1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Win32/Apropos.B WinNT/Zufyx.A Spyware.Apropos.C Trojan.Win32.Crypt.t

Discussion in 'Windows - Virus and spyware problems' started by masque, Jan 4, 2006.

  1. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    i have this virus on my computer. my computer will randomly stop running and just shut down out of nowhere. when i restart, i get a windows report which says it is caused by that (in the subject)
    i have run mcafee, adaware, and many other trials i have found online when looking for a solution to this before. so far, nothing has worked. i would like to not have to reformat my computer, as that is a last resort. any help would be appreciated, thanks.
     
  2. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    first of all you should send in a hijack this log so i can see what youve got there.
    (that means send the HJT log before you do anything)
    i see youve got aporpos, needs its own fix witch is,
    here but you shoudl rpint it or copy it down as you need to restart.

    Please download AproposFix from here:
    http://swandog46.geekstogo.com/aproposfix.exe

    Save it to your desktop but do NOT run it yet.

    Then please reboot your computer in Safe Mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.


    Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

    When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.


    this could get nasty but itll be sorted do that step above to get rid of that apropos first and wel see how it goes.
     
  3. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    how do i post a hijack this log? i'm really not a computer person. that's an understatement.
     
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
  5. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    dont worry even though you arent a computer person this shouldnt be too hard to fix so dont worry.

    just post a HJT log and well take a look.
     
  6. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    here is the hijack this log (BEFORE ) i ran apropos fix.
    after i post this i will follow the instructions on how to run apropos fix and post that too! thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 3:11:09 PM, on 1/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\AIM\aim.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095600097671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134427775250
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O20 - AppInit_DLLs: mad.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ialmgdev - Unknown owner - C:\WINDOWS\system32\ialmgdev.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     
  7. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    okay, this is the log.txt of apropos fix

    Log of AproposFix v1

    ************

    Running from directory:
    C:\Documents and Settings\Francesca Needham\Desktop\aproposfix

    ************

    Registry entries found:

    [HKEY_LOCAL_MACHINE\Software\CtTj2AwoJN59]
    "Device"="\\\\.\\FtdDPWD"
    "DriverPath"="C:\\WINDOWS\\system32\\drivers\\sercessr.sys"
    "DriverName"="ASPtall"
    "HideUninstallerName"="C:\\Program Files\\Xeranion\\jspsbase.exe"
    "HDll"="C:\\WINDOWS\\system32\\ilsscard.dll"
    "ServerAddress"="adchannel.contextplus.net"
    "LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
    "PartnerId"="CP.ANT2"
    "InstallationId"="{X3a4ffcd-341a-1426-cc38-79c51ba5ef26}"
    "PageFiltering"=dword:00000001
    "ClientName"="C:\\Program Files\\Xeranion\\polsaenh.exe"
    "AutoUpdater"="C:\\WINDOWS\\system32\\umdwexec.exe"
    "Version"="2.0.131"
    "LastAURestoreMsgTS"="2006:01:05-20:13:03:171"
    @="m0\\R8JJYZZYZZaZrRBp\\4pYZZYobZ4uzp 40ZQWQRCKfeZBPGTCPQZQCPACQQPaQWQ"
    --
    [HKEY_LOCAL_MACHINE\Software\Aprps]

    [HKEY_LOCAL_MACHINE\Software\Aprps\Client]
    "PartnerId"="WB.VER2"


    ************

    Removing hidden service:
    Service ASPtall removed.

    Removing hidden folder:
    Deletion of folder Xeranion succeeded!

    Deleting files:

    Deletion of file C:\WINDOWS\system32\drivers\sercessr.sys succeeded!
    Deletion of file C:\WINDOWS\system32\umdwexec.exe succeeded!
    Deletion of file C:\WINDOWS\system32\ilsscard.dll succeeded!

    Backing up files:
    Done!

    Removing registry entries:

    REGEDIT4

    [-HKEY_CURRENT_USER\Software\CtTj2AwoJN59]
    [-HKEY_CURRENT_USER\Software\Aprps]
    [-HKEY_LOCAL_MACHINE\Software\CtTj2AwoJN59]
    [-HKEY_LOCAL_MACHINE\Software\Aprps]

    Done!

    Finished!


    and now the new hijack this log after i ran apropos fix..


    ogfile of HijackThis v1.99.1
    Scan saved at 3:22:30 PM, on 1/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095600097671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134427775250
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O20 - AppInit_DLLs: mad.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: ialmgdev - Unknown owner - C:\WINDOWS\system32\ialmgdev.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     
  8. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    ok ill look at the HJT log in a sec (it'll take me 10 mins so be patient), the apropos should be gone, you tell me if you are getting any of the symptoms , ill look at the HJT log now.

     
  9. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    so far, nothing! but then again, it's only been a few minutes. and don't worry about me patient, i can wait as long as you'd like, ireally appreciate your help!
     
  10. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    looks clean my friend,let me know if anything happends i think your clean for now.

     
  11. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    awesome! i'll post again if anything happens. thank you so much
     
  12. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    no problems masque, ill just take another look at that HJT log to make sure i didnt miss anything.

    and yeh you do post aggain if anything pops up as it may do that(not very likely though)and ill be happy to help.

    good luck masque hope nothing pops up, also run the new update from microsoft updates site the WMF bug has been fixed and we'll all need this update so do it a.s.a.p.

     
  13. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    all right! thanks! also, is there anything i can do to prevent this from happening in the future (besides like virus scans, etc...) or why it happened?
     
  14. ozzymary

    ozzymary Guest

    good ?????????????
     
  15. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    @masgue

    There´s still a lot of stuff that is not so safe in your log....

    Remove via add/remove programs ( located in control panel )

    Weatherbug
    AIM Toolbar

    Fix these entries with HjT:

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O20 - AppInit_DLLs: mad.dll
    O23 - Service: ialmgdev - Unknown owner - C:\WINDOWS\system32\ialmgdev.exe (file missing)


    Then make your hidden and system files visible ->
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html


    Boot in safe mode (press F8 while booting and select safe mode from appearing menu)

    Delete these, if found:
    C:\Program Files\======>AIM Toolbar<======= Folder
    C:\Program Files\AWS\==>WeatherBug<======== Folder
    C:\WINDOWS\system32\===>ialmgdev.exe<====== File

    Post a fresh log after these are done
     
    Last edited: Jan 5, 2006
  16. masque

    masque Member

    Joined:
    Jan 4, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    will do..if i delete aim toolbar my AIM will not be erased though, right? thanks.
     
  17. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    well sperti, Weatherbug, AIM Toolbar.

    when i looked at the HJT log, i searched for this weird "weatherbug" and its known to be spyware etc free, i wouldnt say its too dangerous you know, but i geuss im with you in saying you shouldnt get theese weird freebies and maybe he should remove it, but i cant say its too dangerous but to be safe maybe he should remove it.

    btw if you want to know the weather then the weather tool bar add on for mozilla firefox is so great, gives you the forcast.

    well as for the other one i cant realy say.
     
  18. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    It will. So if you wan´t to leave it just don´t fix that 08 line and don´t delete the directory. And ofcourse don´t remove it from control panel either. Yesterday when I checked that somewher I thought it includes spyware but now i can´t find the link anywhere!!! So at the moment let´s keep it safe. I´ll try to check it later in some point.

    Weatherbug is commonly known to include spyware, so at least that should go.

    Edit: I personally just don´t like these weird toolbars etc. if you can´t be 100% sure they should be removed....
     
    Last edited: Jan 6, 2006
  19. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    ok well baiscly it is not spyware however the program is considered adware since the free version is ad-supported.

    http://ww3.weatherbug.com/aws/notSpyware.asp


    thats the site it explains everything, i dont think itll do anything to you but get rid of it its not needed why not get the weather toolbar add on for mozzila firefox, much better.

    and as for the AIM toolbar youll have to listen to spertti fot that one as i am not sure.
     
  20. vic234

    vic234 Member

    Joined:
    Jan 7, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    i'm also having the same problem. I presume that if I follow the instrctions given above i will be able to fix it? if you could help me that'd be great!! thanks
     

Share This Page