|
|
| Release List | Reviews | Price Search | Shop | Join | News | DVD Giveaways | Video Games | Advertise |
| DVD Reviews | Theatrical Reviews | Adult DVD Reviews | Video Game Reviews | Price Search | Buy Stuff Here |
|
|
|
|||||||
| Tech Talk Discuss PC Hardware, Software, Internet and Other Technology |
 |
|
|
Thread Tools |
07-24-04, 03:11 AM
|
#1 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
OE problems and that *&^%)(@(@ searchxl.com
I'm running Windows ME.
I guess I have two problems: 1) OE will not allow me to display the content of messages. It seems to d/l OK from Hotmail, but when I click on the message to read it, I get an unending hourglass and no content. I updated from M/S site the critical updates I needed and still no go. 2) EVERYTIME I boot up searchxl tries to hijack my search page. Spyguard catches it, but it continues to repeatedly try. I went under regedit and deleted the reference but something keeps trying to re-install it. This just stared repeating itself. Up until today it would just try to hijack once and then stop. For both of these problems I have run AVG, Spybot and Adaware. I went and googled every running processes that I saw and the only ones I couldn't find were Service, Osd and Vcobyeiv. Any info or links to help me research these problems would be appreciated. Also if it is best to re-install OE, will that erase messages that I have in my local folders. Thanks. Last edited by That'sAllFolks; 07-24-04 at 05:26 AM. |
|
|
07-24-04, 04:26 AM
|
#2 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Here is an update:
Shortly after I posted this I ran Adawar and got 10 problems. I fixed them. Cruised on DVDTalk a bit (Only going to a AOL page and that political flash with Kerry and Bush). I noticed that my machine started to run slow after I watched that Kerry/Bush flash and so I ran Adaware again -- NO PROBLEMS. So I reboot and run get the searchxl.com message again. I run Adaware and get 9 problems. Had some system problems (too much running) and rebooted again. Adaware brings 15 problems: Logfile below: No sure where to go from here. ANY SUGGESTIONS. BTW I also have the logfile from the scan with 10 problems (1st one mentioned -- but didn't want to make this TOO long) Lavasoft Ad-aware Personal Build 6.181 Logfile created on :Saturday, July 24, 2004 3:08:19 AM Created with Ad-aware Personal, free for private use. Using reference-file :01R333 18.07.2004 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry 7-24-2004 3:08:19 AM - Scan started. (Smart mode) Listing running processes ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ #:1 [kernel32.dll] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4279222427 Threads : 4 Priority : High FileSize : 524 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1991-2000 CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 OriginalFilename : KERNEL32.DLL ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:2 [msgsrv32.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294936187 Threads : 1 Priority : Normal FileSize : 11 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1992-1998 CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 OriginalFilename : MSGSRV32.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:3 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294862455 Threads : 1 Priority : Normal FileSize : 1 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk OriginalFilename : mmtask.tsk ProductName : Microsoft Windows Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:4 [mprexe.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294863947 Threads : 2 Priority : Normal FileSize : 28 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1993-2000 CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE OriginalFilename : MPREXE.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:5 [mstask.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294843679 Threads : 2 Priority : Normal FileSize : 124 KB FileVersion : 4.71.2721.1 ProductVersion : 4.71.2721.1 Copyright : Copyright (C) Microsoft Corp. 2000 CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler OriginalFilename : mstask.exe ProductName : Microsoft Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:6 [ssdpsrv.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294892479 Threads : 5 Priority : Normal FileSize : 55 KB FileVersion : 4.90.3003.0 ProductVersion : 4.90.3003.0 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : SSDP Service on Windows Millennium InternalName : ssdpsrv.exe OriginalFilename : ssdpsrv.exe ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 2/19/2004 10:42:10 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 12/13/2001 10:38:12 PM #:7 [avgserv9.exe] FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\ ProcessID : 4294874707 Threads : 2 Priority : Normal FileSize : 20 KB FileVersion : 6.0.1.374 ProductVersion : 6.0.1.374 Copyright : Copyright (c) GRISOFT, s.r.o. 1998-2002 CompanyName : GRISOFT, s.r.o FileDescription : AvgServ - displays notification message InternalName : AvgServ OriginalFilename : AvgServ ProductName : AVG6 Created on : 1/17/2004 6:27:02 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 1/13/2004 11:00:00 AM #:8 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM\ZONELABS\ ProcessID : 4294878999 Threads : 18 Priority : Normal FileSize : 893 KB FileVersion : 5.0.590.043 ProductVersion : 5.0.590.043 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon OriginalFilename : vsmon.exe ProductName : TrueVector Service Created on : 6/24/2004 3:53:15 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/16/2004 9:47:36 AM #:9 [devldr16.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294800883 Threads : 4 Priority : Normal FileSize : 37 KB FileVersion : 1, 0, 0, 15 ProductVersion : 1, 0, 0, 15 Copyright : Copyright CompanyName : Creative Technology Ltd. FileDescription : DevLdr16 InternalName : DevLdr OriginalFilename : DevLdr16.exe ProductName : Creative Ring3 NT Inteface Created on : 7/14/2001 4:41:59 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/5/2000 7:32:08 PM #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 4294816543 Threads : 18 Priority : Normal FileSize : 220 KB FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 6/8/2000 10:00:00 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:11 [stmgr.exe] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4294940167 Threads : 4 Priority : Normal FileSize : 60 KB FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe OriginalFilename : StateMgr.exe ProductName : Microsoft (r) PCHealth Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:12 [taskmon.exe] FilePath : C:\WINDOWS\ ProcessID : 4294652511 Threads : 1 Priority : Normal FileSize : 28 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1998 CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon OriginalFilename : TASKMON.