moony0707 Report post Posted June 2, 2005 (edited) hi can someone please help me get rid of dyfuca and n-case, i have done a search and destroy and that wont get rid of them i also tried ewido and nailfix (in safe mode) as described in another post (cant remember the date of that post, sorry) then i did another search and destroy and they were still there. i dont know what else to try. i have posted a hijackthis log to see if that helps you, please tell me if you need anymore info and i will be glad to post it. Logfile of HijackThis v1.99.1 Scan saved at 12:46:02, on 02/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Chameleon Clock\ChamClock.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe here is my ewido scan result also --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 12:34:25, 02/06/2005 + Report-Checksum: 38DEFBC1 + Date of database: 02/06/2005 + Version of scan engine: v3.0 + Duration: 108 min + Scanned Files: 48450 + Speed: 7.44 Files/Second + Infected files: 4 + Removed files: 4 + Files put in quarantine: 4 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: No + Scanned items: C:\ + Scan result: C:\Documents and Settings\craig and karen\Cookies\craig and [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\WINDOWS\SYSTEM32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup C:\WINDOWS\SYSTEM32\p2pnetworking.exe -> Backdoor.Rbot.rc -> Cleaned with backup C:\xz.exe -> Backdoor.Rbot.rc -> Cleaned with backup ::Report End thank you for any help. moony0707 Edited June 3, 2005 by moony0707 Share this post Link to post Share on other sites
moony0707 Report post Posted June 3, 2005 could you also please tell me if im using the best spyware removal programs or if there are any more out there that you recomend thanks moony 0707 Share this post Link to post Share on other sites
moony0707 Report post Posted June 7, 2005 bumped again!!!! Share this post Link to post Share on other sites
moony0707 Report post Posted June 9, 2005 hi sorry for sounding inpatiant, my first post was sent 7 days ago and i was just wondering if by any chance someone was going to reply to it, if not just let me know and i will take my problems elsewhere, no big deal!!!! Share this post Link to post Share on other sites
'KotaGuy Report post Posted June 11, 2005 Hi moony0707! Not seeing anything really bad in your log. It has been a few days since you posted, could you post a new one. I'd like to see if anything has changed since then. Also, is it only Spybot that is picking up Dyfuca and N-Case? If so... could you do another Spybot scan and post the log from it as well please. Might just be some leftover reg entries that need cleaning up. Thanks! Share this post Link to post Share on other sites
moony0707 Report post Posted June 11, 2005 hi kotaguy thank you for replying yes its only s&d that pics it up, here are the 2 posts you want Logfile of HijackThis v1.99.1 Scan saved at 20:03:03, on 11/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Chameleon Clock\ChamClock.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe n-Case: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\salm n-Case: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\salm DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Policies\Avenue Media DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Policies\Avenue Media DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Avenue Media DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Avenue Media DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt DyFuCA.InternetOptimizer: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt --- Spybot - Search && Destroy version: 1.3 --- 2005-03-03 Includes\Cookies.sbi 2005-04-07 Includes\Dialer.sbi 2005-04-07 Includes\Hijackers.sbi 2005-03-22 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-04-07 Includes\Malware.sbi 2005-03-17 Includes\PUPS.sbi 2005-03-17 Includes\Revision.sbi 2005-02-09 Includes\Security.sbi 2005-04-07 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-04-07 Includes\Trojans.sbi let me know if there is anything else you need moony0707 Share this post Link to post Share on other sites
'KotaGuy Report post Posted June 12, 2005 Thanks for posting the logs... looks like it is just some leftover reg entries. Copy/Paste the following quote box into a new notepad document. REGEDIT4 [- HKEY_USERS\S-1-5-18\Software\salm] [- HKEY_USERS\.DEFAULT\Software\salm] [-HKEY_USERS\S-1-5-18\Software\Policies\Avenue Media] [-HKEY_USERS\.DEFAULT\Software\Policies\Avenue Media] [-HKEY_USERS\S-1-5-18\Software\Avenue Media] [-HKEY_USERS\.DEFAULT\Software\Avenue Media] [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt] [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt] Save it to your Desktop. Name it fixme.reg. Save it as File Type "All Files"(not as a text documant or it won't work). Double click fixme.reg and answer yes to merge it into the registry. Reboot and rescan with Spybot... let me know how it goes. Share this post Link to post Share on other sites
moony0707 Report post Posted June 12, 2005 almost well done dyfuca has gone but ncase still showing, here is my log n-Case: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\salm n-Case: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\salm --- Spybot - Search && Destroy version: 1.3 --- 2005-03-03 Includes\Cookies.sbi 2005-04-07 Includes\Dialer.sbi 2005-04-07 Includes\Hijackers.sbi 2005-03-22 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-04-07 Includes\Malware.sbi 2005-03-17 Includes\PUPS.sbi 2005-03-17 Includes\Revision.sbi 2005-02-09 Includes\Security.sbi 2005-04-07 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-04-07 Includes\Trojans.sbi Share this post Link to post Share on other sites
'KotaGuy Report post Posted June 12, 2005 This should work... REGEDIT4 [-HKEY_USERS\S-1-5-18\Software\salm] [-HKEY_USERS\.DEFAULT\Software\salm] Had an extra space in the first one. Save it like before. Double click and answer yes to merge it into the registry. Reboot and let me know how it goes. Share this post Link to post Share on other sites
moony0707 Report post Posted June 12, 2005 hi kotaguy.... thank you very much for all your help, my s&d result came back clean wooo hooo... you are a star... thank you again moony0707 Share this post Link to post Share on other sites
'KotaGuy Report post Posted June 13, 2005 Good to hear! Glad I was able to help. Now, some suggestions... To clean up any remnants that may have been left behind, I suggest doing a couple online virus scans. A couple good ones are Panda ActiveScan and TrendMicro HouseCall. Let them fix anything they find. Reboot between each scan. If you don't have them, download Ad-Aware and Spybot S&D. Visit this page for proper configuration of Spybot and Ad-Aware. Run and scan with both, letting them fix whatever they find. Remember to reboot between each scan. Now that your computer is clean, its a good time to reset your System Restore point. This will ensure a clean backup to fall upon if you ever need it. To do this: Right-click My Computer, and then click Properties. Click the System Restore tab. Check the "Turn off System Restore" or "Turn off System Restore on all drives" Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot. I recommend downloading and installing SpywareBlaster, SpywareGuard, and IE-SPYAD as well. You can get them from the links in my sig. The programs are free and can be updated... so please do so. Installing these will go a long way in preventing reinfection. If you don't have one, I recommend installing a Firewall. I'm sure you've heard of ZoneAlarm. Check out these links as well... How'd I get Infected and Understanding Spyware as well, some good information for you. Other than that, remember to update Windows frequently, update your protection programs, scan often and... Surf Safe! Share this post Link to post Share on other sites
moony0707 Report post Posted June 13, 2005 hi kotaguy. thank you for all those sites and programs, i will be sure to check them all out in the next few days. your advice has been invaluable. thank you again for your time and help moony0707 Share this post Link to post Share on other sites