Skip to main content

QLowZones15... Help! (to add to the pile...)

Comments

5 comments

  • Customer

    Hello,

     

    * Open hijackthis, click 'config' (bottom right)

    Choose the tab 'misc Tools' on top.

    Choose 'delete a file on reboot'

    In the field, copy and paste next:

     

    C:\WINDOWS\SYSTEM32\winexk32.dll

     

    Click open.

    Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok

    Your system should reboot now.

     

    After reboot,

     

    * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

     

    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/er...nnerInstall.cab

    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

    O20 - Winlogon Notify: winexk32 - C:\WINDOWS\SYSTEM32\winexk32.dll

     

    * Click on Fix Checked when finished and exit HijackThis.

    Make sure your Internet Explorer is closed when you click Fix Checked!

     

    * Clean your Cache and Cookies in IE:


    • Close all instances of Outlook Express and Internet Explorer


    • Go to Control Panel > Internet Options > General tab


    • Click the "Delete Cookies" button


    • Next to it, Click the "Delete Files" button


    • When prompted, place a check in: "Delete all offline content", click OK



    * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):


    • Go to Tools > Options.


    • Click Privacy in the menu on the left side of the Options window.


    • Click the Clear button located to the right of each option (History, Cookies, Cache).


    • Click OK to close the Options window
      Alternatively, you can clear all information stored while browsing by clicking Clear All.
      A confirmation dialog box will be shown before clearing the information.



    * Clean other Temporary files + Recycle bin


    • Go to start > run and type: cleanmgr and click ok.


    • Let it scan your system for files to remove.


    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.


    • Press OK to remove them.



    Post a new hijackhislog in your next reply.

    0
  • Customer

    Thanks for the reply miekiemoes it is very much appreciated! I did as you said and heres a new log readout;

     

    Logfile of HijackThis v1.99.1

    Scan saved at 15:42:21, on 08/07/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\brsvc01a.exe

    C:\WINDOWS\system32\brss01a.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    c:\program files\mcafee.com\agent\mcdetect.exe

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

    c:\program files\mcafee.com\vso\mcvsshld.exe

    c:\progra~1\mcafee.com\vso\mcvsescn.exe

    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\nvraidservice.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

    C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

    c:\program files\mcafee.com\agent\mcagent.exe

    c:\progra~1\mcafee.com\vso\mcvsftsn.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\WINDOWS\system32\wbem\unsecapp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Chris.SUPER_PUTER\Desktop\Programs\hijackthis(3)\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

    O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

    O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe

    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START

    O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe lã" -silent

    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

    0
  • Customer

    Hello,

     

    I see a clean log. How are things running now?

    0
  • Customer

    Hey I gave it a few days and no pop-ups about it from McAfee... Thank you kindly for your help

    0
  • Customer

    Glad I could help.

     

    To keep this clean in the future, I would suggest the following things:

     

    Install Spywareblaster

    SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

     

    * Avoid illegal sites, because that's where most malware is present.

    * Don't click on links inside popups.

    * Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.

    * Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

     

    Let your antispywarescanner(s) scan frequently and don't forget to update before.

     

    And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.

    Also make sure that your virusscanner, the one that is installed on your system is always up to date!

     

    Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

     

    If you are having XP SP2, read here how to configure Security Features for Internet Explorer:

    http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

     

    Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

     

    More info on how to prevent malware you can also find here (By Tony Klein)

    and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

     

    Also read: Simple and easy ways to keep your computer safe and secure on the Internet

     

    Happy surfing again!

    0

Please sign in to leave a comment.