Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My oh my.... [CLOSED]


  • This topic is locked This topic is locked

#1
aston521

aston521

    New Member

  • Member
  • Pip
  • 8 posts
Well, I am in the fortunate position of only being able to open most files through the run command on start menu. On the desktop, IE and Outlook seem to be alright as well as my computer, but the rest of the programs have this general MS icon. When I try to open them I get the 'open with' box....so it is not liking it.

As for Control Panel, 'access is denied', again unless I open the cpl file via 'Run'.

Another thing that worries me is the presence of two networks on Zonealarm when I am just a home user, and sure, I have my normal dial-up one, but the other????

I felt compelled to downloading McAfee for a couple off weeks, and I managed to bin PWS-IN and W32/SDBot....but still no joy opening files. ..and as for NAV, well I couldn't even get it to install properly! I have reinstalled critical updates which seemed to have been wiped out, and I decided to do a Scandisk tonight. It nigh on killed my computer as it went to a DOS screen and said there were errors on the drive it couldn't fix.

A nice cup of tea later, it scanned ok, and I can get Windows back up, but still.....hmmm......I need to call on an expert for this I think.

Here is some of my Search/Destroy 'appendage' (log file is it?) if it might help y'all....it's a bit long, huh?

Anyway, if you can help me resurrect this....you will be in my heart.....

Thanking you in advance... If there is anything I can do, please shout....

Matthew



--- System information ---
Windows 98 (Build: 1998)
/ DirectX: DirectX Update 819696
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 320920


--- Startup entries list ---
Spybot-S&D Startup list report, 22/04/04 04:13:03

Located: HK_LM:Run, TaskMonitor
file: C:\WINDOWS\taskmon.exe
MD5: E3638DF27264132F18B43802C96EFBBA

Located: HK_LM:Run, Zone Labs Client
file: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
MD5: 0B4F59FA1E3BCA0C60FBD06A05CF2FA1

Located: HK_LM:Run, VSOCheckTask
file: "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

Located: HK_LM:Run, VirusScan Online
file: "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

Located: HK_LM:Run, MCAgentExe
file: C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
MD5: 11D3B8D5275DD8CA25200E9B8434E2FC

Located: HK_LM:Run, MCUpdateExe
file: C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
MD5: 15C3944C4B220962C8F5FAB20E1EE375

Located: HK_LM:RunOnce, GrpConv (DISABLED)
file: grpconv.exe -o

Located: HK_LM:RunServices, TrueVector
file: C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

Located: HK_LM:RunServices, McVsRte
file: C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
file: mstask.exe



--- Browser helper object list ---
Spybot-S&D Browser helper object report, 22/04/04 04:13:03

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Class file: ACROIEHELPER.OCX
Path: C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\
Class name: AcroIEHlprObj Class
CLSID database: legitimate software
Description: Adobe Acrobat reader
Filename: ACROIEHELPER.OCX

{53707962-6F74-2D53-2644-206D7942484F}
Class file: SDHELPER.DLL
Attributes:
Date: 16/03/03 01:02:00
MD5: 423CBD3CFAEEB62C5C97A9449567B474
Path: C:\PROGRA~1\ZONELA~1\SPYBOT~1\SPYBOT~1\
Short name: SDHELPER.DLL
Size: 711168 bytes
Version: 255.255.255.255
CLSID database: legitimate software
Description: Spybot-S&D IE Browser plugin
Filename: SDHelper.dll


--- Process list ---
Spybot-S&D process list report, 22/04/04 04:13:03

PID: 4292873487 (4294868739) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
PID: 4292940427 (4294868739) C:\WINDOWS\TASKMON.EXE
PID: 4292942539 (4294868739) C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
PID: 4292977015 (4294868739) C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
PID: 4293033103 (4294868739) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
PID: 4293040791 (4292873487) C:\WINDOWS\SYSTEM\RNAAPP.EXE
PID: 4293113571 (4293040791) C:\WINDOWS\SYSTEM\TAPISRV.EXE
PID: 4293129883 (4294868739) C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
PID: 4293204787 (4293044591) C:\WINDOWS\SYSTEM\DDHELP.EXE
PID: 4293261691 (4294868739) C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
PID: 4293286067 (4294868739) C:\PROGRAM FILES\ZONE LABS\SPYBOT - SEARCH & DESTROY\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
PID: 4293387443 (4294868739) C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
PID: 4293857491 (2123440431) C:\WINDOWS\SYSTEM\KERNEL32.DLL
PID: 4294868739 (4294919243) C:\WINDOWS\EXPLORER.EXE
PID: 4294919243 (4293857491) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
PID: 4294921299 (4294919243) C:\WINDOWS\SYSTEM\SPOOL32.EXE
PID: 4294925955 (4294919243) C:\WINDOWS\SYSTEM\MPREXE.EXE
PID: 4294941487 (4294925955) C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
PID: 4294948315 (4294919243) C:\WINDOWS\SYSTEM\mmtask.tsk
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Welcome Aston, <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.


ditto
  • 0

#3
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ditto,

Much obliged for getting back to me. Here's the lowdown on what I have, 'uncut'... This is narking me, and I'm no expert, but I can't help feeling some files have been eaten, or in my 'take no prisoners' haste, I have inadvertently done it myself??!!!!! <_<

Regards...


Logfile of HijackThis v1.97.7
Scan saved at 05:54:08, on 23/04/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ZONELA~1\SPYBOT~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7982.0964236111
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...351/mcfscan.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Welcome aston521 :D

You seem to have done a very good job yourself <_<

A little cleaning up to do. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

When finished Reboot your system.

To be safe I'd also recommend a free specialized scan for trojans--The Cleaner:
http://www.moosoft.com/

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#5
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the suggestions, and I have done everything you suggest. The Cleaner spotted some unexpected occurrence in my 'system.ini' file straight away. I clicked on edit, but being a tad apprehensive when the notepad screen came up, I decided just to shut it down....thought I'd check with you guys first if a simple cut/paste operation was in order.....

Now when I run 'The Cleaner', it doesn't find anything at all....so did it fix it automatically? ..and unfortunately after rebooting after every operation, it is still no better.....and the run command is the only way ahead.....

Do you want another HijackThis log, or a Cleaner log, or a copy of my system.ini file??? <_<
  • 0

#6
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey, some good news though?! Now when I try to open something on Control Panel, I no longer get 'Access is Denied', just the same old 'Open With' window but for 'rundll32.exe'...which of course is completely circular, and I still end up getting nowhere, but I think we've turned the gas up on this little critter....

Ciao for now and thanks for your ongoing advice! <_<
  • 0

#7
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Let's try running Ad-aware, and when finished post an Ad-aware log. <_<

Adaware: http://www.lavasoftu...ftware/adaware/
  • 0

#8
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, the latest edition of adware has thrown up the following, and I have quarantined the files, even though I'm pretty sure they're safe to delete. Have just rebooted, in vain hope, but knowing there's more to do......

What's the next move here please?

Regards....


#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293857563
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:44:38
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294919555
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:44:59
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294922803
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:44:58
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294945779
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 05/10/02 06:45:26
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:5 [mcvsrte.exe]
FilePath : C:\PROGRAM FILES\MCAFEE.COM\VSO\
ProcessID : 4294847751
Threads : 2
Priority : Normal
FileSize : 104 KB
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 08/08/03 17:04:38
Last accessed : 22/04/04 23:00:00
Last modified : 08/08/03 17:04:38

#:6 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294861223
Threads : 6
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 05/10/02 06:44:56
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:7 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4292951535
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:45:01
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:8 [mcvsshld.exe]
FilePath : C:\PROGRAM FILES\MCAFEE.COM\VSO\
ProcessID : 4292939635
Threads : 1
Priority : Normal
FileSize : 160 KB
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 17/08/03 20:50:34
Last accessed : 22/04/04 23:00:00
Last modified : 17/08/03 20:50:34

#:9 [mcvsescn.exe]
FilePath : C:\PROGRAM FILES\MCAFEE.COM\VSO\
ProcessID : 4292957779
Threads : 1
Priority : Normal
FileSize : 404 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 28/09/03 12:47:00
Last accessed : 22/04/04 23:00:00
Last modified : 28/09/03 12:47:00

#:10 [mcagent.exe]
FilePath : C:\PROGRAM FILES\MCAFEE.COM\AGENT\
ProcessID : 4292969931
Threads : 1
Priority : Normal
FileSize : 240 KB
FileVersion : 4, 3, 0, 27
ProductVersion : 4, 3, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 08/12/03 14:38:52
Last accessed : 22/04/04 23:00:00
Last modified : 08/12/03 14:38:52

#:11 [tca.exe]
FilePath : C:\PROGRAM FILES\ZONE LABS\THE CLEANER\
ProcessID : 4292990387
Threads : 4
Priority : Normal
FileSize : 617 KB
FileVersion : 3.1.0.3073
ProductVersion : 3.1.0.0
Copyright : © 2000-2004 MooSoft Development
CompanyName : MooSoft Development
FileDescription : The Cleaner Active Process Monitor
InternalName : TCActive!
OriginalFilename : tca.exe
ProductName : TCActive
Created on : 09/04/04 08:26:37
Last accessed : 22/04/04 23:00:00
Last modified : 09/04/04 08:26:38

#:12 [tcm.exe]
FilePath : C:\PROGRAM FILES\ZONE LABS\THE CLEANER\
ProcessID : 4292980643
Threads : 2
Priority : Normal
FileSize : 379 KB
FileVersion : 2.1.0.2043
ProductVersion : 2.1.0.0
Copyright : 2000-2004 MooSoft Development
CompanyName : MooSoft Development
FileDescription : The Cleaner Registry and File Monitor
InternalName : TCMonitor
OriginalFilename : tcm.exe
ProductName : TC Monitor
Created on : 13/03/04 12:48:53
Last accessed : 22/04/04 23:00:00
Last modified : 13/03/04 12:48:54

#:13 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292929075
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright © Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 18/06/01 11:33:20
Last accessed : 22/04/04 23:00:00
Last modified : 18/06/01 11:33:20

#:14 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293015603
Threads : 5
Priority : Realtime
FileSize : 32 KB
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 24/01/04 20:27:33
Last accessed : 22/04/04 23:00:00
Last modified : 11/12/02 23:14:32

#:15 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4293003639
Threads : 26
Priority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 20/04/04 21:24:00
Last accessed : 22/04/04 23:00:00
Last modified : 28/08/02 23:00:00

#:16 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293062203
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:46:03
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:17 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293056595
Threads : 6
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 05/10/02 06:45:01
Last accessed : 22/04/04 23:00:00
Last modified : 11/05/98 18:01:00

#:18 [ypager.exe]
FilePath : C:\PROGRAM FILES\YAHOO!\MESSENGER\
ProcessID : 4293332839
Threads : 9
Priority : Normal
FileSize : 1456 KB
FileVersion : 5, 6, 0, 1344
ProductVersion : 5, 6, 0, 1344
Copyright : Copyright 1998-2003
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
OriginalFilename : YPager.exe
ProductName : Yahoo! Messenger
Created on : 03/08/03 10:35:40
Last accessed : 22/04/04 23:00:00
Last modified : 15/07/03 13:40:54

#:19 [mcvsftsn.exe]
FilePath : C:\PROGRAM FILES\MCAFEE.COM\VSO\
ProcessID : 4294871935
Threads : 1
Priority : Normal
FileSize : 216 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
OriginalFilename : mcvsftsn.EXE
ProductName : McAfee VirusScan
Created on : 29/09/03 14:38:16
Last accessed : 22/04/04 23:00:00
Last modified : 29/09/03 14:38:16

#:20 [zlclient.exe]
FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\
ProcessID : 4293097507
Threads : 7
Priority : Normal
FileSize : 677 KB
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 20/04/04 00:04:21
Last accessed : 22/04/04 23:00:00
Last modified : 01/04/04 08:30:04

#:21 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM\ZONELABS\
ProcessID : 4293029375
Threads : 18
Priority : Normal
FileSize : 805 KB
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 20/04/04 00:04:20
Last accessed : 22/04/04 23:00:00
Last modified : 01/04/04 08:29:14

#:22 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\ZONE LABS\AD-AWARE 6\
ProcessID : 4293465231
Threads : 4
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 23/04/04 18:11:20
Last accessed : 22/04/04 23:00:00
Last modified : 12/07/03 20:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 2
Objects found so far: 2


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 2


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Scanning Hosts file(C:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
8035 entries scanned.
New objects :0
Objects found so far: 2




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\teensguru.com


TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com


TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\i-lookup.com


TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{00000183-C745-43D2-44F1-01A1C789C738}


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 4
Objects found so far: 6


19:37:22 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:04:52:40
Objects scanned :44355
Objects identified :6
Objects ignored :0
New objects :6
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I don't see anything in your Hijack Log except for those few benign registry keys. I think we're dealing with Operating System corruption (Windows). Can you provide any more details on your problems, and/or any error messages you receive?
  • 0

#10
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yeah, I thought so too - must have once of the cleanest computers this side of Texas now......

I don't actually get any error messages. Just if I want to open a program, eg Word, I am asked what I would like to 'Open With'.... Of course, this does not work as the programs will not open in the first place..... I mentioned that 'Access was deinied' Control Panel to my control panel files but this seems to hae been remedied.

From the desktop, I can open IE, probably Outlook (though I haven't tried), My Computer and some jpeg files. The rest all have the white square icon with the MS Window. The same applies to the Start Menu. I can't open anything directly except for Explorer.

The computer is still 'open' as Zone Alarm is blocking requests to access 'SUE' (My Mom's name), which previously it wasn't.....so yes, it seems as though there is a backdoor ajar somewhere to me, and I mentioned about Zone Alarm in my first post I have two Zones in my 'Firewall' tab, one if which is my standard dial-up connection, but a new one which has appeared merely called 'New Network' with the parameters 3.0.0.2/255.255.255.255....I can't delete this straight away but feel that this holds the key to the problem, if only in that it illustrates it. I may be barking up the wrong tree completely of course and maybe I need to reinstall something somewhere. I have all critical updates though and am at a bit of a loss...

File Name Virus Name
C:\WINDOWS\SYSTEM\MsAgent32.exe PWS-IN
C:\WINDOWS\SYSTEM\msgfix.exe W32/Sdbot.worm
C:\WINDOWS\rb3.exe W32/Sdbot.worm
C:\WINDOWS\regsvr.exe PWS-IN

I believe this is what I got rid of when I did the first McAfee scan, but the essential files are all there now??? Is there anything missing from my start-up list??? ..or can I do something to MSConfig? :D

Your best ideas would be much appreciated. If there's some other way you can connect to this system to have a look around, we could do that.....maybe? Seems like everyone else can.....

<_<
  • 0

#11
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well good morning to you all......

Another ScanDisk later and whathaveyou, I have just decided to run the Windows Setup file again and dare I say, everything seems to be back to normal now - apart from the annoying identification I get in Zone Alarm, but I think it's easier just to live with that until something else goes wrong. At least my exe files are no exe-able....

Many thanks for your hints and tips, and you never know, watch this space!

Kind regards.......
  • 0

#12
aston521

aston521

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yaar man......

Sure enough after a week-end off, my Yahoo password was changed on Saturday, and after recovering my account, I have a flurry of messages saying "What's that?" and "Why are you sending me a virus?"......

Do I need to re-install Windows completely here as it's not going away...??? It's not nice but I really don't know what else to do..... By the way, how would I reinstall Windows and get rid of all the peripheral stuff? Do I just boot from the CD or ?????

<_<
  • 0

#13
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
:D Bummer, thought you had it fixed. :D

Before you slash and burn let's try a few tools again. First dump McAfee, since it's either been compromised or isn't working, uninstall using Add/Remove. AVG's free version works very well. I'd recommend you install, update and run a system scan:
http://www.grisoft.c...s_dwnl_free.php

Next, visit Trend and run a free online virus scan:
http://housecall.ant...start_frame.asp

Followed by another go with the Cleaner:
http://www.moosoft.com/

And finally Trojan Hunter:
http://www.misec.net/trojanhunter/

Run each of these tools until it reports your system's clean! If there's something that can't be repaired please reply. :P

I know it's no fun for you, but I kind of like the challenge <_<
  • 0

#14
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP