19 replies to this topic

[mpossoff]

Hi all it was recommended that I post my HJT log.

I believe my brother is possibly surfing porn sites?

Marc

Logfile of HijackThis v1.99.1
Scan saved at 1:03:43 PM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\Program Files\NavNT\defwatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\dmi\win32\bin\Win32sl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: RedirectPage Class - {DC8240DF-E60D-4193-B984-5111847DC7E6} - C:\Program Files\Weblookup\weblookup.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {1A1200A2-8197-4108-92CD-5C21C7E7C612} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {25762F2C-58AB-4E78-B78A-8FDA9D610478} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {7C98AAC0-65C4-4E48-923B-FD45D95308F1} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-a.mhi.ao...s/custappx2.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.co...snmusax3503.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

[rridgely]

Follow the spyware removal guide posted at the top of this section. Then reboot and post a new log.

[mpossoff]

having problems with ewido.

is it a program that stays on all the time like norton anti-virus?

i have the icon on my desk top and when i click to open it shuts down right away, not giving me enough time to choose anything.

Marc

rridgely, on Dec 30 2005, 01:22 PM, said:

Follow the spyware removal guide posted at the top of this section. Then reboot and post a new log.

[mpossoff]

ran an issues scan with CC...

am I suppose to fix selected issues?

Marc

mpossoff, on Dec 30 2005, 03:26 PM, said:

having problems with ewido.

is it a program that stays on all the time like norton anti-virus?

i have the icon on my desk top and when i click to open it shuts down right away, not giving me enough time to choose anything.

Marc

[rridgely]

Uninstall ewido. Then run the issues scan to get rid of all traces of it. Then reinstall it.(Yes fix the issues with ccleaner).

[mpossoff]

followed your instructions.

I clicked on the icon on my desk top.

it opened then closed fast, not giving me time to Look on the left side of the program for a button that says update and press it.

hmmm, something just came up that update was successful as I'm typing this.

didn't hit anything.

how the heck does this ewido work?

Marc

rridgely, on Dec 30 2005, 04:47 PM, said:

Uninstall ewido. Then run the issues scan to get rid of all traces of it. Then reinstall it.(Yes fix the issues with ccleaner).

[rridgely]

Its a spyware scanner just like adaware,spybot, ect. But its a much better program.

Run this online virus scan:
http://www.trendmicr...tro/default.asp
(scan for viruses and spyware)

[mpossoff]

there is also an ewido icon in the bottom right corner of my desk top next ot my clock and norton icon as well as an icon on my desk top./

now the icon in the bottom right corner when I right click says ...

Launch Program

Realtime Protection, which is checked

Automatic Updates, which is checked also

Shutdown Guard

I'm not clear how this ewido works?

Is it something that you must open up and start?

Is it something that stays on all the time?

Is it something that you need to open, and launch?

I'm so confused.

Marc

[rridgely]

Its like microsoft antispyware. Its got a realtime protection aspect but its also a scanner. Click the icon and it should open up to look like this:


Then follow the instructions to scan with it.

[mpossoff]

rridgely it opens but closes too too quickly to even do anything.

let me try it now as I type....I'm clicking on the icon....it opened and closed in a split second.

Marc

rridgely, on Dec 30 2005, 05:03 PM, said:

Its like microsoft antispyware. Its got a realtime protection aspect but its also a scanner. Click the icon and it should open up to look like this:


Then follow the instructions to scan with it.

[rridgely]

To be honest I dont know. There is a small chance that somethngs keeping you from opening it. For now uninstall it and then run ccleaner to get rid of the traces.

Then follow the rest of the guide using MS antispy, adaware, ect.
Also run this virus scan.
http://www.trendmicr...tro/default.asp

[mpossoff]

weird thing just happened, when i went to control panel a pop came up...

Run Time Error

forgot to post this before but this happened a couple of times since the couple of instal and uninstalls of ewido.

Marc

rridgely, on Dec 30 2005, 05:11 PM, said:

To be honest I dont know. There is a small chance that somethngs keeping you from opening it. For now uninstall it and then run ccleaner to get rid of the traces.

Then follow the rest of the guide using MS antispy, adaware, ect.
Also run this virus scan.
http://www.trendmicr...tro/default.asp

[mpossoff]

does this scn take long?

might be getting hung up?

been in... Please wait while HouseCall scans your system…for a while.


and still transferring data.

reason i ask is because i don't see a graph that indicates its scanning .

Marc

rridgely, on Dec 30 2005, 05:11 PM, said:

To be honest I dont know. There is a small chance that somethngs keeping you from opening it. For now uninstall it and then run ccleaner to get rid of the traces.

Then follow the rest of the guide using MS antispy, adaware, ect.
Also run this virus scan.
http://www.trendmicr...tro/default.asp

[mpossoff]

does microsoft anti-spyware work with firefox as well?

one more question...I have been using firefox for a bit and love it compared to ie.

is is safe to get rid of ie al ltogether?

Marc

[mpossoff]

rridgely ran trendmocro/housecall.

it seems like it scanned but it has been in idle for a LONG time.

at the bottom looks like it's transferring some kid of data... cause there is a combo of my "pointer/hour glass" icon.

so I'm not sure what's going on.

what I did was have house call clean.

is it done?

Marc

rridgely, on Dec 30 2005, 04:58 PM, said:

Its a spyware scanner just like adaware,spybot, ect. But its a much better program.

Run this online virus scan:
http://www.trendmicr...tro/default.asp
(scan for viruses and spyware)

[JAGO]

You can't get rid of IE. If you like, you can delete the shortcut from your desktop, but don't try to delete it. IE is highly integrated into Windows and is sometimes necessary to browse the internet - not everyone makes websites up to Firefox's standards.

[Andavari]

mpossoff, on Dec 31 2005, 08:40 AM, said:

rridgely ran trendmocro/housecall.

it seems like it scanned but it has been in idle for a LONG time.

at the bottom looks like it's transferring some kid of data... cause there is a combo of my "pointer/hour glass" icon.

so I'm not sure what's going on.

what I did was have house call clean.

is it done?

Marc

You can also do a free scan with Microsoft Windows Live Safety Center.

To get any free online virus scanner to scan significantly faster you should disable your real-time protection in your installed antivirus software. When the scan is done remember to enable the real-time protection.

[Greenknight]

The Trendmicro scan does take quite a while, the first time you run it especially. It has to download all the virus definitions first, which takes a while, then it does the actual scan, which also takes quite a while. The second and subsequent times you run it, it will only have to update the definitions, so it won't take as long. The more often you run it, the less time it will take each time, though it's never exactly quick. Just be patient, as long as it's showing some progress it's working.

[mpossoff]

Thanks Greenknight,

How often do you suggest I run Trendmicro?

I just ran it again for the 3rd time and although it's faster than the 2 prevous, it still takes a while.

What's the pupose of running Trendmicro compared to the recoomendations of Syware romoval in the forums....ewido, ad-aware, spyblaster, cwshredder, etc.

Use in conjunction or can Trendmicro be used as a replacement? Bit confused.

I primarily use Firefox but have internet explorer...Dumb question...do we run Trendmicro in both FF and IE?

Marc

Greenknight, on Jan 1 2006, 07:18 AM, said:

The Trendmicro scan does take quite a while, the first time you run it especially. It has to download all the virus definitions first, which takes a while, then it does the actual scan, which also takes quite a while. The second and subsequent times you run it, it will only have to update the definitions, so it won't take as long. The more often you run it, the less time it will take each time, though it's never exactly quick. Just be patient, as long as it's showing some progress it's working.

[mpossoff]

The old version doesn't work with firefox.

Marc