Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91911 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Former AOL user LOGFILE! HELP!


  • This topic is locked This topic is locked
7 replies to this topic

#1 87gtNOS

87gtNOS

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 10 November 2005 - 07:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:20:21 PM, on 10/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE
C:\PROGRAM FILES\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS G\AIRGCFG.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.finetimesearch.com/main/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aol.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.presar...archbar&LC=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by AOL
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} -
C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: IE Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee
VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] c:\Program Files\D-Link\AirPlus
G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service]
c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON
FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL
Companion\companion.exe
O8 - Extra context menu item: AltaVista Home -
http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term -
http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page -
http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection -
http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM
FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} -
http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home -
{06FE5D00-8F11-11d2-804F-00105A133818} -
http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate -
{06FE5D05-8F11-11d2-804F-00105A133818} -
http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
{06FE5D02-8F11-11d2-804F-00105A133818} -
http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
{06FE5D03-8F11-11d2-804F-00105A133818} -
http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: IE Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: IE Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL
TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.ca
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://www.photopara...ll/phpsetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab

    Advertisements

Register to Remove


#2 87gtNOS

87gtNOS

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 11 November 2005 - 09:52 AM

This is my landlady's computer. She had AOL. The computer is full of junk..very slow. I ran Adaware adn Spybot. Haven't done Housecall or any others yet. I converted her to Firefox. Her Internet Explorer has 3 rows of toolbars!! It also has AOL in the top right corner. She has McAfee managed virus scan, I think. I want to get rid of all this carp**. Someone please tell what to delete!! Thanks!! Her internet speed is 3500kbs, which is great, but the computer is slow!!

#3 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 01:02 PM

Are you done in this thread? http://forums.tomcoy...7262&hl=logfile

Can you run spybot and reboot then post another log from hijackthis?

#4 87gtNOS

87gtNOS

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 12 November 2005 - 04:48 PM

thank you for replying little eagle. The other post you mention is my uncles computer. Fixed after a whole day of deleting carp***!! This current post is my landlady's computer. I have High Speed Cable internet, so I just bought a router. I got her up and running on the high speed on wireless to my router. Her computer is so full of carp**. It is slow to run processes, like switch between screens, etc... I want to remove the Mcafee anti virus, ALL the AOL, I think it had some kind of MSN internet, and whatever else that doesn't need to be there!! I ran SpyBot on her computer and it found nothing!! I then ran Adaware, and it found a bunch of browser hijackers, etc. So now I have posted her logfile from hijack this. If I can, later tonight I will be upstairs and will run Housecall, bazooka, and stinger.

Edited by 87gtNOS, 12 November 2005 - 04:48 PM.


#5 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 04:54 PM

If you are going to receive help here it would be nice if you could let us know when to close the threads. :weee: We track some 50-70 topics at a time ;) Should be around :) most of the night

#6 87gtNOS

87gtNOS

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 12 November 2005 - 09:43 PM

Tonight I ran Housecall, found 1 virus. Ran Spybot and found 6, including CWS. I also deleted a bunch of startup entries.

Here is the latest logfile. Next week she is gonna cancel her AOL. The wireless connection to my cable internet is working great!


Logfile of HijackThis v1.99.1
Scan saved at 10:09:53 PM, on 12/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS G\AIRGCFG.EXE
C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} -
C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee
VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [D-Link AirPlus G] c:\Program Files\D-Link\AirPlus
G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service]
c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON
FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://www.photopara...ll/phpsetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cab

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 November 2005 - 10:19 PM

Nice clean up :) you can kill these if you like.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =about:blank
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} -C:\WINDOWS\SYSTEM\NZDD.DLL


And remove aol when your ready .

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 November 2005 - 10:36 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users