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:13 [systray.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294702823 Threads : 2 Priority : Normal FileSize : 36 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1993-2000 CompanyName : Microsoft Corporation FileDescription : System Tray Applet InternalName : SYSTRAY OriginalFilename : SYSTRAY.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:14 [service.exe] FilePath : C:\PROGRAM FILES\DELL\SOLUTION CENTER\ ProcessID : 4294655003 Threads : 1 Priority : Normal FileSize : 324 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright FileDescription : Service Button Application InternalName : Service OriginalFilename : SERVICE.EXE ProductName : Service Application Created on : 11/22/2000 4:20:10 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/22/2000 4:20:10 PM #:15 [mmkeybd.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294698027 Threads : 1 Priority : Normal FileSize : 124 KB FileVersion : 1.00 ProductVersion : 1.00 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(tm) Hot Key InternalName : DellTouch Programmable Keys OriginalFilename : nhk.exe ProductName : DellTouch Programmable Keys Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 7:34:12 PM #:16 [ctmix32.exe] FilePath : C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\ ProcessID : 4294580115 Threads : 1 Priority : Normal FileSize : 20 KB FileVersion : 6.01.1 ProductVersion : 6.01.1 Copyright : Copyright (c) Creative Technology Ltd 1991-1999. CompanyName : Creative Technology Ltd. FileDescription : Creative Mixer Loader InternalName : Creative Mixer Loader OriginalFilename : CTMXLD32.EXE ProductName : Creative Mixer Loader Created on : 7/14/2001 4:41:10 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/18/1999 11:01:00 AM #:17 [wmiexe.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294690479 Threads : 4 Priority : Normal FileSize : 16 KB FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe OriginalFilename : wmiexe.exe ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:18 [itouch.exe] FilePath : C:\PROGRAM FILES\LOGITECH\ITOUCH\ ProcessID : 4294588475 Threads : 2 Priority : Normal FileSize : 872 KB FileVersion : 2.22.289 ProductVersion : 2.22.289 Copyright : (C) 1998-2003 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : iTouch Application InternalName : iTouch OriginalFilename : iTouch.exe ProductName : iTouch Created on : 6/3/2004 3:29:05 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 3/18/2004 2:33:26 PM #:19 [mmusbkb2.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294590743 Threads : 1 Priority : Normal FileSize : 48 KB FileVersion : 1.70 ProductVersion : 1.70 Copyright : Copyright CompanyName : Netropa Corporation FileDescription : USB Multimedia Keyboard Driver 2 InternalName : mmusbkb2 OriginalFilename : mmusbkb2.exe ProductName : USB Multimedia Keyboard Driver 2 Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 7:15:26 PM #:20 [avgcc32.exe] FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\ ProcessID : 4294608375 Threads : 1 Priority : Normal FileSize : 337 KB FileVersion : 6, 0, 0, 515 ProductVersion : 6, 0, 0, 0 Copyright : Copyright CompanyName : GRISOFT s.r.o. FileDescription : AVG Control Center InternalName : AvgCC32 OriginalFilename : AvgCC32.EXE ProductName : AVG Anti-Virus System Created on : 1/17/2004 6:27:02 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 1/13/2004 11:00:00 AM #:21 [realsched.exe] FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\ ProcessID : 4294616471 Threads : 2 Priority : Normal FileSize : 176 KB FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp OriginalFilename : realsched.exe ProductName : RealPlayer (32-bit) Created on : 6/1/2004 8:01:26 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/1/2004 8:01:28 AM #:22 [winmgmt.exe] FilePath : C:\WINDOWS\SYSTEM\WBEM\ ProcessID : 4294527367 Threads : 6 Priority : Normal FileSize : 192 KB FileVersion : 1.50.1164.0000 ProductVersion : 1.50.1164.0000 Copyright : Copyright (C) Microsoft Corp. 1995-1999 CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT ProductName : Windows Management Instrumentation Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:23 [qttask.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294540699 Threads : 2 Priority : Normal FileSize : 96 KB FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 CompanyName : Apple Computer, Inc. FileDescription : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 6/3/2004 6:38:01 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/3/2004 6:38:02 PM #:24 [vcobyeiv.exe] FilePath : C:\WINDOWS\ ProcessID : 4294511239 Threads : 1 Priority : Normal FileSize : 32 KB Copyright : tNa Created on : 6/10/2004 11:25:35 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/10/2004 11:25:36 PM #:25 [zlclient.exe] FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ ProcessID : 4294523939 Threads : 6 Priority : Normal FileSize : 681 KB FileVersion : 5.0.590.043 ProductVersion : 5.0.590.043 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient OriginalFilename : zlclient.exe ProductName : Zone Labs Client Created on : 6/24/2004 3:53:17 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/16/2004 9:48:24 AM #:26 [taskpanl.exe] FilePath : C:\PROGRAM FILES\EARTHLINK TOTALACCESS\ ProcessID : 4294647815 Threads : 2 Priority : Normal FileSize : 892 KB FileVersion : 2005.1.47.0 ProductVersion : 2005.1.47.0 CompanyName : EarthLink, Inc. ProductName : EarthLink TotalAccess Created on : 6/19/2004 3:04:06 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/19/2004 3:04:06 AM #:27 [traymon.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294500087 Threads : 1 Priority : Normal FileSize : 72 KB Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/19/2000 2:29:52 PM #:28 [em_exec.exe] FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\ ProcessID : 4294485519 Threads : 1 Priority : Normal FileSize : 37 KB FileVersion : 9.75.302 ProductVersion : 9.75.302 Copyright : (C) 1987-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec OriginalFilename : Em_Exec.exe ProductName : MouseWare Created on : 12/30/2003 4:41:50 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/21/2002 2:50:00 PM #:29 [wkcalrem.exe] FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\ ProcessID : 4294400975 Threads : 2 Priority : Normal FileSize : 24 KB FileVersion : 6.00.1828.1 ProductVersion : 6.00.1828.1 Copyright : Copyright CompanyName : Microsoft FileDescription : Microsoft InternalName : WkCalRem OriginalFilename : WKCALREM.EXE ProductName : Microsoft Created on : 8/10/2000 5:00:00 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/10/2000 5:00:00 PM #:30 [sgmain.exe] FilePath : C:\PROGRAM FILES\SPYWAREGUARD\ ProcessID : 4294511499 Threads : 1 Priority : Normal FileSize : 352 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC CompanyName : Copyright (C) 2002-2003 Javacool Software LLC FileDescription : SpywareGuard InternalName : sgmain OriginalFilename : sgmain.exe ProductName : SpywareGuard Created on : 8/30/2003 12:05:35 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/30/2003 12:05:36 AM #:31 [osd.exe] FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\ ProcessID : 4294545035 Threads : 1 Priority : Normal FileSize : 84 KB FileVersion : 2.01 ProductVersion : 2.01 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(tm) Onscreen Display InternalName : OSD OriginalFilename : osd.exe ProductName : Onscreen Display Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 11:26:24 PM #:32 [ad-aware.exe] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\ ProcessID : 4294421123 Threads : 2 Priority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 1/26/2004 6:07:28 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 7/13/2003 3:00:20 AM #:33 [sgbhp.exe] FilePath : C:\PROGRAM FILES\SPYWAREGUARD\ ProcessID : 4294360335 Threads : 2 Priority : Normal FileSize : 228 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC. CompanyName : Copyright (C) 2002-2003 Javacool Software LLC. FileDescription : SG Browser Hijacking Protection InternalName : sgbhp OriginalFilename : sgbhp.exe ProductName : SG Browser Hijacking Protection Created on : 8/29/2003 4:14:56 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/29/2003 4:14:58 PM #:34 [tapisrv.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294290231 Threads : 4 Priority : Normal FileSize : 120 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1994-1998 CompanyName : Microsoft Corporation FileDescription : Microsoft InternalName : Telephony Service OriginalFilename : TAPISRV.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM Memory scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ CoolWebSearch Object recognized! Type : RegData Data : http://www.searchxl.com/ie/ Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : SearchURL Data : http://www.searchxl.com/ie/ Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 1 Objects found so far: 1 Started deep registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URL.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Default_Search_URL Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet ExplorerSearchURL.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer Value : SearchURL Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URL.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Default_Search_URL Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bar.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainDefault_Search_URL.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer\Main Value : Default_Search_URL Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistant.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : .Default\Software\Microsoft\Internet ExplorerSearchURL.searchxl.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.searchxl.com/ie/" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer Value : SearchURL Data : "http://www.searchxl.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Search Value : CustomizeSearch Data : "about:blank" Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchCustomizeSearchabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer\Search Value : CustomizeSearch Data : "about:blank" Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 13 Objects found so far: 14 ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Deep scanning and examining files (C  ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Performing conditional scans.. ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ CoolWebSearch Object recognized! Type : RegValue Data : Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser Value : ITBarLayout Conditional scan result: ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 1 Objects found so far: 15 3:13:35 AM Scan complete Summary of this scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Total scanning time :00:05:16:40 Objects scanned :45539 Objects identified :15 Objects ignored :0 New objects :15 |
|
|
|
07-24-04, 05:41 AM
|
#3 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Don;t know if this is helpful, but it is a log form Hijack this.
THANKS. Logfile of HijackThis v1.98.0 Scan saved at 4:36:51 AM, on 7/24/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\VCOBYEIV.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: ienpwtub - {57165EE0-89C5-8E0D-CBE1-394693153C2B} - C:\WINDOWS\SYSTEM\IENPWTUB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [jbcoosn] C:\WINDOWS\vcobyeiv.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Winsock32driver] ZoneLockup.exe O4 - HKLM\..\Run: [IPConfig] ipconfigs.exe O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/sysreg.reg O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [IPConfig] ipconfigs.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/24cd025a993e23b...tzip/RdxIE.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25c2af0e74e0542...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O18 - Protocol hijack: mhtml - O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL |
|
|
|
07-24-04, 12:29 PM
|
#4 |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,667
|
Hi Tha'tsAllFolks.
Instructions on how to configure are at the bottom of the post 1)Configure AdAware forFullScan mode, 2)Update you defintions for AVG or try another virus/trojan scanner 3)Disable System Restore, then 3)Boot to safe mode Once in Safe Mode 1)Run AVG (set to scan ALL files including compressed(zipped Files) on your hard drives 2)Run AdAware in FullScan mode 3)RunHiJackThis Again and let it fix/delete these Items 4) Run CWShredder C:\WINDOWS\VCOBYEIV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/sysreg.reg O4 - HKLM\..\RunServices: [IPConfig] ipconfigs.exe (Trojan. see below for remedy) O4 - HKLM\..\Run: [IPConfig] ipconfigs.exe (Trojan. see below for remedy) (http://securityresponse.symantec.com...hacarmy.c.html) O18 - Protocol hijack: mhtml - O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL Make sure sure uncheck the safemode option in "msconfig" upon completion of this exersise to enter Xp Normally Boot into Windows XP Normally Run Adaware, and HiJackThis, scan with AVG and run CWShredder(post the new log here) When Clean,you can re-enable system Restore NOTE: You may want to consider to try FireFox, Mozilla or anything not IE or a shell of IE related. Essential Spyware, Hijacking prevention/monitoring tools: SpywareGuard SpywareBlaster Adaware HiJackThis http://www.majorgeeks.com/download3155.html Run a scan, when the scan is finshed then button will change to "save Log". Save the log to the hard drive. Open the log with notepad or any editor(make sure always open with is unchecked), copy and paste the contents here and I will look for anything suspicious. SpyBot BHO Demon 2.0 Use a HostFile (I think SW Guard includes this in the program) A registry/startup Monitor like regprot CWShredder http://www.majorgeeks.com/download4086.html 1) ADAWARE 6.181 In Ad-aware click the Gear to go to the Settings area. The following items should be on a green check, not on a red X. Under the Scanning button: Scan within archives Under Memory & Registry, Check EVERYTHING In Check Drives & Folders, make sure all of your hard drives are selected Under the Advanced button, check ALL under Log detail level (this makes it easier for visitors to the Lavasoft Support Forums to see what options you have selected should you require assistance.) Under the Tweak button... Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item. In Scanning Engine: Unload recognized processes during scanning Include info about ignored objects in logfile, if detected in scan Include basic Ad-aware settings in logfile Include additional Ad-aware settings in logfile Include used command line parameters in logfile In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion Let Windows remove files in use at next reboot UNCHECK: Automatically try to unregister objects prior to deletion Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom. 2)SYSTEM RESTORE IN XP: To turn off Windows XP System Restore 1. Click Start > Programs > Accessories > Windows Explorer 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box. 5.Click Apply. The a confirmation message appears. 6. This will delete all existing restore points. Click Yes to do this. 7. Click OK. 8. Proceed with what you need to do. For example, removing viruses. Restart the computer and follow the instructions in the next section to turn on System Restore. 3)Entering Safemode the Easy way (or you can use F8 at startup) Click on Start, then Run. In the Run dialog box type "msconfig" and press enter to start the MSCONFIG utility click on the Boot.ini tab you will see some checkboxes at the bottom under Boot Options. Click the checkbox next to /SAFEBOOT and select Minimal.
__________________
Have Spyware/Popups? Read me first! Last edited by 68ShelbyGT500KR; 07-24-04 at 12:32 PM. |
|
|
|
07-24-04, 11:24 PM
|
#5 | ||
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Thank you so much for taking the time to give me this detail explanation in taking care of these problems. I think for the most part they are fixed. My OS is WinME and so a couple of differences occurred. I've explained below. OE seems to be OK now and the attempts to hijack the search occurred after my first book, but not after my second. Actually I tthink that ZoneAlarm just detetected a setting back the way it SHOULD have been and asked my permission because they were all going FROM searchxl.com to something else.
I will post the logfiles for hijack and Adaware in the next two posts. QUESTION: Should I contine to run Adaware customized or should I switch back to automatic mode? Quote:
Quote:
|
||
|
|
|
07-24-04, 11:34 PM
|
#6 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
HijackThis Log file
Logfile of HijackThis v1.98.0
Scan saved at 8:05:24 PM, on 7/24/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\DELL\SOLUTION CENTER\SERVICE.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\VCOBYEIV.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\001\PROGRAMS\VIRUS PROTECTION\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mor...on/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: ienpwtub - {57165EE0-89C5-8E0D-CBE1-394693153C2B} - C:\WINDOWS\SYSTEM\IENPWTUB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [jbcoosn] C:\WINDOWS\vcobyeiv.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Winsock32driver] ZoneLockup.exe O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/24cd025a993e23b...tzip/RdxIE.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25c2af0e74e0542...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab |
|
|
|
07-24-04, 11:35 PM
|
#7 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Adaware Log file after boot
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, July 24, 2004 7:48:35 PM Created with Ad-aware Personal, free for private use. Using reference-file :01R333 18.07.2004 ______________________________________________________ Reffile status: ========================= Reference file loaded: Reference Number : 01R333 18.07.2004 Internal build : 265 File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref Total size : 1314436 Bytes Signature data size : 1293449 Bytes Reference data size : 20923 Bytes Signatures total : 28676 Target categories : 10 Target families : 526 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:4 % Total physical memory:130088 kb Available physical memory:6616 kb Total page file size:1967060 kb Available on page file:1816896 kb Total virtual memory:2093056 kb Available virtual memory:2040960 kb OS:Windows (ME) Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-aware Settings ========================= Set : Unload recognized processes during scanning Set : Include basic Ad-aware settings in logfile Set : Include additional Ad-aware settings in logfile Set : Let windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Always back up reference file, before updating Set : Play sound if scan produced a result 7-24-2004 7:48:35 PM - Scan started. (Custom mode) Listing running processes ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ #:1 [kernel32.dll] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4279224797 Threads : 4 Priority : High FileSize : 524 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1991-2000 CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 OriginalFilename : KERNEL32.DLL ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:2 [msgsrv32.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294938429 Threads : 1 Priority : Normal FileSize : 11 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1992-1998 CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 OriginalFilename : MSGSRV32.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:3 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294864689 Threads : 1 Priority : Normal FileSize : 1 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk OriginalFilename : mmtask.tsk ProductName : Microsoft Windows Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:4 [mprexe.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294862093 Threads : 2 Priority : Normal FileSize : 28 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1993-2000 CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE OriginalFilename : MPREXE.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:5 [mstask.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294841477 Threads : 2 Priority : Normal FileSize : 124 KB FileVersion : 4.71.2721.1 ProductVersion : 4.71.2721.1 Copyright : Copyright (C) Microsoft Corp. 2000 CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler OriginalFilename : mstask.exe ProductName : Microsoft Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:6 [ssdpsrv.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294845357 Threads : 6 Priority : Normal FileSize : 55 KB FileVersion : 4.90.3003.0 ProductVersion : 4.90.3003.0 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : SSDP Service on Windows Millennium InternalName : ssdpsrv.exe OriginalFilename : ssdpsrv.exe ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 2/19/2004 10:42:10 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 12/13/2001 10:38:12 PM #:7 [avgserv9.exe] FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\ ProcessID : 4294885833 Threads : 2 Priority : Normal FileSize : 20 KB FileVersion : 6.0.1.374 ProductVersion : 6.0.1.374 Copyright : Copyright (c) GRISOFT, s.r.o. 1998-2002 CompanyName : GRISOFT, s.r.o FileDescription : AvgServ - displays notification message InternalName : AvgServ OriginalFilename : AvgServ ProductName : AVG6 Created on : 1/17/2004 6:27:02 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 1/13/2004 11:00:00 AM #:8 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM\ZONELABS\ ProcessID : 4294872961 Threads : 16 Priority : Normal FileSize : 893 KB FileVersion : 5.0.590.043 ProductVersion : 5.0.590.043 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon OriginalFilename : vsmon.exe ProductName : TrueVector Service Created on : 6/24/2004 3:53:15 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/16/2004 9:47:36 AM #:9 [devldr16.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294901417 Threads : 3 Priority : Normal FileSize : 37 KB FileVersion : 1, 0, 0, 15 ProductVersion : 1, 0, 0, 15 Copyright : Copyright CompanyName : Creative Technology Ltd. FileDescription : DevLdr16 InternalName : DevLdr OriginalFilename : DevLdr16.exe ProductName : Creative Ring3 NT Inteface Created on : 7/14/2001 4:41:59 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/5/2000 7:32:08 PM #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 4294896405 Threads : 19 Priority : Normal FileSize : 220 KB FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 6/8/2000 10:00:00 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:11 [stmgr.exe] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4294771189 Threads : 4 Priority : Normal FileSize : 60 KB FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe OriginalFilename : StateMgr.exe ProductName : Microsoft (r) PCHealth Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:12 [taskmon.exe] FilePath : C:\WINDOWS\ ProcessID : 4294650117 Threads : 1 Priority : Normal FileSize : 28 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1998 CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon OriginalFilename : TASKMON.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:13 [systray.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294697829 Threads : 2 Priority : Normal FileSize : 36 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1993-2000 CompanyName : Microsoft Corporation FileDescription : System Tray Applet InternalName : SYSTRAY OriginalFilename : SYSTRAY.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:14 [service.exe] FilePath : C:\PROGRAM FILES\DELL\SOLUTION CENTER\ ProcessID : 4294599457 Threads : 1 Priority : Normal FileSize : 324 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright FileDescription : Service Button Application InternalName : Service OriginalFilename : SERVICE.EXE ProductName : Service Application Created on : 11/22/2000 4:20:10 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/22/2000 4:20:10 PM #:15 [mmkeybd.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294580809 Threads : 1 Priority : Normal FileSize : 124 KB FileVersion : 1.00 ProductVersion : 1.00 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(tm) Hot Key InternalName : DellTouch Programmable Keys OriginalFilename : nhk.exe ProductName : DellTouch Programmable Keys Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 7:34:12 PM #:16 [ctmix32.exe] FilePath : C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\ ProcessID : 4294597705 Threads : 1 Priority : Normal FileSize : 20 KB FileVersion : 6.01.1 ProductVersion : 6.01.1 Copyright : Copyright (c) Creative Technology Ltd 1991-1999. CompanyName : Creative Technology Ltd. FileDescription : Creative Mixer Loader InternalName : Creative Mixer Loader OriginalFilename : CTMXLD32.EXE ProductName : Creative Mixer Loader Created on : 7/14/2001 4:41:10 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/18/1999 11:01:00 AM #:17 [wmiexe.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294692933 Threads : 4 Priority : Normal FileSize : 16 KB FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 Copyright : Copyright (C) Microsoft Corp. 1981-1999 CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe OriginalFilename : wmiexe.exe ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:18 [mmusbkb2.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294625653 Threads : 1 Priority : Normal FileSize : 48 KB FileVersion : 1.70 ProductVersion : 1.70 Copyright : Copyright CompanyName : Netropa Corporation FileDescription : USB Multimedia Keyboard Driver 2 InternalName : mmusbkb2 OriginalFilename : mmusbkb2.exe ProductName : USB Multimedia Keyboard Driver 2 Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 7:15:26 PM #:19 [itouch.exe] FilePath : C:\PROGRAM FILES\LOGITECH\ITOUCH\ ProcessID : 4294887437 Threads : 2 Priority : Normal FileSize : 872 KB FileVersion : 2.22.289 ProductVersion : 2.22.289 Copyright : (C) 1998-2003 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : iTouch Application InternalName : iTouch OriginalFilename : iTouch.exe ProductName : iTouch Created on : 6/3/2004 3:29:05 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 3/18/2004 2:33:26 PM #:20 [avgcc32.exe] FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\ ProcessID : 4294639077 Threads : 1 Priority : Normal FileSize : 337 KB FileVersion : 6, 0, 0, 515 ProductVersion : 6, 0, 0, 0 Copyright : Copyright CompanyName : GRISOFT s.r.o. FileDescription : AVG Control Center InternalName : AvgCC32 OriginalFilename : AvgCC32.EXE ProductName : AVG Anti-Virus System Created on : 1/17/2004 6:27:02 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 1/13/2004 11:00:00 AM #:21 [realsched.exe] FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\ ProcessID : 4294619065 Threads : 2 Priority : Normal FileSize : 176 KB FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp OriginalFilename : realsched.exe ProductName : RealPlayer (32-bit) Created on : 6/1/2004 8:01:26 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/1/2004 8:01:28 AM #:22 [qttask.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294525521 Threads : 2 Priority : Normal FileSize : 96 KB FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 CompanyName : Apple Computer, Inc. FileDescription : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 6/3/2004 6:38:01 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/3/2004 6:38:02 PM #:23 [winmgmt.exe] FilePath : C:\WINDOWS\SYSTEM\WBEM\ ProcessID : 4294532837 Threads : 5 Priority : Normal FileSize : 192 KB FileVersion : 1.50.1164.0000 ProductVersion : 1.50.1164.0000 Copyright : Copyright (C) Microsoft Corp. 1995-1999 CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT ProductName : Windows Management Instrumentation Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:24 [vcobyeiv.exe] FilePath : C:\WINDOWS\ ProcessID : 4294530593 Threads : 1 Priority : Normal FileSize : 32 KB Copyright : Created on : 6/10/2004 11:25:35 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/10/2004 11:25:36 PM #:25 [zlclient.exe] FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ ProcessID : 4294511925 Threads : 6 Priority : Normal FileSize : 681 KB FileVersion : 5.0.590.043 ProductVersion : 5.0.590.043 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient OriginalFilename : zlclient.exe ProductName : Zone Labs Client Created on : 6/24/2004 3:53:17 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/16/2004 9:48:24 AM #:26 [em_exec.exe] FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\ ProcessID : 4294543981 Threads : 1 Priority : Normal FileSize : 37 KB FileVersion : 9.75.302 ProductVersion : 9.75.302 Copyright : (C) 1987-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec OriginalFilename : Em_Exec.exe ProductName : MouseWare Created on : 12/30/2003 4:41:50 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 11/21/2002 2:50:00 PM #:27 [taskpanl.exe] FilePath : C:\PROGRAM FILES\EARTHLINK TOTALACCESS\ ProcessID : 4294463673 Threads : 2 Priority : Normal FileSize : 892 KB FileVersion : 2005.1.47.0 ProductVersion : 2005.1.47.0 CompanyName : EarthLink, Inc. ProductName : EarthLink TotalAccess Created on : 6/19/2004 3:04:06 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/19/2004 3:04:06 AM #:28 [wkcalrem.exe] FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\ ProcessID : 4294507449 Threads : 2 Priority : Normal FileSize : 24 KB FileVersion : 6.00.1828.1 ProductVersion : 6.00.1828.1 Copyright : Copyright CompanyName : Microsoft FileDescription : Microsoft InternalName : WkCalRem OriginalFilename : WKCALREM.EXE ProductName : Microsoft Created on : 8/10/2000 5:00:00 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/10/2000 5:00:00 PM #:29 [traymon.exe] FilePath : C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\ ProcessID : 4294480545 Threads : 1 Priority : Normal FileSize : 72 KB Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/19/2000 2:29:52 PM #:30 [sgmain.exe] FilePath : C:\PROGRAM FILES\SPYWAREGUARD\ ProcessID : 4294490781 Threads : 1 Priority : Normal FileSize : 352 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC CompanyName : Copyright (C) 2002-2003 Javacool Software LLC FileDescription : SpywareGuard InternalName : sgmain OriginalFilename : sgmain.exe ProductName : SpywareGuard Created on : 8/30/2003 12:05:35 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/30/2003 12:05:36 AM #:31 [osd.exe] FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\ ProcessID : 4294392541 Threads : 1 Priority : Normal FileSize : 84 KB FileVersion : 2.01 ProductVersion : 2.01 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa(tm) Onscreen Display InternalName : OSD OriginalFilename : osd.exe ProductName : Onscreen Display Created on : 7/14/2001 4:40:30 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 9/21/2000 11:26:24 PM #:32 [sgbhp.exe] FilePath : C:\PROGRAM FILES\SPYWAREGUARD\ ProcessID : 4294311965 Threads : 2 Priority : Normal FileSize : 228 KB FileVersion : 2.02.0001 ProductVersion : 2.02.0001 Copyright : Copyright (C) 2002-2003 Javacool Software LLC. CompanyName : Copyright (C) 2002-2003 Javacool Software LLC. FileDescription : SG Browser Hijacking Protection InternalName : sgbhp OriginalFilename : sgbhp.exe ProductName : SG Browser Hijacking Protection Created on : 8/29/2003 4:14:56 PM Last accessed : 7/24/2004 5:00:00 AM Last modified : 8/29/2003 4:14:58 PM #:33 [tapisrv.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294241953 Threads : 4 Priority : Normal FileSize : 120 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1994-1998 CompanyName : Microsoft Corporation FileDescription : Microsoft InternalName : Telephony Service OriginalFilename : TAPISRV.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/24/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:34 [ad-aware.exe] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\ ProcessID : 4294502257 Threads : 2 Priority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 1/26/2004 6:07:28 AM Last accessed : 7/24/2004 5:00:00 AM Last modified : 7/13/2003 3:00:20 AM Memory scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started deep registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Deep scanning and examining files (C ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Roings Object recognized! Type : File Data : a0660865.cpy Category : Malware Comment : Object : C:\_RESTORE\TEMP\ FileSize : 44 KB Copyright : |
|
|
|
07-25-04, 06:44 AM
|
#8 |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,667
|
Tha'tsAllFolks. Part 2
Sorry about the OS, I didn't see that you were using Win ME.I was assuning XP. To Disable system restore Windows ME 1) Click Start > Settings > Control Panel. 2) Double-click the System icon. Note: If the System icon is not visible, click "View all Control Panel options" to display it. 3) On the Performance tab click File System. 4) Click the Troubleshooting tab, and then check Disable System Restore 5) Click OK. Click Yes, when you are prompted to restart Windows. Boot into Safemode in Windows 98 and ME (without the F8 key at startup) 1) Close all open programs. 2) Click Start > Run. The Run dialog box appears. 3) Type msconfig and then click OK 4) In the Advanced Troubleshooting Settings dialog box, check Enable Startup Menu.Click OK. Click OK again when the System Configuration Utility reappears. 5) You will be prompted to restart the computer. Click Yes. The computer will restart in Safe mode. (This can take several minutes.) When you have disabled System Restore and are in SafeMode do the following: Enable the task manager via CTRL ALT Del ( it should have a list of apps running/processes) Highlight and stop these 2 processes: VCOBYEIV.EXE and DDHELP.EXE Once stopped, go to Windows Explorer and navigate to these locations and delete the files. If it gives an error message and won't delete, try to right click on the file and select "properties" and un-check "read only: and change to "archive".Click OK. Try to delete again C:\WINDOWS\VCOBYEIV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE Run Adaware is customized (detailed), like before and remove anything it finds. Run HijackThis and let it Fix these items. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mo...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.search/sp.php R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [jbcoosn] C:\WINDOWS\vcobyeiv.exe Save log, reboot into Windows Normally and re-post your log. Did you run a full AVG virus scan? I keep my Adaware set for the full scan(though it takes longer to run) but you can do waht you want at your discretion. Let's make sure your system is totally clean first! Sorry about the OS Problem.
__________________
Have Spyware/Popups? Read me first! |
|
|
|
07-29-04, 12:06 PM
|
#9 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Thanks for taking the time to update this for ME. I have been really busy the last couple of days and have not had the time to try this until now.
First I could not delete VCOBYEIV.EXE and DDHELP.EXE in Safe Mode. They were not there in the task mamanger. So, I re-booted back into Normal and deleted them as explained. I then went back into Safe Mode and ran Adaware. I then ran HiJackThis twice. Once deleting the processes listed and then an "after" image. The log posted is the "after" image log. Also I assume I should back out of "Disablie System Restore" now that I'm finished. I still have it checked and was planning on unchecking it when I finished running AVG. BTW, I think I am running a full scan. All the boxes are checked in the email scanner tab and the check virus part of Resident Shield. Anyway I will be running that as soon as I finish posting the logs here. Thanks again for your detailed explanation. I am archiving this info in case this happens again. |
|
|
|
07-29-04, 12:07 PM
|
#10 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
HiJackThis "after" log
Logfile of HijackThis v1.98.0
Scan saved at 10:27:26 AM, on 7/29/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\001\PROGRAMS\VIRUS PROTECTION\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: ienpwtub - {57165EE0-89C5-8E0D-CBE1-394693153C2B} - C:\WINDOWS\SYSTEM\IENPWTUB.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [DellSC] C:\Program Files\Dell\Solution Center\service.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Winsock32driver] ZoneLockup.exe O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/24cd025a993e23b...tzip/RdxIE.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25c2af0e74e0542...p/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/system...SysProfLCD.CAB O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab |
|
|
|
07-29-04, 12:08 PM
|
#11 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
Adaware log - run before HiJackThis
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Thursday, July 29, 2004 9:57:10 AM Created with Ad-aware Personal, free for private use. Using reference-file :01R334 24.07.2004 ______________________________________________________ Reffile status: ========================= Reference file loaded: Reference Number : 01R334 24.07.2004 Internal build : 268 File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref Total size : 1316091 Bytes Signature data size : 1295051 Bytes Reference data size : 20976 Bytes Signatures total : 28648 Target categories : 10 Target families : 528 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:63 % Total physical memory:130108 kb Available physical memory:54336 kb Total page file size:1967040 kb Available on page file:1967040 kb Total virtual memory:2093056 kb Available virtual memory:2043328 kb OS:Windows (ME) Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-aware Settings ========================= Set : Unload recognized processes during scanning Set : Include basic Ad-aware settings in logfile Set : Include additional Ad-aware settings in logfile Set : Let windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Always back up reference file, before updating Set : Play sound if scan produced a result 7-29-2004 9:57:10 AM - Scan started. (Custom mode) Listing running processes ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ #:1 [kernel32.dll] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4279205789 Threads : 4 Priority : High FileSize : 524 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1991-2000 CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 OriginalFilename : KERNEL32.DLL ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/29/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:2 [msgsrv32.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294949245 Threads : 1 Priority : Normal FileSize : 11 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1992-1998 CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 OriginalFilename : MSGSRV32.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/29/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:3 [mprexe.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294944017 Threads : 1 Priority : Normal FileSize : 28 KB FileVersion : 4.90.3000 ProductVersion : 4.90.3000 Copyright : Copyright (C) Microsoft Corp. 1993-2000 CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE OriginalFilename : MPREXE.EXE ProductName : Microsoft(R) Windows(R) Millennium Operating System Created on : 1/1/1601 Last accessed : 7/29/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:4 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 4294847349 Threads : 9 Priority : Normal FileSize : 220 KB FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft(R) Windows (R) 2000 Operating System Created on : 6/8/2000 10:00:00 PM Last accessed : 7/29/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:5 [stmgr.exe] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4294791517 Threads : 5 Priority : Normal FileSize : 60 KB FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 Copyright : Copyright (C) Microsoft Corp. 1981-2000 CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe OriginalFilename : StateMgr.exe ProductName : Microsoft (r) PCHealth Created on : 1/1/1601 Last accessed : 7/29/2004 5:00:00 AM Last modified : 6/8/2000 10:00:00 PM #:6 [ddhelp.exe] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294705873 Threads : 2 Priority : Realtime FileSize : 32 KB FileVersion : 4.09.00.0900 ProductVersion : 4.09.00.0900 Copyright : Copyright CompanyName : Microsoft Corporation FileDescription : Microsoft DirectX Helper InternalName : DDHelp.exe OriginalFilename : DDHelp.exe ProductName : Microsoft Created on : 7/29/2004 2:48:16 PM Last accessed : 7/29/2004 5:00:00 AM Last modified : 12/12/2002 5:14:32 AM #:7 [ad-aware.exe] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\ ProcessID : 4294774517 Threads : 2 Priority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 1/26/2004 6:07:28 AM Last accessed : 7/29/2004 5:00:00 AM Last modified : 7/13/2003 3:00:20 AM Memory scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started deep registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Deep scanning and examining files (C ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Tracking Cookie Object recognized! Type : File Data : anyuser@www4.yesadvertising[1].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/29/2004 4:53:27 AM Last accessed : 7/28/2004 5:00:00 AM Last modified : 7/29/2004 4:53:28 AM Tracking Cookie Object recognized! Type : File Data : default@revenue[2].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/27/2004 4:59:07 AM Last accessed : 7/26/2004 5:00:00 AM Last modified : 7/27/2004 4:59:08 AM Tracking Cookie Object recognized! Type : File Data : anyuser@casalemedia[2].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/29/2004 6:32:51 AM Last accessed : 7/29/2004 5:00:00 AM Last modified : 7/29/2004 6:32:52 AM Tracking Cookie Object recognized! Type : File Data : anyuser@maxserving[1].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/27/2004 4:45:54 PM Last accessed : 7/27/2004 5:00:00 AM Last modified : 7/27/2004 4:45:56 PM Tracking Cookie Object recognized! Type : File Data : anyuser@www2.yesadvertising[1].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/28/2004 6:22:35 PM Last accessed : 7/28/2004 5:00:00 AM Last modified : 7/28/2004 6:22:36 PM Tracking Cookie Object recognized! Type : File Data : anyuser@www.stopzilla[2].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/28/2004 5:03:25 AM Last accessed : 7/28/2004 5:00:00 AM Last modified : 7/28/2004 5:03:26 AM Tracking Cookie Object recognized! Type : File Data : anyuser@server.iad.liveperson[1].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/29/2004 4:53:31 AM Last accessed : 7/28/2004 5:00:00 AM Last modified : 7/29/2004 4:53:32 AM Tracking Cookie Object recognized! Type : File Data : anyuser@zedo[1].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/29/2004 6:32:55 AM Last accessed : 7/29/2004 5:00:00 AM Last modified : 7/29/2004 6:32:56 AM Tracking Cookie Object recognized! Type : File Data : anyuser@revenue[2].txt Category : Data Miner Comment : Object : C:\WINDOWS\Cookies\ Created on : 7/29/2004 6:32:52 AM Last accessed : 7/29/2004 5:00:00 AM Last modified : 7/29/2004 6:32:54 AM Disk scan result for C:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 9 Performing conditional scans.. ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Conditional scan result: ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 9 10:07:55 AM Scan complete Summary of this scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Total scanning time :00:10:45:100 Objects scanned :158923 Objects identified :9 Objects ignored :0 New objects :9 |
|
|
|
07-29-04, 07:12 PM
|
#12 |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,667
|
Run HijkackThis and let it fix this line.
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL The Purpose of disabling System Restore is to "flush" viruses, trojans and any other parasites from your system. Once you let HijackThis Fix the 1 "03" item above, Re-Run HijackThis to make sure it is gone. After is is Confirmed gone, go ahead and enable System Restore. Your system should be running normal. Keep Everything updated and scan weekly.
__________________
Have Spyware/Popups? Read me first! |
|
|
|
08-03-04, 04:35 PM
|
#13 |
|
Senior Member
Join Date: Jul 2004
Posts: 830
|
To 68ShelbyGT500KR:
A THOUSAND THANKS!!!!!!  |
|
|
|
08-03-04, 08:27 PM
|
#14 | |
|
DVD Talk Gold Edition
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,667
|
Quote:
So, Is everything is back to normal?? Post your latest HijackThis Log to confirm!
__________________
Have Spyware/Popups? Read me first! |
|
|
|
|
| Thread Tools | |
|
|
