Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have an iworm_attck message that pops-up from my system tray. Its a small yellow triangle icon with an exclaimation point. Somtimes it brings-up pop-ups to anti-spyware sites.
I would realy appreciate a walkthrough for a fix.
Thank You for reading/John
Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop.
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Do not run any other options, the will computer will be damaged if option #2 is run on an uninfected computer
0 
I cant seem to get this to work. It says that the process file is missing even though I can see that it is not missing, its in the same folder. I tried turning off Macafee and ran it again with no luck.
0
It sounds like the antivirus has it. Go offline, turn off you antivirus. Delete the extracted files on the desktop, right click the zipped file>extract all>double click smitfruadfix.cmd
0
Thank You. Here it is:
SmitFraudFix v2.43Scan done at 14:56:26.17, Thu 05/11/2006
Run from C:\Documents and Settings\Licia\Desktop\SmitfraudFix(2)\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Licia\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Licia\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program FilesC:\Program Files\Security Toolbar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
0
This is part of the fix, as soon as you run this from safe mode post the Hijack This log requested and the other needed tools.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txtPlease post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Be sure to update Ewido
Reboot back into safe mode. Run Ewido from safe mode and let it delete what it finds. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Reboot to normal mode and post the Ewido log.
0
So far, so good. It looks like the problem is taken care of! I am very greatful for your help.
OK, here is what I have so far:
SmitFraudFix v2.43
Scan done at 18:51:28.57, Thu 05/11/2006
Run from C:\Documents and Settings\Licia\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Program Files\Security Toolbar\ Deleted»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 6:57:43 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HIJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135229339093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsus---a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeNow I should run Ewido Security Suite and the ATF-Cleaner right?
/John
0
Your log looks clean, but we should do some clean-up.
Reboot the computer into safe mode.
Run ewido from safe mode and lete it delete all that it finds. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Run ARF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Boot into normal mode and post the Ewido log.
0
OK, here is the report:
ewido anti-malware - Scan report
+ Created on: 12:10:30 AM, 5/12/2006
+ Report-Checksum: 4F8F9A5A+ Scan result:
:mozilla.18:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Licia\Application Data\Mozilla\Firefox\Profiles\9cbdqa8m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Licia\Cookies\licia@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Licia\Cookies\licia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup
::Report EndI also ran ATF-Cleaner on all of my XP Home User Accounts (I have 4).
One of the other things that happened when my computer was infected is that now only one of my user accounts can get online. The other 3 just cant get there. I can ping my modem from the command (RUN) window in each of the accounts, but IE and Firefox both report Server Not Found messages when trying to connect to any sites. If I put my modem IP address in the address line of IE or Firefox, I still get a not found message. Also, if I create a new account, same problem. All of the accounts are set-up as admins. Any Ideas what could have been changed?
/John
0
Go to start>run>type "ipconfig /flushdns" without the quotes>ok.
Go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
If that does not help post a Hijack this log from one of the accounts.
0
The settings for LAN were already set the way you suggested. By the way, I am usinng a DSL modem. Here is the log from one of the 3 accounts that are not connecting:
Logfile of HijackThis v1.99.1
Scan saved at 9:43:38 AM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Documents\SECURITY\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135229339093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsus---a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
0
The log is clean.
Open IE> go to tools> Internet option> connections> Lan settings. Check to make sure Auto detect settings, Use auto config script and Use proxy are NOT checked. These items should only be checked if you provider specificaly requested you check them.
0
OK, that was not the problem, but I did find out what was happening:
When I got infected, I downloaded the 30day trial for MacAfee Privacy Service. This was allowing me to access the internet only from the XP user account that I was logged-into at the time of installation. I verified this because I just uninstalled it from the control pannel and now the other XP user accounts can get on the Web. I dont think that the MacAfee Privacy Service was supposed to work like that though :(
Anyway, I want to thank you for your help. I would not have been able to fix all of these problems on my own and no one else that I talked to knew what to do. Also, along the way I learened about all of the tools that you had me use and so I feel I will have a better handle on things.
Thank You,
John/NX1Z
0
Thanks for that follow-up John, those types of errors are difficult to find.
Many folks do not take they time to post their success stories with us so I would like to tell you that it is very much appreciated, Thank You.
0
If you use system restore you need to clean the restore folder.
For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
You should add "spywareblaser" to your security arsenol. Just do a google search for it, download, install, and update it. One of the best out there.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
