[agentbb]

Heres the new HJT log....


What do you think?


Logfile of HijackThis v1.99.1
Scan saved at 12:19:20 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bob Bearden\Desktop\HJT Backup 5-27-05\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[Advertisements]

I think we can get rid of McAfee ActiveX controls now

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab

Close Hijackthis.

Any better at all?

If not, then I'm going to have a Moderator move this topic to another forum as your system is completely clean as well as protected so it's an issue I won't be able to help you with.

[Michelle]

I think we can get rid of McAfee ActiveX controls now

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab

Close Hijackthis.

Any better at all?

If not, then I'm going to have a Moderator move this topic to another forum as your system is completely clean as well as protected so it's an issue I won't be able to help you with.

[agentbb]

Well....I guess I should be content with 1100kb.....it's a [bleep] of alot better than 26.4kb!

I can't tell you how much I appreciate all that you have done to help me.

You have been outstanding and most professional in every way!

I would like to ask a couple of questions if it's alright?

1) I still can see McAfee when I go to Start / Programs...there all still there....any suggestions?

2) Do you think that someone else might have any ides on what has happened to take 1/3 of my internet speed?

Thanks again and I hope to stay in touch....just not via Viruses or Malware.

Bob.

[Michelle]

1) I still can see McAfee when I go to Start / Programs...there all still there....any suggestions?

Remember when I was instructing you to remove it in HiJackthis in chat? That's how we'll do it.

Here are the instructions:

Run HiJackThis.
Click on "Open Misc Tools Section"
Click on "Open Uninstall Manager"
Scroll down the list on the lefthand side to find McAfee.
Click McAfee once to highlight it.
After ONLY McAfee is highlighted on the right side click "Delete this Entry"
Click "Yes" if prompted
Click "Refresh List" to make sure it's gone.

No, you do not need to save the list because all that does is create a text file it doesn't actually "save" it.

Let me know how that goes.

Edited by bananafanafo, 27 May 2005 - 12:35 PM.

[agentbb]

Hey!

I just did as you instructed but there was no McAfee in the HiJackthis Uninstall Manager.

What would you have me do now?

[Michelle]

What does it do when you click the "change/remove" button?

It's really not doing anything bad to your computer, it's just a leftover entry that means nothing since McAfee is gone.

[agentbb]

Sorry for the delay!

When I right click o it and try to delete it it takes me to Add/remove programs to remove the program but there is nothing there.

Can I get rid of it in some other fashion?

It's in my list of programs when I go Start Menu / All Programs / McAfee

[Michelle]

So, it is gone from Add/Remove programs. You want it off of your start menu! Ah I see. Ok give me a second

[Michelle]

Ok when you right click to delete the folders it should be a delete confirmation that just says you need to remove them from Add/Remove programs to but you do not need to go to Add/Remove programs and still delete them.

Tell me exactly what the message says when you try to delete them. Just highlight everything in the little prompt box, then press CTRL + C to copy then paste it here.

[agentbb]

ok....this time I right clicked on the main McAfee name and deleted it and I think it worked!

I'll reboot and let you know in a few minutes.

Talk to you soon!

Bob.

[agentbb]

Hello!

I have some really good but rather odd news......I'll try to make this as simple as possible.

OK....You got McAfee out of my Start up menu which is really good news!

I can't tell you how glad I am to be able to scroll thru my programs and not see that name!

Now this is where the wierdness starts.......while I was on line connected to Kazaa..I did a speed test.

At first it was the usual 1300kb. But when I started to preview a download it jumped up to 4100kb.......what's that all about!

Tell me what you think......I did notice that Kerio FW was rather active (don't know if that has anything to do with it or not)

[agentbb]

Hey!

I gotta run but will be back tomorrow morning to check and see what you think....
(I'm really intrigued about this kazaa preview thing)

Thanks again for all your help!

Bob.


P.S.

Have you checked your pay-pal today?

[Michelle]

Well I'm glad McAfee is finally gone once and for all!

That is really strange that your speed would jump to "normal" while you're running Kazaa, one would think it would be the other way around?? Interesting... I don't know much about Kazaa as I never recommend running P2P programs, well, because I remove malware from systems on a daily basis and P2P programs do not help the matters any, to say the least.

Let me see if I can think of anything that would cause that, although I highly doubt I will be able to come to a conclusion about that one!

If I can not figure it out, would you like me to move your topic to another applicable forum where they may be able to help you with this problem?

PS - Thank you very much! You did not have to do that!! That was very sweet of you!

[agentbb]

Hi!

If you can't think of any reason that this would happen or come up with any plan or course of action to take please refer me to someone that might be able to help.

Once again I really appreciate all of your help (and patience!) in ridding me of the Viruses and Malware and the whole McAfee thing and everthing else that you've done!

Please let me know what I should expect to happen next as far as someone else looking into this speed issue.

Just whenever you get a chance.

Thanks!

Bob.

[Michelle]

Bob - I had an epiphany of sorts lol

You have XP SP 2 which means you have the XP firewall, then you also installed the Kerio firewall, so I think it may be because you have both of these firewalls running at the same time. Please uninstall the Kerio firewall for the moment then try disabling SpyBot Teatimer and see if you internet speed gets back up to normal. PLEASE do not run Kazaa while these items are disabled.

To disable Teatimer:
* Open Spybot.
* Click MODE, then check ADVANCED MODE, click YES
* Click TOOLS > RESIDENT.
* Uncheck Teatimer.
* Click ALLOW CHANGE.

To remove Kerio:
Go to Start > Control Panel > Add or Remove Programs and remove:

Kerio

Reboot after disabling teatimer and removing Kerio.

Let me know how that goes!

Edited by bananafanafo, 31 May 2005 - 03:03 PM.