My Hijack log - Cheers(RESOLVED)

  1. 08-01-2006  #11
    UK Dave
    UK Dave is offline Dedicated Member

    Re: My Hijack log - Cheers

    Part 2, Ad-Aware Log :

    Ad-Aware Log :


    Ad-Aware SE Build 1.06r1
    Logfile Created on:08 January 2006 13:58:04
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R85 04.01.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):34 total references
    Tracking Cookie(TAC index:3):2 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    08-01-2006 13:58:04 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\D.T-4SAGYGA8ENF5V\recent
    Description : list of recently opened documents


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
    Description : list of recently used files in adobe reader


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\clipart gallery\2.0\mrudescription
    Description : most recently used description in microsoft clipart gallery


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplicatio n
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\directinput\mostrecentappl ication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\directinput\mostrecentappl ication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\internet explorer
    Description : last download directory used in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\internet explorer\main
    Description : last save directory used in microsoft internet explorer


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\player\recentf ilelist
    Description : list of recently used files in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\player\setting s
    Description : last save as directory used in jasc paint shop pro


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\player\setting s
    Description : last open directory used in jasc paint shop pro


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\preferences
    Description : last cd record path used in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\preferences
    Description : last playlist index loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\preferences
    Description : last playlist loaded in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\mediaplayer\preferences
    Description : last search path used in microsoft windows media player


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\microsoft management console\recent file list
    Description : list of recent snap-ins used in the microsoft management console


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru
    Description : list of recent documents opened by microsoft word


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru
    Description : list of recent documents saved by microsoft word


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\office\8.0\excel\recent file list
    Description : list of recent files used by microsoft excel


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\office\8.0\powerpoint\rece nt file list
    Description : list of recent files used by microsoft powerpoint


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\search assistant\acmru
    Description : list of recent search terms used with the search assistant


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows\currentversion\app lets\paint\recent file list
    Description : list of files recently opened using microsoft paint


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows\currentversion\app lets\wordpad\recent file list
    Description : list of recent files opened using wordpad


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    MRU List Object Recognized!
    Location: : S-1-5-21-1801674531-1482476501-725345543-1004\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 156
    ThreadCreationTime : 08-01-2006 13:44:11
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 204
    ThreadCreationTime : 08-01-2006 13:44:19
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 228
    ThreadCreationTime : 08-01-2006 13:44:22
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 272
    ThreadCreationTime : 08-01-2006 13:44:26
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 284
    ThreadCreationTime : 08-01-2006 13:44:26
    BasePriority : Normal
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 448
    ThreadCreationTime : 08-01-2006 13:44:29
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 472
    ThreadCreationTime : 08-01-2006 13:44:29
    BasePriority : Normal
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1824
    ThreadCreationTime : 08-01-2006 13:51:24
    BasePriority : Normal
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:9 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 1984
    ThreadCreationTime : 08-01-2006 13:55:21
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 34


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 34


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 34


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : d@questionmarket[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:27
    Value : Cookie:d@questionmarket.com/
    Expires : 28-02-2007 19:19:36
    LastSync : Hits:27
    UseCount : 0
    Hits : 27

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : d@tribalfusion[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:6
    Value : Cookie:d@tribalfusion.com/
    Expires : 01-01-2038
    LastSync : Hits:6
    UseCount : 0
    Hits : 6

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 36



    Deep scanning and examining files (C
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 36


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 36




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 36

    14:09:09 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:11:05.203
    Objects scanned:105870
    Objects identified:2
    Objects ignored:0
    New critical objects:2

    Ewido Log :

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 15:02:02, 08/01/2006
    + Report-Checksum: CEB51CD4

    + Scan result:

    C:\Documents and Settings\D.T-4SAGYGA8ENF5V\Cookies\d@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\D.T-4SAGYGA8ENF5V\Cookies\d@data2.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dba2044.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dba2044.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\dba2044.exe -> Dialer.Generic : Cleaned with backup


    ::Report End

    Thanks again for the help. P.s, is she clean now! lol Cheers, Dave

  3. 08-01-2006  #12
    Neal
    Neal is offline Dedicated Member
    Just about.


    Go here to learn how to show hidden files/folders:

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5


    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html

    don't run the tool just yet please.
    Install it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

    Hunt for and delete if found:

    C:\WINDOWS\SYSTEM32\adupdmanager.xml < file
    C:\WINDOWS\SYSTEM32\wppp.html < file
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf < file


    Now while in safe mode run CCleaner useing the windows tab only please.


    Reboot normal and post a new hijackthis log with feed back on how your computer is running now please.
  4. 09-01-2006  #13
    UK Dave
    UK Dave is offline Dedicated Member
    Neal, i owe you one for all your help. My pc seems a lot faster and i can't believe how many bugs you've helped me find
    That CCleaner on its own found 140mb of junk...just doing nowt!

    "Go here to learn how to show hidden files/folders:"

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5 Done that.


    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html Done that.

    don't run the tool just yet please.
    Install it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

    1.Uncheck "Cookies" under "Internet Explorer". Done that.

    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

    Hunt for and delete if found:

    C:\WINDOWS\SYSTEM32\adupdmanager.xml < file Found + deleted that.
    C:\WINDOWS\SYSTEM32\wppp.html < file Not found.
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf < file Not found.


    Now while in safe mode run CCleaner useing the windows tab only please. Found 0.45mb.

    How's she looking now?

    Logfile of HijackThis v1.99.1
    Scan saved at 00:01:18, on 09/01/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Warner Bros Alerts\skinkers.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchy.co.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [WarnerBrosCluster] C:\Program Files\Warner Bros Alerts\skinkers.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/t...ivePreQual.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Quick questions. While running CCleaner i noticed the 'issues' tab - so i scanned and it found loads of issues/shared files etc.Stuff like McAfee,which i don't use anymore. Can i scan + delete these files, or will it have a knock on effect on other programs ( if they're shared etc )
    Also, ( sorry to be a pain ), but i now have these programs on my desktop:
    AVG 7 Anti-virus
    Spybot S&D
    Ad-Aware SE personal
    CCleaner
    Ewido
    + Smitrem,Panda and CWshredder - somewhere on my pc!
    My Q is, do they run automatically / in the background, like McAfee,(which alerted me to possible bugs), or do i have to run them manually,from time to time?
    Many thanks again. Dave.
    Last edited by UK Dave; 09-01-2006 at 01:53 AM.
  5. 09-01-2006  #14
    Neal
    Neal is offline Dedicated Member
    Your log is clean.


    I would keep CCleaner and use it about once a month, windows tab only, as far as the issue tab is concerned if you remove anything with that be sure to back up the registry first. CCleaner has been known to find things it shouldn't when useing the issues tab which deals with the registry. I personally would not do it, anything in there that is old stuff is harmless clutter and doesn't take up hardly any space on your computer.

    keep spybot and adaware check for updates often at least once a week and run the scans and they are scanners and removers.

    I also would keep Ewido even if the trial runs out it will update and scan and remove but will not run in the back ground.

    Uninstall smitrem, unless you put a shortcut on your desktop panda will not need to be removed as it is an online scanner but would scan with it once a month for safetys sake.

    Remove CWShredder it does nothing but remove stuff after infection.

    Are you satisfied with your computer if you are i will have some free programs for your consideration that will keep your computer a lot safer then it is now.

    Never use more than one anti-virus program at a time and the same goes for firealls.

    Let me know if all is ok.
  6. 09-01-2006  #15
    UK Dave
    UK Dave is offline Dedicated Member
    Woohoo!
    Many thanks Neal for all your help + your time,glad she's now clean.

    Any programs that will help keep my computer safer are much apreciated.

    Cheers, Dave.
    Attached Images
  7. 09-01-2006  #16
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Alrighty then thanks for stopping by.



    If you are no longer having any more trouble here is some preventative measures for you.

    Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

    http://forums.thatcomputerguy.us/ind...showtopic=1190

    Flush your restore points in ME and XP, by turning System Restore off and then back on.
    This will create a fresh restore point.

    Explained here:
    Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

    Microsoft ME:

    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


    RegProtect

    This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

    You have the option of allowing(good) items or blocking(bad)items.

    http://www.diamondcs.com.au/index.php?page=regprot


    To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
    http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

    http://www.microsoft.com/windows/ie/default.asp


    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1

    Avast: http://www.avast.com/eng/avast_4_home.html


    3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
    MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx


    4. Consider using a free firewall if you are not already using one. Some good free ones are:
    Kerio
    http://www.sunbelt-software.com/Kerio.cfm

    OutPost Personal Firewall:
    Outpost



    5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
    Mozilla Firefox: www.mozilla.org/products/firefox/


    6. Consider increasing your browser security by using these programs:
    SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

    http://www.javacoolsoftware.com/spywareblaster.html


    If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/


    IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
    https://netfiles.uiuc.edu/ehowes/www/resource.htm


    *Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« IE6 error - shdoclc.dll/dnserror.htm (RESOLVED) | Suspicious Programs »