.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
