1
   

[Resolved] abi network removal

Forums: Computers
Email this Topic Print this Page
 
 
ply340
 
Reply Wed 17 Aug, 2005 03:27 pm
I followed Timberlandko's ABI network removal instructions and this is what I came up with. Is my system clean? Any help is really appreciated.

first Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:00:38 AM, 8/17/2005
+ Report-Checksum: D4CB8257

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE} -> Spyware.SideStep : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\JAQTYWCC\setupsr[1].dll -> TrojanDownloader.Agent.fc : Cleaned with backup
C:\Documents and Settings\Default User.WINNT\Cookies\jeff@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Default User.WINNT\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\jeff@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\jeff.JEFF-0X8S34DB4Q\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINNT\system32\drv2cltr.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\WINNT\vbrun6nt.exe -> Backdoor.Agobot : Cleaned with backup


::Report End

Secong log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:40:13 PM, 8/17/2005
+ Report-Checksum: 7434D604

+ Scan result:

C:\WINNT\system32\csszz.exe -> TrojanDropper.Vidro.p : Cleaned with backup


::Report End

HighJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:34:54 PM, on 8/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\cdplayer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {F61A5056-F08D-18B0-B927-50A19980CB89} - scanSYS.dll (file missing)
R3 - URLSearchHook: (no name) - {92DE9315-B3AA-7727-6DC2-325ED8DFF9EF} - SAPSTR.dll (file missing)
R3 - URLSearchHook: (no name) - {9C7691C8-85CF-DAF1-4933-F62C0B89FA63} - TorontoMail.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [CToolBar] InpriseMon.exe
O4 - HKLM\..\Run: [typeconf] SysSupport.exe
O4 - HKLM\..\Run: [utsgmon] vxdman.exe
O4 - HKLM\..\Run: [321102] powerdll.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [xxtoolbar] PasswdMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Dev Gnu Cpp] devcpp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [clamav] forces_elite.exe
O4 - HKCU\..\Run: [wormexe] dialer423.exe
O4 - HKCU\..\Run: [Trayz] defect08.exe
O4 - HKCU\..\Run: [WinInitDll] SetupExeDll.exe
O4 - HKCU\..\Run: [AppMasterCenter] forces_elite.exe
O4 - HKCU\..\Run: [321102] ssweeper.exe
O4 - HKCU\..\Run: [XTermInit] Bogobot.exe
O4 - HKCU\..\Run: [MON76234] Serviceprocess.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{16129334-75F9-49BD-AB48-0DE342B8E5C7}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97DF17C-6AC1-47D0-92FB-F54E0FA1254A}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Thank You
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,049 • Replies: 5
No top replies

 
timberlandko
 
  1  
Reply Thu 18 Aug, 2005 06:55 pm
No, that's not a clean system yet - there are still some issues. I'm assuming you've taken all the preliminray steps, downloading all suggested apps and tools, performing online scans as recommended, and following the proceedure all the way through.

Review and print out these instructions, since some of the following steps must be taken while disconnected from the internet and while in safe mode. Gather any necessary downloads and perform any listed online scans before doing anything else. As before, perform these steps in the order and manner listed, and should you receive any error messages, please note and report the exact, verbatim message received, along with what you were doing when the error occured and what seems to have happened.

Update Ad-Aware SE, and, if you have not yet done so, download and install Ad-Aware SE's VX2 Cleaner plug in - be sure to review the instructions for the plugin, but don't run it, or Ad-Aware SE, just yet.

Update Spybot S&D. When it has updated, select "Immunize" and click the green + icon to update the program's immunization, then exit the program without running a scan.

Update Spyware Blaster, and make sure all protection is enabled.

Update Microsoft Antispyware, and check to be certain it is configured to scan all drives. Don't run it yet.

Update Ewido Security Suite. Just update it, don't run it yet. Note: see the revised configuration instructions for Ewido Security Suite HERE

Uninstall the version of Stinger you currently have, then download the latest version HERE

Download Wareout Remover to your desktop, and extract the zipped file. Just download and extract it, and make note of where it is so you can locate and launched when directed, don't run it yet.

Locate and launch CWShredder, and have it check for updates. Just update it, don't run it yet.

Disable any real-time security/privacy monitoring/protection software you may have, such as antivirus, antispyware, ad blockers, or popup stoppers, and immediately go to and run the latest version of the Microsoft Malicious Software Removal Tool

Following Microsoft Malicious Software Removal Tool's completion, with your real-time security/privacy monitoring/protection software still disabled, immediately go to and run the Trend Micro Online Spyware Scan and Removal Tool per the instructions on that page and the onscreen prompts. When the scan and clean has been completed, make note of the exact full path of any files it said it could not handle, if any, then disconnect from the internet, and do not reconnect untill this series of steps has been completed.

Boot into safe mode.

Locate and run CWShredder, having it scan and fix.

Locate the extracted Wareout Remover, click the wareout_remover.exe icon, and follow the prompts to install and run the application. Your desktop will disappear, and a series of windows will appear and disappear in relatively rapid order, this is normal. When prompted, reboot back into safe mode, locate and launch HiJackThis, run a scan, and place a checkmark next to ONLY the following entries, if they appear:

R3 - URLSearchHook: (no name) - {F61A5056-F08D-18B0-B927-50A19980CB89} - scanSYS.dll (file missing)
R3 - URLSearchHook: (no name) - {92DE9315-B3AA-7727-6DC2-325ED8DFF9EF} - SAPSTR.dll (file missing)
R3 - URLSearchHook: (no name) - {9C7691C8-85CF-DAF1-4933-F62C0B89FA63} - TorontoMail.dll (file missing)
O4 - HKLM\..\Run: [CToolBar] InpriseMon.exe
O4 - HKLM\..\Run: [typeconf] SysSupport.exe
O4 - HKLM\..\Run: [utsgmon] vxdman.exe
O4 - HKLM\..\Run: [321102] powerdll.exe
O4 - HKLM\..\Run: [xxtoolbar] PasswdMon.exe
O4 - HKCU\..\Run: [Dev Gnu Cpp] devcpp.exe
O4 - HKCU\..\Run: [clamav] forces_elite.exe
O4 - HKCU\..\Run: [wormexe] dialer423.exe
O4 - HKCU\..\Run: [Trayz] defect08.exe
O4 - HKCU\..\Run: [WinInitDll] SetupExeDll.exe
O4 - HKCU\..\Run: [AppMasterCenter] forces_elite.exe
O4 - HKCU\..\Run: [321102] ssweeper.exe
O4 - HKCU\..\Run: [XTermInit] Bogobot.exe
O4 - HKCU\..\Run: [MON76234] Serviceprocess.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{16129334-75F9-49BD-AB48-0DE342B8E5C7}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97DF17C-6AC1-47D0-92FB-F54E0FA1254A}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0027D-C00C-44BE-AED4-B343FA6001C0}: NameServer = 69.50.176.198,85.255.112.12

Click "Fix Checked", and reboot into safe mode.

Go to Start>Control Panel>Add/Remove Programs, and look for WareOut. If its there, uninstall it.

Using Windows Explorer (Windows key +E or right-click "My Computer" and select "Explore), navigate to C:\Programs, look for a folder named WareOut, and if found, delete the entire folder. Reboot into safe mode.

Locate and run EWIDO. When it prompts you for repair actions, DO NOT have it automatically repair everything found; step through the list item by item, confirming deletion only of items not associated with applications you know and trust. If you are unsure of an item, take "No action"

When EWIDO has run, reboot into safe mode, locate and launch Microsoft Antispyware, run a full system scan, and fix whatever, if anything, it finds. Do not reboot yet.

Locate and launch Ad-Aware SE, and run the VX2 Cleaner plugin. Follow that with a full scan-and-clean with Ad-Aware SE. Make certain the Custom Scan option is selected, and that the custom settings are as they should be per the instructions found in the Updated Yuckware Removal Tips topic.

Locate and run Spybot S&D, fixing all items it lists in red

Locate and launch CCleaner. Select "Issues". In the left-hand panel, deselct "Unused File Extensions", then select "Scan for Issues". When the scan has completed, select "Fix checked Issues" When prompted, save the reistry back up it will offer, then select and confirm Fix all issues" in the popup box that will appear. Do not reboot yet. Still in CCleaner, select "Cleaner", and run a full system scan and clean. When that has completed, reboot normally.

When your machine has rebooted, immediately run a scan-and-save-log with HJT (fixing nothing), and with EWIDO. Make sure youre real-time security/privacy monitoring/protection software, such as antivirus, antispyware, ad blocker, and/or pop-up stoppers is enabled, connect to the internet, navigate back here, post the latest HJT and EWIDO logs, along with any files Trend Spyware Scan and Remove said it could not deal with and/or any error messages you encountered.
0 Replies
 
ply340
 
  1  
Reply Sun 21 Aug, 2005 10:39 am
Here are the HJT and Ewido logs. I didn't encounter any problems.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:34:28 PM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\cdplayer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:09:04 AM, 8/21/2005
+ Report-Checksum: 14D5D0A9

+ Scan result:

No infected objects found.


::Report End
0 Replies
 
timberlandko
 
  1  
Reply Tue 23 Aug, 2005 12:20 pm
I'd say you're looking fine. Test things for a while - and of course stay absolutely current on all of your updates and make sure your security/privacy software is active and functioning properly. If after a brief period of normal use things seem to stay normal and you're satisfied all is as it should be, you can delete the tools you won't be using any more (they won't hurt anything, but they do take up some disk space) - though I strongly recommend keeping, using, and maintaining updates for Ad-Aware SE, CCleaner, and/or Cleanup, Microsoft Antispyware, Spybot S&D and SpywareBlaster.

When you're ready, run Cleanup one more time while in safe mode, then defrag your machine, re-enable System Restore, boot back into safe mode, and when the system has fully booted, set a fresh restore point. Reboot normally, Stay Safe Out There, and you're good to go.

I think we can mark this one resolved, but if you find otherwise, jump right back here with the details - shouldn't be any problems, though
0 Replies
 
ply340
 
  1  
Reply Tue 23 Aug, 2005 11:10 pm
Thank you very much.
I really appreciate the help.
0 Replies
 
timberlandko
 
  1  
Reply Wed 24 Aug, 2005 08:19 am
Yer weccum - glad we could help. Hope you stick around and enjoy the website - there's stuff here of interest to just about anyone. Enjoy.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » [Resolved] abi network removal
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 12/28/2025 at 03:42:27