MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Questions about eScan Antivirus Toolkit results
November 22, 2019, 03:20:01 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 03:20:01 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Questions about eScan Antivirus Toolkit results  (Read 2510 times)
skewedhalo
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« on: February 07, 2005, 10:33:10 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Microsoft XP Home
Problem Application Name & Version: eScan AntiVirus Toolkit v4.4.7 (Mwav)



Hi,
 
I'm sorry, I know this isn't actually about security, but I only downloaded and used eScan AntiVirus Toolkit Utility as I was having to remove spyware and viruses.
I ran it again expecting everything to be clean and lovely. Grin Instead I got some results that I don't really understand. Shocked  The first was under virus log information:-


File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe tagged as not-a-virus:AdWare.ShopAtHome.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SahHtml_.exe tagged as not-a-virus:AdWare.Sahat.i. No Action Taken.
File C:\Program Files\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Now I am presuming these are tagged as not a virus because an anti-virus/anti-spyware program has dealt with them?  I thought I may as well go and delete them anyway, but was surprised that I can't see them in the Downloaded Programs folder, nor the AOL folder.  Why is this?  Do they pose any threat?
 
The second problem was lots of errors, made even more confusing by the fact that the software said there were only 3!

Mon Feb 07 00:48:26 2005 => ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
Mon Feb 07 00:48:28 2005 => ERROR!!! Invalid Entry \??\D:\NTACCESS.sys in SYSTEM\CurrentControlSet\Services\NTACCESS...
Mon Feb 07 00:48:29 2005 => ERROR!!! Invalid Entry \??\D:\NTGLM7X.sys in SYSTEM\CurrentControlSet\Services\SetupNTGLM7X...
Mon Feb 07 00:48:32 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
Mon Feb 07 00:48:32 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
Mon Feb 07 00:48:33 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
Mon Feb 07 00:48:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
Mon Feb 07 00:49:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\system.LOG
Mon Feb 07 00:49:57 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\software.LOG
Mon Feb 07 00:49:57 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default.LOG
Mon Feb 07 00:49:57 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM.LOG
Mon Feb 07 00:49:57 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY.LOG
Mon Feb 07 00:49:57 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\History\History.IE5\index.dat
Mon Feb 07 00:49:58 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\AppEvent.Evt
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SecEvent.Evt
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\DEFAULT
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SYSTEM
Mon Feb 07 00:50:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM
Mon Feb 07 00:50:24 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Mon Feb 07 00:50:24 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Mon Feb 07 00:56:39 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\Temp\ZLT00f44.TMP
Mon Feb 07 00:56:44 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
Mon Feb 07 00:56:44 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
Mon Feb 07 00:57:22 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
Mon Feb 07 01:05:10 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\INTERN~1\tvDebug.log
Mon Feb 07 01:05:10 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\INTERN~1\IAMDB.RDB
Mon Feb 07 01:05:10 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\INTERN~1\NEWTOY.ldb
Mon Feb 07 01:05:10 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
Mon Feb 07 01:05:11 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Mon Feb 07 01:05:11 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\SoftwareDistribution\EventCache\{79DD78A5-F78C-4D7F-9D27-CE732BFB9D1A}.bin
Mon Feb 07 01:06:00 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr0.dat
Mon Feb 07 01:06:00 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr1.dat

and lots, lots more!
What does it all mean?  What have I done???  What on earth should I do???  Please help me!
Thanks,
Skewed Halo
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: February 08, 2005, 01:22:44 AM »

Hi skewedhalo ... Smiley

Download Hijackthis Ver. 1.99
---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----most entries are harmless and needed.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
skewedhalo
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #2 on: February 08, 2005, 11:55:16 AM »

Hi Cactus,

HJT Log as follows:-


Logfile of HijackThis v1.99.0
Scan saved at 11:40:47, on 08/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\Richard\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107695148531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB41E96-D502-4CF6-85B4-49CC669C0EFF}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I think I'd like to get rid of R3, but when I tried to do it once before HJT couldn't do it.  Would it help if I was in safe mode?

Thanks for your help,
Skewed Halo
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: February 09, 2005, 02:02:20 AM »

Your Logfile is pretty clean skewedhalo

Run HJT and have it remove this one entry:

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Now this is what I suggest you do.

Download CWShredder from my signature below. Unzip it on the desktop.
Open CWShredder and with ALL other windows closed, click fix.

Go here and run online scans (all), allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Note any thing that can't be fixed
Reboot when done.

Next:

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.3 and Ad-aware SE Build 1.05 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.


Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode check Perform full system scan.
Next deselect Search for negligible risk entries.
Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
skewedhalo
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #4 on: February 09, 2005, 10:12:28 PM »

Your Logfile is pretty clean skewedhalo
Clean!?!  Of course it's clean!  I've spent 3 days trying to sort out this ****ing PC!  Grin

Run HJT and have it remove this one entry:

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

See above.  I have tried but it can't remove it.  It acts like it does but if you re-scan it is still there.
Now this is what I suggest you do.

Download CWShredder from my signature below. Unzip it on the desktop.
Open CWShredder and with ALL other windows closed, click fix.
Done.  Nothing found.
Go here and run online scans (all), allow them to delete whatever they find:

TrendMicro HouseCall - nothing found.
eTrust AntiVirus Web Scanner - ah!  found win32.TorBot and deleted it.
Panda ActiveScan - nothing found

Next:

Spybot: finds the usual 5 DSO Exploits which it can't fix and I'm not worried about.
Ad-Aware FULL SCAN: Finds nothing


New HJT log as follows:

Logfile of HijackThis v1.99.0
Scan saved at 21:53:28, on 09/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Richard\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107695148531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Now what? Smiley
Thanks,
Skewed Halo
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: February 09, 2005, 11:41:53 PM »

I hope the bigger lettering and the capitalization is because your going blind .. Lips Sealed .. otherwise I'd say you we're yelling and that will get you NO help .. Grin


Your logfile looks good skewedhalo.. have HJT fix these entries....

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

In Xp, here are some locations of Temp files

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Username\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

Turn on System Restore

Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
skewedhalo
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #6 on: February 10, 2005, 07:34:36 PM »

Hi Cactus,
I'm sorry you didn't like the larger font, but I think if you look again that the only capitilization was for acronyms! There was no shouting going on, I can assure you.


Your logfile looks good skewedhalo.. have HJT fix these entries....

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

As I ave explained before, HJT just cannot fix R3.

Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

There's loads of 'em. LOL

New HJT log as follows:

Logfile of HijackThis v1.99.0
Scan saved at 19:20:13, on 10/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Documents and Settings\Richard\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107695148531
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Thanks,
Sharon
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #7 on: February 11, 2005, 03:09:31 AM »

Ok Sharon .. I'm glad you weren't shouting .. Smiley

Let's run HJT in SAFE MODE and then try and DELETE that R3 Entry and them Emptying all your TEMP Folders again as well as the Recycle Bin


Try and remove this line:R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Post back..

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
skewedhalo
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #8 on: February 11, 2005, 06:52:45 PM »

R3 just won't go, even in safe mode.  I wonder why?

New HJT log as follows:

Logfile of HijackThis v1.99.0
Scan saved at 18:26:52, on 11/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Richard\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107695148531
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


Also, ipconfig.exe keeps trying to access the internet.  Should I let it?

Thanks,
Sharon
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 18, 2018, 03:06:59 AM