Computer Hope

Software => Computer viruses and spyware => Topic started by: franke on February 28, 2008, 07:55:34 AM

Title: HiJackThis problem
Post by: franke on February 28, 2008, 07:55:34 AM

http://www.esnips.com/doc/644030a2-7734-4e54-8c35-c4ed335d4ede/HiJack-1
Hello
This is a copy of a section of my Hi Jack This File.
I was unable to transmit the origional.
If you can use this to determine unwanted stuff,I have 4 more to cover the entire set.
Patio is aware of my problem
Thanks
Frank

Title: Re: HiJackThis problem
Post by: patio on February 28, 2008, 10:08:29 AM

Please see the last Post Here (http://www.computerhope.com/forum/index.php/topic,46313.0.html) for instructions on how to Post your required logs....

Title: Re: HiJackThis problem
Post by: franke on February 28, 2008, 11:57:28 AM

Patio
To establish my level of computer knowledge,consider this:
I have insalled these safeguards,over time.
Drive Cleaner
Lavasoft Ad Aware SE Personal
Advisor Personal
Belarc Advisor
Firefox Setup 1.5
I ran the Drive Cleaner a couple of days ago.
Should I disinstall any of them?
Thanks
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on February 28, 2008, 02:05:01 PM

Patio is referring to this post (http://www.computerhope.com/forum/index.php/topic,46313.msg316477.html#msg316477) which shows how to attach items to your post.

Title: Re: HiJackThis problem
Post by: franke on February 28, 2008, 06:18:30 PM

Hello
I try again

[file cleanup - saving space - attachment deleted by admin]

Title: Re: HiJackThis problem
Post by: franke on February 28, 2008, 06:20:23 PM

I dunno,
Is it there?
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on February 28, 2008, 06:52:18 PM

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Experience Technology

If you have trouble removing Viewpoint, I suggest that you use ViewpointKiller (http://"http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip")

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
Run ViewpointKiller, and select File > Do All Killings
Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.

----------

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.

Link 1 (http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html")
Link 2 (http://"http://www.besttechie.net/tools/mbam-setup.exe")

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location such as the desktop.
Copy and Paste that log into your next reply.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

----------

Next post add
MBAM log
Also post a NEW Hijackthis log

Title: Re: HiJackThis problem
Post by: franke on February 29, 2008, 05:50:52 PM

Hello
I cannot access either Link 1, nor link 2.
I googled malware,and found several anti malware downloads.I chose "Spyware Doctor",and installed it.
Is that the correct One?Three others are:"Stopzilla",Lumgnsion Security"and"Malware Bot".
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on February 29, 2008, 05:53:42 PM

Please use this link

www.besttechie.net/tools/mbam-setup.exe

Some of those you listed are rouge malware tools.

Title: Re: HiJackThis problem
Post by: franke on March 01, 2008, 07:30:27 AM

Thanks,Evil
I downloaded the 'malware"program at the website that you provided.
I ran it for over an hour to scan and delete bad files. When I clicked "log",I was presented with my adobe photoshop files.
I ran it again,full scan,as before,with the same results.
I then tried a quick scan and still got my adobe pictures.
I will try to locate "notepad" on my computer.
What else should I do?
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 01, 2008, 12:04:44 PM

You could post a new Hijackthis log and lets see how that looks.

Title: Re: HiJackThis problem
Post by: franke on March 01, 2008, 01:37:02 PM

Evil
When I click the "quarentine"tab,I get a list of all the infected files
Should I delete them?
will do a new "HiJackThis"
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 01, 2008, 01:46:26 PM

They are not doing any harm in there, you can remove them if they are all malware related. Could you get the log to open? Try right clicking it and choose Open With... then select Notepad.

Title: Re: HiJackThis problem
Post by: franke on March 01, 2008, 02:00:02 PM

http://www.esnips.com/doc/44a841b9-1891-4e48-8763-700f76278ac2/hijackthis
Evil
This is the new hijack this file.
Frank

[file cleanup - saving space - attachment deleted by admin]

Title: Re: HiJackThis problem
Post by: evilfantasy on March 01, 2008, 02:22:19 PM

Download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) to your Desktop.

Extract all the files to your Destop.
A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter
- This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
- When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
  - This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
- Please attach that log in your next reply.

Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

[INDENT]

http://www.beyondlogic.org/consulting/processutil/processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

[/INDENT]

----------

Create An Uninstall List

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
Copy and paste that list in your reply.

.
----------

Next post
Smitfraud log
Uninstall list

Title: Re: HiJackThis problem
Post by: franke on March 02, 2008, 07:55:43 AM

evilfantasy
I saed the "smithfraud" to my desktop.But when I opened it I found 19 files;but not "smitfraudfix.cmd "I did find "smithfraudfix"without the ending.
"cmd"It merely started the operation all over again.
HOWEVER,I did,on my last preceeding post,supply a "HiJackThis" file
Was that of any value?
I will redo the "smitfraud" thing.
Frank

Title: Re: HiJackThis problem
Post by: franke on March 02, 2008, 08:17:25 AM

evilfantasy
When i reran the smitfraud,I got this response from Windows System 32."joedanger is not afiliatedwith smitfraudfix in any way.
Who is joedanger?
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 02, 2008, 11:12:58 AM

I need the log.

Title: Re: HiJackThis problem
Post by: franke on March 02, 2008, 02:16:50 PM

evilfantasy
Here is the log
Frankhttp://www.esnips.com/doc/f1e454d3-b7da-4a11-84b7-f6959995b42d/SmitfraudFix

Title: Re: HiJackThis problem
Post by: evilfantasy on March 02, 2008, 02:25:16 PM

Broken link.

If you can't attach it here for whatever reason please go here http://savefile.com/

There is no need to sign up, just upload the file and post the link to it here.

Title: Re: HiJackThis problem
Post by: franke on March 02, 2008, 07:35:59 PM

SmitfuedFix
evil
This is it
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 02, 2008, 07:40:21 PM

Read my post mate, it's a broken link, I cant view it.

Broken Link
The link you clicked on is not complete.
If you clicked a link within an e-mail message, please verify that the link was not broken in the middle.
If it is broken, copy and paste the entire link into your browser.
You will be redirected to the eSnips home in a few seconds...

Title: Re: HiJackThis problem
Post by: franke on March 03, 2008, 02:03:35 PM

evilfantasy
I ran that malwarefix program again,and got this,when I seleted "log",before switching to adobe photos."the file is damaged or an unsupported format"
When I selected"quarentine" and then "log" I got this ;"error 708(0) contact Malware.
I emailed them;expect an answer tomorrow.
I will try again,after supper,to get something ffor you to examine.
Frank

Title: Re: HiJackThis problem
Post by: franke on March 04, 2008, 10:43:17 AM

evilfantasy
I'm all tapped out.
I'm 78 years old,and this is not a "challenge"any more;it's a "chore".
I will live with my imperfect computer for now.
Maybe later,I'll try again.
But I wish that you would do me a favor.
Reply#2 included some anti trouble programs that I had installed over time.
Lava Soft Ad Aware CE
Adwisor Personal
Belarc Advisor
Firefox Setup 1.5
Drive Cleaner
Should I disinstall any of them?
also Reply #13 included a "HiJackThis" log.
Could that be evaluated?
Thanks
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 04, 2008, 10:48:24 AM

Lets try this and see if it gets any results. I know this can all be taxing on the nerves so hopefully it will help.

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.

Link 1 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Link 2 (http://www.besttechie.net/tools/mbam-setup.exe)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------

Next post please add the malwareBytes log.

Title: Re: HiJackThis problem
Post by: franke on March 05, 2008, 08:27:39 AM

evilfantay
I followed your latest instructions.
Link#1 wasa $20 program that found 590 errors on my computer.I declined,and went to link#2.It was the same one that I had tried before;with the same results."no errors found"I had quarantined them the last time.
When I clicked"log"I got the same error message"damaged file or unsupported format"
I was going to do a run with my old Drive Cleaner,but it somehow got deleted from my computer.Could the new reg cleaner have replaced it?
I would appreciate some remark about the prograns that I asked about last time.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 05, 2008, 08:42:51 AM

The old drive cleaner got deleted by MBAM because it is a malicious program.

The links I gave were to the free version, you should not have to pay for anything I suggest.

Download>> Superantispyware.exe (http://filehippo.com/download/a56df29778b04ebde93939bf03e837ec/download/)<< Do a full system scan with it and remove what is found.

Title: Re: HiJackThis problem
Post by: franke on March 05, 2008, 01:04:31 PM

evil
sorry;
I must have clicked on a wrong item in the 1st link.Wheni tried it the second time,it was for free.I also ran the super anti spy program.
I now have over a dozen programs on my computer.
REg Clean Malware anti Registry Booster HiJackThis Digital Line Detect Lavasoft Ad Advare SE aawsepersonal advisor belarc Belarc Advisor Firefox Setup 1,5 ieg6setup Version Tracker psa30se_en_us
Please advise as to which of these I can live better without.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 05, 2008, 01:06:41 PM

Create An Uninstall List

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
Copy and paste that list in your reply.

Title: Re: HiJackThis problem
Post by: franke on March 06, 2008, 04:50:39 AM

http://www.eshttp://www.esnips.com/doc/c793060d-e90e-48f1-aadf-2630210e2367/2nips.comhttp://www.esnips.com/doc/c8e87aad-fa94-4fc6-b1bb-http://www.esnips.com/doc/c8e87aad-fa94-4fc6-b1bb-e3f900dc7f16/3e3f900dc7f16/3/doc/0e8fa0b4-557d-49cf-968d-e2bc29559d7b/1
evil,this is three of the four sections of the file.
Frank

Title: Re: HiJackThis problem
Post by: franke on March 06, 2008, 09:09:06 AM

evil
I'll try again

[recovering space - attachment deleted by admin]

Title: Re: HiJackThis problem
Post by: evilfantasy on March 06, 2008, 09:36:39 AM

Just post the uninstall list directly into the reply box. I can't open those.

Title: Re: HiJackThis problem
Post by: franke on March 06, 2008, 09:53:09 AM

evilfantasy
Can't do that.I tried,and was toldthat it was too big;so I shrunk it in esnips.
sorry
frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 06, 2008, 09:57:03 AM

I can't seem to open esnips either.

Please go to www.savefile.com and upload it there. You don't have to sign up, just click Upload My File. Then post the link to it back here.

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 04:53:10 AM

evilfantasy

[recovering space - attachment deleted by admin]

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 05:07:56 AM

Evilfantasy
Could you just advise me about the programs that I now have clur=ttered on my computer?
thanks
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 07, 2008, 11:01:45 AM

Uninstall or delete REg Clean, Registry Booster, aawsepersonal, advisor belarc, Firefox Setup 1,5, ieg6setup, psa30se_en_us.

Also delete any logs that may have been created by the scans we did.

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:30:43 PM

Trend Micro HijackThis v2.0.2
Scan saved at 3:40:21 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\AOLSP

Title: Re: HiJackThis problem
Post by: evilfantasy on March 07, 2008, 12:35:13 PM

Thats the first part of the log, use multiple posts to get the whole log posted.

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:43:27 PM

Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\AOL\1102907915\ee\SSCEvtHdlr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Common Files\AOL\1102907915\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\1102907915\EE\aolsoftware.exe

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:47:10 PM

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.officialsearchlist.org/email-link/msn_hotmail.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Utility]

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:49:37 PM

un: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102907915\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'Default user')
O4 - Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:50:38 PM

text menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8106/turbo.cab?id=9478387
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142f788135cc9313e600/netzip/RdxIE601.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0b7bc258219bec79.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{050B8AE2-ABDD-4D1C-908F-C178249252A3}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{050B8AE2-ABDD-4D1C-908F-C178249252A3}: NameServer = 205.188.146.145
O23 - Service: AOL Conn

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 12:53:34 PM

Evil
there ar 6 posts with this file;they are NOT in order.
FrankService: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://members.members-here.com/matex/ce_mellcybert/1/750/mellcybert004.jpg
O24 - Desktop Component 1: (no name) - http://members.members-here.com/matex/ce_mellcybert/1/thumbs/mellcybert004.jpg
O24 - Desktop Component 2: (no name) - http://www.accuratereloading.com/953l.jpg

--
End of file - 11819 bytes

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:09:39 PM

evilfantasy
I found this "disinstall list"Personal
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
BCM V.92 56K Modem
Belarc Advisor 7.2
CA Pest Patrol Realtime Protection
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon iP6220D
Canon iP6220D Memory Card Utility
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Chessmaster 8000
Classic PhoneTools
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell Solution Center

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:12:57 PM

evil disinstall 2Modem-On-Hold
Dell Solution Center
Dell Support
DellSupport
Desktop Weather by The Weather Channel
Digital Line Detect
DriveCleaner 1.0.111.0
DriveCleaner Freeware 1.0.111.0
Easy-WebPrint
eSnips
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB928388)
hp instant support
HP Photo Printing Software
hp psc 700 series
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Jasc Paint Shop Photo Album 5
Learn2 Multimedia Training
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation).NET Framework 1.0 Hotfix (KB928367)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Notification Utility
Quick StartUp 2.3
QuickTime
RegClean
Registry Cleaner
Registry Cleaner 1.0
Reloaders Reference v3
Safety and Security Center Uninstaller
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update
LiveUpdate 2.0 (Symantec Corporation)
Logitech MouseWare 9.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:17:39 PM

Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Search Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Notification Utility
Quick StartUp 2.3
QuickTime
RegClean
Registry Cleaner
Registry Cleaner 1.0
Reloaders Reference v3
Safety and Security Center Uninstaller
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:22:11 PM

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:25:16 PM

Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:34:12 PM

ecurity Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security

Title: Re: HiJackThis problem
Post by: franke on March 07, 2008, 01:37:01 PM

evilfantasy
this is the end of the file
FrankSecurity Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VersionTracker Pro Windows
Viewpoint Media Player
WildTangent Web Driver
Win32 BI Application
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows

Title: Re: HiJackThis problem
Post by: evilfantasy on March 07, 2008, 03:26:26 PM

Good job franke ;)

I will look at the Hijackthis log in a bit when I have more time.

Also look at this post and see if you can work out how to attach the logs into the posts. It will save a lot of time for you and be less posting.

See here >> http://www.computerhope.com/forum/index.php/topic,46313.msg316477.html#msg316477

Title: Re: HiJackThis problem
Post by: evilfantasy on March 07, 2008, 05:35:08 PM

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8106/turbo.cab?id=9478387
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O24 - Desktop Component 0: (no name) - http://members.members-here.com/matex/ce_mellcybert/1/750/mellcybert004.jpg
O24 - Desktop Component 1: (no name) - http://members.members-here.com/matex/ce_mellcybert/1/thumbs/mellcybert004.jpg
O24 - Desktop Component 2: (no name) - http://www.accuratereloading.com/953l.jpg

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Go to Start > Control Panel > Add/Remove Programs and uninstall these programs.

DriveCleaner 1.0.111.0
DriveCleaner Freeware 1.0.111.0
LiveReg (Symantec Corporation)
RegClean
Registry Cleaner
Registry Cleaner 1.0
LiveUpdate 2.0 (Symantec Corporation)
Viewpoint Media Player
WildTangent Web Driver

----------

Now go to this post (http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095) and do these steps:

Step 2: House Cleaning
Step 3: SUPERAntiSpyware
Step 4: Dr. Web CureIt

Title: Re: HiJackThis problem
Post by: franke on March 08, 2008, 06:52:13 AM

evilfantasy
thank you;THANK YOU!
I feel that I'm finally getting something accomplished.
First,I had a major medical problem3 years ago that affected the mobility of my hands.I could no longer activate the "double click";so I use the "right clk/left clk"motion.
I somehow was able to double click the highlight feature of the "copy"feature.That's why I wa able to post the files.
Now;I installed the C Cleaner,but do no get the page that you predicted.
I have "CCleaner V2.05 555
I don't get "options/Advanced
I get "WINDOWS and APPLICATIONS at the top
and ANALYZE and RUN CLEANER at the bottom
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 08, 2008, 10:45:21 AM

Quote

I don't get "options/Advanced

You don't have to worry about that, it will still work just fine for you the way it is.

Title: Re: HiJackThis problem
Post by: franke on March 08, 2008, 01:33:57 PM

Evil
For some reason,I don't get the pages/options/menus that your instructions indicate that I should get.
I just did "SuperAntiSpyware"and eliminated 83 files.I rebooted,and clicked the Icon.There is no "scan" tab,no:Hureistic analysis" and no green arrow.
It is a prompt to download "Super AdBlocker" Should I install it?
I will redo the "short scan".Maybe I'll see what you foresaw.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 08, 2008, 02:04:34 PM

Quote

There is no "scan" tab,no:Hureistic analysis" and no green arrow.

That is for the next scan with Dr Web CureIt and not SuperAntispyware. Just go ahead and follow the Dr Web instructions now.

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 08:10:55 AM

evil
cannot post Dr Web log.
error message
cannot accept txt
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 09, 2008, 12:04:19 PM

Ok Franke, good job in getting it to run.

Now I need you to run a new Hijackthis scan and post another Hijackthis log so I can see if anything is still there.

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 12:23:46 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:44 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Common Files\AOL\1102907915\ee\SSCEvtHdlr.exe
C:\WINDOWS\SYSTEM32\notepad.exe

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 12:27:27 PM

C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Common Files\AOL\1102907915\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\1102907915\EE\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.officialsearchlist.org/email-link/msn_hotmail.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102907915\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 12:29:27 PM

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'Default user')
O4 - Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142f788135cc9313e600/netzip/RdxIE601.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0b7bc258219bec79.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{050B8AE2-ABDD-4D1C-908F-C178249252A3}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{050B8AE2-ABDD-4D1C-908F-C178249252A3}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: CA Pest Patrol

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 12:40:35 PM

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 12:49:40 PM

23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1102907915\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10149 bytes

Evil
I ran a second HiJackThis,and copied the last lines.
I can't believe how easy it is,now
I just copied the files directly from the notebook to here.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 09, 2008, 12:51:06 PM

I think we have gotten everything taken care of, just one entry to fix with Hijackthis.

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

Then run CCleaner.

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 01:07:36 PM

evilfantasy
Thanks,again.
CCleaner deleted 2 more files
I feel that WE accomplished a lot today.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 09, 2008, 01:12:00 PM

It took a while, thanks for hanging in there.

If you have any more problems feel free to come on back and ask for help again.

Safe surfing...........

Title: Re: HiJackThis problem
Post by: franke on March 09, 2008, 05:55:56 PM

evilfantasy
I cannot get any help from anyone around here.
I did get some help at other websites,but You,and your crew,here have helped me a lot.I had no idea that some of the free downloads offered to protect my computer are actually worms.
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 09, 2008, 06:00:03 PM

Thanks for the kind words Franke, thats what keeps us going is knowing we are appreciated.

Yes, it is like the old saying "if it sounds too good to be true......."

But there are plenty of free and malware free downloads out there. You just have to look in the right places. I will give you two sites to look at. If you can't find it at one of these sites then it may not be trustworthy. They are malware free sites.

www.filehippo.com

www.majorgeeks.com

Title: Re: HiJackThis problem
Post by: franke on March 10, 2008, 01:07:26 PM

evilfantasy
I'm cleaning out some of the clutter in my computer,and would like your opinion of these files.
belarc and Belarc Advisor;I have remover advisor belarc
Register Cleaner;I removed Register Booster
Drive Cleaner
ie6setup
aolconnfix
tech tracker
VETlog
Version Tracker
altplay
Digital Line Detect
Frank

Title: Re: HiJackThis problem
Post by: evilfantasy on March 10, 2008, 05:48:45 PM

Digital Line Detect < Don't uninstall

Register Cleaner and Drive Cleaner < You can uninstall these

ie6setup < Delete

aolconnfix < This is used to fix your AOL connection, if you don't need it you can uninstall it

VETlog < Is this just a log or text file? If so it can be deleted

altplay < You can get rid of this

Version Tracker < Not needed

tech tracker < Not sure what this is but I think it can be safely uninstalled