Tech Support Forum - View Single Post - Winfixer, adultfriendfinder, etc popups, won't stop

lomarker · 01-11-2006, 02:13 AM

Ok, thanks for the reply. I ran the virtuebegone and posted results below. I ran hijackthis again and fixed the files, but two of them didn't show up this time. Those were:

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ssqqq.dll
O20 - Winlogon Notify: ssqqq - C:\WINDOWS\system32\ssqqq.dll

The other ones I fixed.

Ran cleanup and then tried the activescan, but it continually locks up a bit into the scan at a file named misc\utility\BrowserH\srcd.ini
There were three spyware and one suspicious files found before it locks up though. So below are the VGB file and the new hijack file. Thanks again.

[01/11/2006, 0:18:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[01/11/2006, 0:19:02] - Detected System Information:
[01/11/2006, 0:19:02] - Windows Version: 5.1.2600, Service Pack 2
[01/11/2006, 0:19:02] - Current Username: Owner (Admin)
[01/11/2006, 0:19:02] - Windows is in NORMAL mode.
[01/11/2006, 0:19:02] - Searching for Browser Helper Objects:
[01/11/2006, 0:19:02] - BHO 1: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class)
[01/11/2006, 0:19:02] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/11/2006, 0:19:02] - ALERT: Found ATLDistrib Object!
[01/11/2006, 0:19:02] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/11/2006, 0:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 0:19:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/11/2006, 0:19:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/11/2006, 0:19:02] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/11/2006, 0:19:02] - BHO 5: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[01/11/2006, 0:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 0:19:02] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[01/11/2006, 0:19:02] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[01/11/2006, 0:19:02] - Finished Searching Browser Helper Objects
[01/11/2006, 0:19:02] - *** Detected ATLDistrib Object
[01/11/2006, 0:19:02] - Trying to remove ATLDistrib Object...
[01/11/2006, 0:19:03] - Terminating Process: IEXPLORE.EXE
[01/11/2006, 0:19:04] - Terminating Process: RUNDLL32.EXE
[01/11/2006, 0:19:04] - Disabling Automatic Shell Restart
[01/11/2006, 0:19:04] - Terminating Process: EXPLORER.EXE
[01/11/2006, 0:19:04] - Suspending the NT Session Manager System Service
[01/11/2006, 0:19:04] - Terminating Windows NT Logon/Logoff Manager
[01/11/2006, 0:19:05] - Re-enabling Automatic Shell Restart
[01/11/2006, 0:19:05] - File to disable: C:\WINDOWS\system32\ssqqq.dll
[01/11/2006, 0:19:05] - Renaming C:\WINDOWS\system32\ssqqq.dll -> C:\WINDOWS\system32\ssqqq.dll.vir
[01/11/2006, 0:19:05] - File successfully renamed!
[01/11/2006, 0:19:05] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 0:19:05] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 0:19:05] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 0:19:05] - Deleting ATLEvents/MSEvents Registry entries
[01/11/2006, 0:19:05] - Removing HKLM\...\Winlogon\Notify\ssqqq
[01/11/2006, 0:19:05] - Searching for Browser Helper Objects:
[01/11/2006, 0:19:05] - BHO 1: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class)
[01/11/2006, 0:19:05] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/11/2006, 0:19:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 0:19:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/11/2006, 0:19:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/11/2006, 0:19:05] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/11/2006, 0:19:05] - BHO 4: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[01/11/2006, 0:19:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 0:19:05] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[01/11/2006, 0:19:05] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[01/11/2006, 0:19:05] - Finished Searching Browser Helper Objects
[01/11/2006, 0:19:05] - Finishing up...
[01/11/2006, 0:19:05] - A restart is needed.
[01/11/2006, 0:19:12] - Attempting to Restart via STOP error (Blue Screen!)

and the hijack:

Logfile of HijackThis v1.99.1
Scan saved at 1:05:23 AM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snowest.com/fusetalk
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS

01-11-2006, 02:13 AM	#3 (permalink)
lomarker Registered User Join Date: Jan 2006 Posts: 28 OS: XP	Ok, thanks for the reply. I ran the virtuebegone and posted results below. I ran hijackthis again and fixed the files, but two of them didn't show up this time. Those were: O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\system32\ssqqq.dll O20 - Winlogon Notify: ssqqq - C:\WINDOWS\system32\ssqqq.dll The other ones I fixed. Ran cleanup and then tried the activescan, but it continually locks up a bit into the scan at a file named misc\utility\BrowserH\srcd.ini There were three spyware and one suspicious files found before it locks up though. So below are the VGB file and the new hijack file. Thanks again. [01/11/2006, 0:18:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" ) [01/11/2006, 0:19:02] - Detected System Information: [01/11/2006, 0:19:02] - Windows Version: 5.1.2600, Service Pack 2 [01/11/2006, 0:19:02] - Current Username: Owner (Admin) [01/11/2006, 0:19:02] - Windows is in NORMAL mode. [01/11/2006, 0:19:02] - Searching for Browser Helper Objects: [01/11/2006, 0:19:02] - BHO 1: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class) [01/11/2006, 0:19:02] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object) [01/11/2006, 0:19:02] - ALERT: Found ATLDistrib Object! [01/11/2006, 0:19:02] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [01/11/2006, 0:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 0:19:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/11/2006, 0:19:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/11/2006, 0:19:02] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [01/11/2006, 0:19:02] - BHO 5: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [01/11/2006, 0:19:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 0:19:02] - Checking for HKLM\...\Winlogon\Notify\mnyviewer [01/11/2006, 0:19:02] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing. [01/11/2006, 0:19:02] - Finished Searching Browser Helper Objects [01/11/2006, 0:19:02] - *** Detected ATLDistrib Object [01/11/2006, 0:19:02] - Trying to remove ATLDistrib Object... [01/11/2006, 0:19:03] - Terminating Process: IEXPLORE.EXE [01/11/2006, 0:19:04] - Terminating Process: RUNDLL32.EXE [01/11/2006, 0:19:04] - Disabling Automatic Shell Restart [01/11/2006, 0:19:04] - Terminating Process: EXPLORER.EXE [01/11/2006, 0:19:04] - Suspending the NT Session Manager System Service [01/11/2006, 0:19:04] - Terminating Windows NT Logon/Logoff Manager [01/11/2006, 0:19:05] - Re-enabling Automatic Shell Restart [01/11/2006, 0:19:05] - File to disable: C:\WINDOWS\system32\ssqqq.dll [01/11/2006, 0:19:05] - Renaming C:\WINDOWS\system32\ssqqq.dll -> C:\WINDOWS\system32\ssqqq.dll.vir [01/11/2006, 0:19:05] - File successfully renamed! [01/11/2006, 0:19:05] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 0:19:05] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 0:19:05] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 0:19:05] - Deleting ATLEvents/MSEvents Registry entries [01/11/2006, 0:19:05] - Removing HKLM\...\Winlogon\Notify\ssqqq [01/11/2006, 0:19:05] - Searching for Browser Helper Objects: [01/11/2006, 0:19:05] - BHO 1: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class) [01/11/2006, 0:19:05] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [01/11/2006, 0:19:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 0:19:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/11/2006, 0:19:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/11/2006, 0:19:05] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [01/11/2006, 0:19:05] - BHO 4: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [01/11/2006, 0:19:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 0:19:05] - Checking for HKLM\...\Winlogon\Notify\mnyviewer [01/11/2006, 0:19:05] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing. [01/11/2006, 0:19:05] - Finished Searching Browser Helper Objects [01/11/2006, 0:19:05] - Finishing up... [01/11/2006, 0:19:05] - A restart is needed. [01/11/2006, 0:19:12] - Attempting to Restart via STOP error (Blue Screen!) and the hijack: Logfile of HijackThis v1.99.1 Scan saved at 1:05:23 AM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\clipsrv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\GWHotKey.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snowest.com/fusetalk O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ? O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/.../weblaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS