Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJack this Log after Spyware Sleep - Please Advis

Started by blackbeard , Oct 15 2004 11:45 AM

  • Please log in to reply

#1
blackbeard
Posted 15 October 2004 - 11:45 AM

blackbeard

    banned

  • Banned
  • PipPip
  • 36 posts
Am attaching Loffile from HiJack this after a sweep with Ad-Aware.............

Please can an expert advise on just which Reg Entries I can Axe!!!!!

Thanks!!!!

Logfile of HijackThis v1.98.2
Scan saved at 13:32:42, on 15/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\1XConfig.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Wacom\TabUserW.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\All Users\Documents\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\Tiny Disk\Tiny Disk\TinyMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\Tiny Disk\Tiny Disk\USBTD.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab

Edited by soxrok, 15 October 2004 - 04:41 PM.

  • 0

Advertisements

#2
Smokey
Posted 16 October 2004 - 04:50 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Before we start cleaning up your log, please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0

#3
blackbeard
Posted 16 October 2004 - 06:14 PM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts

Before we start cleaning up your log, please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

View Post


REPLY:

And what exactly is wrong with McAfee Virus Scan Online whch is patched up to the Minute?????

I have been running this aand spybot and ad-aware and registry mechanic all day now so this is not what I expect in the form of a reply.............. My current Hijack this Logfile now reads as below (and there are no signs of Trojans or any other kind of Virus on my machine from what I can see and i plan to keep it that way!!!). Right Now there's probably not a single Web site in existence that I trust!!!!!


Ad-Aware SE Build 1.05
Logfile Created on:16 October 2004 12:54:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R13 16.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):6 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
WinAD(TAC index:7):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R13 16.10.2004
Internal build : 18
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 363648 Bytes
Total size : 1150665 Bytes
Signature data size : 1124607 Bytes
Reference data size : 25546 Bytes
Signatures total : 31779
Fingerprints total : 291
Fingerprints size : 12292 Bytes
Target categories : 15
Target families : 589


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:54 %
Total physical memory:523496 kb
Available physical memory:282124 kb
Total page file size:1279192 kb
Available on page file:1080660 kb
Total virtual memory:2097024 kb
Available virtual memory:2050456 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


16/10/2004 12:54:35 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1204
ThreadCreationTime : 16/10/2004 16:53:15
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 16/10/2004 16:53:18
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 16/10/2004 16:53:20
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 16/10/2004 16:53:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 16/10/2004 16:53:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1532
ThreadCreationTime : 16/10/2004 16:53:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1576
ThreadCreationTime : 16/10/2004 16:53:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1740
ThreadCreationTime : 16/10/2004 16:53:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1780
ThreadCreationTime : 16/10/2004 16:53:21
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1832
ThreadCreationTime : 16/10/2004 16:53:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1892
ThreadCreationTime : 16/10/2004 16:53:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 16/10/2004 16:53:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 788
ThreadCreationTime : 16/10/2004 16:53:27
BasePriority : High
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 824
ThreadCreationTime : 16/10/2004 16:53:28
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:15 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1016
ThreadCreationTime : 16/10/2004 16:53:33
BasePriority : Normal


#:16 [inetinfo.exe]
FilePath : C:\WINDOWS\System32\inetsrv\
ProcessID : 1056
ThreadCreationTime : 16/10/2004 16:53:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:17 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 1080
ThreadCreationTime : 16/10/2004 16:53:33
BasePriority : Normal
FileVersion : 2, 0, 4, 2
ProductVersion : 2, 0, 4, 2
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2003
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows NT/2000/XP

#:18 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1100
ThreadCreationTime : 16/10/2004 16:53:34
BasePriority : Normal
FileVersion : 9, 0, 0, 10
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1136
ThreadCreationTime : 16/10/2004 16:53:34
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [mysqld-nt.exe]
FilePath : C:\mysql\bin\
ProcessID : 1280
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal


#:21 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 140
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 6.14.10.4482
ProductVersion : 6.14.10.4482
ProductName : NVIDIA Driver Helper Service, Version 44.82
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.82
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:22 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1644
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:23 [mcvsshld.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1660
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:24 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1696
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:25 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1884
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1996
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : High


#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 240
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:28 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1968
ThreadCreationTime : 16/10/2004 16:53:35
BasePriority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:29 [wfxsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1640
ThreadCreationTime : 16/10/2004 16:53:39
BasePriority : Normal
FileVersion : 10.00.2000.0929
ProductVersion : 10.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-2000
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:30 [wfxmod32.exe]
FilePath : C:\Program Files\WinFax\
ProcessID : 1728
ThreadCreationTime : 16/10/2004 16:53:39
BasePriority : High
FileVersion : 10.00.2001.0910
ProductVersion : 10.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-2000
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:31 [fxssvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1932
ThreadCreationTime : 16/10/2004 16:53:39
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Fax Service
InternalName : FXSSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE

#:32 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2216
ThreadCreationTime : 16/10/2004 16:53:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:33 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2476
ThreadCreationTime : 16/10/2004 16:53:41
BasePriority : High


#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2760
ThreadCreationTime : 16/10/2004 16:53:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:35 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3188
ThreadCreationTime : 16/10/2004 16:53:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:36 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3700
ThreadCreationTime : 16/10/2004 16:54:26
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : File
Data : temp.fr9ECC
Category : Malware
Comment :
Object : C:\Documents and Settings\Ranillito\Local Settings\Temp\



BlazeFind Object Recognized!
Type : File
Data : temp.frCB5D
Category : Malware
Comment :
Object : C:\Documents and Settings\Ranillito\Local Settings\Temp\



BlazeFind Object Recognized!
Type : File
Data : A0125439.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\



Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0125440.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\



WinAD Object Recognized!
Type : File
Data : A0125441.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\



BlazeFind Object Recognized!
Type : File
Data : A0125442.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


BlazeFind Object Recognized!
Type : File
Data : A0125446.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\



BlazeFind Object Recognized!
Type : File
Data : A0125447.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7199FB27-90AD-40B6-A41F-C3DB1D06DA5F}\RP289\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

13:15:01 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:25.402
Objects scanned:215931
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0

#4
blackbeard
Posted 16 October 2004 - 06:40 PM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts
Apologies................ Wrong Log file Posted................. Here is the HijackThis File Info after the clean up:

Logfile of HijackThis v1.98.2
Scan saved at 13:46:28, on 16/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Wacom\TabUserW.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Documents\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
  • 0

#5
coachwife6
Posted 16 October 2004 - 07:22 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please repost in a different font. It is very difficult for an old lady to keep her concentration looking at that font. <_<
  • 0

#6
blackbeard
Posted 17 October 2004 - 02:13 AM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts
Apologies................ Wrong Log file Posted................. Here is the HijackThis File Info after the clean up:

Logfile of HijackThis v1.98.2
Scan saved at 13:46:28, on 16/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Wacom\TabUserW.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Documents\Utilities\HijackThis.exe[/hr]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intercable.com.ve/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.intercable.com.ve/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ranillito\Application Data\Mozilla\Profiles\default\tb0kkohz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B0876695

[edited font]

Edited by admin, 17 October 2004 - 12:29 PM.

  • 0

#7
coachwife6
Posted 17 October 2004 - 12:11 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Removed post.

Edited by coachwife6, 17 October 2004 - 12:12 PM.

  • 0

#8
admin
Posted 17 October 2004 - 12:28 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

And what exactly is wrong with McAfee Virus Scan Online whch is patched up to the Minute?????

McAfee is in my opinion the worst antivirus program you can have installed on your system. I base my opinion on the thousands of logs I have reviewed, and the percentage of McAfee protected systems that are infected with viruses.

I have been running this aand spybot and ad-aware and registry mechanic all day now so this is not what I expect in the form of a reply..............

If you're not happy with this FREE assistance provided by the VOLUNTEERS on this forum, do us all a favor, and go ask for help somewhere else. If you do not treat the members and staff of site this with trust, respect, and courtesty, I will delete your account and ban your IP from this server.

My current Hijack this Logfile now reads as below

Your log is clear. The only problems I see with you Adaware log are in the temp and recovery folders.

1. Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

2. Reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Are you having a problems with your system?
  • 0

#9
blackbeard
Posted 17 October 2004 - 01:48 PM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts
Dear Coachwife,

Thank you very much for the kind understanding and swift assistence in that you were the only one to champion my cause in what was ultimately a relatively swift solution to the problem and seemingly evidence that the tools that have at my disposal are both trustworthy and seemingly efficint enough to deal with these cancers at the time of

To whoever in admin it was who posted those comments - I appreciate the help and as you can see give praise where praise is due.................. comments and threats like yours are unconstrucive............... Bear in mind I was left initially 24 hours without any response at all from any single one your moderators and when it eventually came it was to suggest I use even more tools to rectify this problem................... From what I can see your forum as well as the majority of others in evistence eventually suggest running 'ad-aware' and 'HijackThis' anyway which is why I downloaded them and ran the scans before I posted to begin with - to save time and to help your moderators in assisting me...............

So if it's your decision to ban me then go ahead and do so - I normally do not have to wait 24 hours for a reply to a forum post in an emergency anyway. I accept there are a lot of difficult people in this world and just for the record I am a Volunteer in one or two of these Forums also and generally offer a lot of good advice and am duly thanked for it but don't threaten people for use of intellect and a bit of cop-on in the Maveric style you seemingly prefer to adopt..... Maybe you're an ex-Microsoft Employee (or worse still a current one!!!!) . If I am to be penalised from asking a question or two (as you quote, incidentally) and am a little reluctant to use online scans as it is malicious online content that causes these problems in the first place, then so be it.................. Mete out the same punishment to all your members and before too long you have no more forum!!!!!! I guess then maybe YOU are por- ALIENATION.

Thanks a million once again Coachwife - As you know, we both posted very late lst night - in my case I relplied at 4.00am local time - and was delighted to find your post when I opened my mail this morning. You're a superstar!!!! - wish there was a little more ncy among other members though!!!!!! Que vaya bien!!!!!!
  • 0

#10
admin
Posted 17 October 2004 - 02:27 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

I accept there are a lot of difficult people in this world and just for the record I am a Volunteer in one or two of these Forums also and generally offer a lot of good advice and am duly thanked for it

Then I think you would understand my reaction. I am the site administrator, and owner of this site. I do not work for Microsoft. <_< I apologize if I overreacted to your comments. I have never banned anyone from this site, and I'm not banning you. :D In fact, if you'd like to become a helper here, we'd be glad to help you become one. :o

We encourage members to ask questions, and learn through this process. I'll let others make their own determination if they thought your replies were appropriate. Everyone here dedicates an incredible amount of time to this forum, and I'm going to jump in whenever I feel someone is abusing this forum, or any of our staff.

You did not provide a lot of detail on your original post, and there was nothing obviously wrong with your log. The_Other_Side simply suggested you scan for viruses and trojans before declaring your system clean.

This was an emergency situation? I would challenge you to post a Hijack This log on other sites to see what you're response time will be, but I don't want to create any additional work for our partner sites -- and I already know the answer. Some forums don't consider it a problem unless it's been at least five days since you've posted, other sites only answer about half their log requests, and some have quit doing them completely.

Congratulations! Your system is CLEAN :D

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :P
  • 0

#11
blackbeard
Posted 17 October 2004 - 03:07 PM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts

I apologize if I overreacted to your comments

You did not provide a lot of detail on your original post, >>
This was an emergency situation?

Dear Adminitrator,
I thank you for you apology in this respect - It shows strength of character and is duly noted! <_< Indeed, I accept that circumstances don't allow us to conquer all things in one bite but I actually believe my initial post provided 'too much' information for an initial post. Am sure for a majority of members posting of the hijackThis log comes a little later in the process!!!!!

Indeed if I had more knowledge in respect of the regitry and what to look out for and felt I could help out in someway I would gladly be of assistance... I am a little limited by bandwith though as I get only 450 Mb per month (that would not deter me from maybe the odd post or two at unsociable hours (we'll have to see!!!) :P .....

We encourage members to ask questions, and learn through this process.

I need not tell you the value of forums >> They're about the only way you ever grt to resolve a problem :D .................. Bog Standard Technical support - well lets just leave it up to 'technicians' to talk among themselve because they're not much use to the computing community at large!!! - another money spinning racket!!!!!!


These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .


It was actually through another forum that I got wind of Firefox - I duly downloaded it a couple of days back and it is now my primary!!!! (Don't like the fact that the Find in page tool does nothing at all!!!! - previous versions of Mozilla were like this too with lots of things doing nothing!!!!! :o

However I like it!!!! :D I also currenly run Netscape communicator 4.7, Opera 7.2, AOL 9 and Netscape 7.2. Needless to mention which browser I hate the most!!!!!!

Thanks for the tip re.Spyware Blaster................ I've heard of it and will give it a run!!!!

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

My system is thoroughly patched and up to date though I had very serious reservations about SP2 as an initial install resulted in having to reformat the HD and indeed I have created a patched boot version of my OS to full SP2 specification . Refer this article for details: How to create SP2 patched installation disk for WinXP. I run both the latest versions of the JavaSDL and JRE on my system.

Other than that you have my details in your database and I have granted administrators permissions to contact me...................... so please do and maybe I can put a name to all this and see what evolves from there - perhaps I can be of help in some way - perhaps not!!!!!! :D
  • 0

#12
admin
Posted 17 October 2004 - 03:12 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
We have staff members from all over the world. If you decide you'd like to help others with their problems, just contact me. We will help you learn everything you need to know <_<
  • 0

#13
blackbeard
Posted 18 October 2004 - 08:10 AM

blackbeard

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 36 posts
Will certainly do so!!!! I am going to Peru for a few weeks this coming Friday but when I return I would like to try and be of help.... It's dfficult to say what my strong points are at present. I tend to do as necessary and not think to much about it - this could be a good way of benchmarking my skills at the same time.

Just let me know then what I need do!!!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP