|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 New hijackthis log file! for Warez Monster!(Click here to view the original thread with full colors/images)Posted by: Fly4High Logfile of HijackThis v1.99.1 Scan saved at 2:28:25 AM, on 4/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE D:\Setup\Fonts\unikey\UniKeyNT.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Apoint2K\Apntex.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\UAService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE D:\Setup\Firewalls & Securities\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FolderGuard] C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [UniKey] D:\Setup\Fonts\unikey\UniKeyNT.exe O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Holdfast Battle Net - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\CGA Gameing Platform\GameClient.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2253E909-FB5B-4B1F-BAD9-03FD7CA8BC81}: NameServer = 210.245.0.10 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: FolderGuard - C:\PROGRA~1\WINABI~1\FOLDER~1\FGuard32.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe Posted by: Whisperer Hi Fly4High, My name is Whisperer, as it has been such a long time since this post would you please post a new log, below this one, together with a description of your problems. The symptoms that you are experiencing can quite often give a clue when the log does not. GT :) Posted by: Warez Monster why is this for me? Posted by: Fly4High Hi Wishperer, Thank you for enthusiatic help. My problem had been solved already. But still I will post the lastest HijackThis log file for your ref: Logfile of HijackThis v1.99.1 Scan saved at 9:12:45 AM, on 4/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE D:\Setup\Fonts\unikey\UniKeyNT.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\mtd2002\MTDSERVER.EXE C:\Program Files\mtd2002\MTDSHELF.EXE C:\Program Files\mtd2002\MTD2002EVA.EXE D:\Setup\Firewalls & Securities\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = [url]http://220.248.26.54:80[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FolderGuard] C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe O4 - HKCU\..\Run: [UniKey] D:\Setup\Fonts\unikey\UniKeyNT.exe O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Holdfast Battle Net - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\CGA Gameing Platform\GameClient.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{2253E909-FB5B-4B1F-BAD9-03FD7CA8BC81}: NameServer = 210.245.0.10 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: FolderGuard - C:\PROGRA~1\WINABI~1\FOLDER~1\FGuard32.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe Thanks a lot anyway! For Warez Monster: cause you have told me to post this log for your ref before and I know you capable to help me solve the problem. Thanks a lot, Warez! Posted by: Whisperer Hi Fly4High, Thanks for your information, I will consider the matter closed but I would be failing you if I did not make the following observations 1. You appear to have two antivirus solutions running – McAffee and Network Associates. It may be that you have one installed but not working, if this is not the case then you are strongly advised to stop one of them from running 2. If you are not a programmer then Mdm.exe is a resource hog and should be disabled 3. You have Real player on your machine, I would recommend its removal using [b]Add or Remove Programs. [/b] If you prefer to keep it then I suggest you navigate to [b]C:\Program Files\Common Files\Real\Update_OB\[/b] and rename the [b]Realsched.exe[/b] file to [b]Realsched.exe.old[/b] For further information see [url=http://www.windowsstartup.com/wso/detail.php?id=3841] [b] this post [/b] [/url] Safe surfing GT Posted by: Fly4High Hi Whisperer, Thank youfor your sympathetic helping! As you said, I agreed that I have McAfee and Network Associate along as well, MacAfee is the newer version than NA, but just tell me how tostop NA and if it harm my system! And I wondered what is mdm.exe is and what does is do, can you give me some more detail about it! I also rename realschel.exe to realschel.exe.old! Thanks a lot for your help! Looking forward to hear your reply soon. Posted by: Whisperer Sorry for the delay in answering, glad to see that you have stopped Realsched from running. MDM, short for Machine Debug Manager, is a tool used by programmers to assist in debugging their programming, it is a background task that will be running on your machine but if you do not program then it is a waste of resources. To disable it, [list] [*]Click the [color=red][b]Start[/b] [/color] button and select [color=blue][b]Run[/b] [/color] [*]Type into the box [b]Services.msc[/b] [*]Locate the [b]Machine Debug Manager [/b] and right-click [*]Click [color=blue][b]Stop [/b] [/color] [*]Right-click the [b]Machine Debug Manager [/b] again and this time select [color=blue][b]Properties[/b] [/color] [*]In the drop-down window on the [color=blue][b]General[/b] [/color] tab select [b]Disabled [/b] [*] Clock [color=blue][b] OK[/b] [/color] and then close the Services window[/list] I know nothing about the Network Associate anti-virus so I will seek more information and then get back to you as soon as I can GT Posted by: Fly4High Hi Whisperer, Thanks a lot for helping me that much! Regard. Posted by: Whisperer You are welcome. 1. I would suggest that you remove your Network Associates antivirus solution from your computer. [list=a] [*]Click [color=red][b]Start [/b] [/color]and then select [color=blue][b]Control Panel [/b] [/color] [*]Near the beginning locate and select [b] Add or Remove programs[/b] [*]Wait for the list to populate and then select the [color=blue][b]Network Associates[/b] [/color]entry [*]Click the [color=blue][b]Remove [/b] [/color] button[/list] Please do a bit of housekeeping by carrying out a system scan with Ewido and a clean-up with CCleaner, instructions follow 2. Download the Ewido security suite [url=http://www.ewido.net/en/download/][b][u] here[/u][/b][/url] the suite is fully functional on a trial basis [list=a][*]When installing, under [b]Additional Options[color=red] REMOVE the checks[/color][/b] on [u]Install background guard[/u] and [u]Install scan via context menu[/u] [*]Launch ewido, there should be a big [b][color=red][size=3]e[/size][/color][/b] icon on your desktop, double-click it. [*]The program will prompt you to update; click the "OK" button. The program will now go to the main screen [*]On the left hand side of the main screen click [b][color=blue] Update[/color] [/b] and then click [b][color=blue] Start update[/color][/b] [*]The update will start and a progress bar will show the updates being installed. [*]When the update has completed click on [color=blue][b]scanner[/b][/color] [list][*]Click on [color=blue][b]Settings[/color][/b] [*]Confirm that all check boxes are ticked [*]and [b]scan every file[/b] is selected [*]Click OK and [color=red][b]Exit [/b][/color] ewido for now.[/list] [b]I suggest that you print out the following instructions or highlight the remainder and save to a WordPad file on your desktop as you will no longer have an internet connection until we have finished the clean up[/b] 3. Physically disconnect your computer from the internet by unplugging the lead. 4. Reboot the computer into safe mode using a clean boot sequence [list=a][*]Select the [color=red][b]Start[/b][/color] button and Turn Off Computer [*]Select the [color=blue][b]Turn Off[/b][/color] option, when the computer has shut down, switch off the power supply. [*]After 10 seconds, restore the power supply and switch on the computer [list][*]Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. [*]As soon as the BIOS loads, or a single Beep is heard then begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. [*]If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. [*]Using the arrow keys on the keyboard, select Safe mode and then press Enter. When in Safe mode you will have your desktop with the word ‘Safe’ in the 4 corners. [/list] 5. To reduce the chance of AntiSpyware interfering with the fixes, please stop all antispyware on your computer. If you right-click on the icon(s) in the systems tray you will find an option to ‘exit’. When you reboot, this will all return to normal. 6. The next tool to run is [b]Ewido[/b][list=a][*][b]Close all open windows/programs/folders. Have nothing else open while ewido performs its scan![/b] [*]Open the programme by clicking on the large [color=red][b][size=3]e. [/size] [/b][/color] Select the [color=blue][b]Update [/b][/color]option from the left and then [b][u]Start Update[/u][/b] on the right.[*]When the update has completed click on [color=blue][b]scanner[/b][/color] [*]Click on [color=blue][b]Settings[/color][/b]. Confirm that all check boxes are ticked and [b]scan every file[/b] is selected [*]Click OK[*]Select [b][u]Complete system scan [/u][/b] and let the program scan the machine [*]If Ewido finds anything, it will pop up a notification. Select [b]Remove[/b] as the action and place a check against[b] Perform action with all infections.[/b] [*]When the scan has been completed, if there has been malware detected then [b]repeat the scan until there is no detected malware[/b] [*]When you have the clean result from Ewido click on the [color=blue][b]Save Report[/b][/color] button at the bottom of the screen and save the file to the desktop. [*][b][color=red]Exit Ewido [/color] [/b]and reboot back to Normal[/list] 7. Download [url=http://www.filehippo.com/download_ccleaner.html][u][b]CCleaner [/b][/u][/url] [list=a][*]Select the [b]Download Latest Version [/b]link (top of green column) and save to your desktop [*]Right-click the [b]ccsetup127.exe[/b] file on your desktop and select [b]Open[/b][*]Follow the on-screen instructions through to the [b]Install Options[/b] page. I suggest you only retain the following 2 options (i)[b]Add Desktop Shortcut [/b] and (ii)[b]Automatically check for updates etc… [/b] [*]Click [color=blue][b]Install[/b][/color] To setup CCleaner [*]Click on the [color=red][b]CCleaner [/b][/color]icon on your desktop. [*]From the menu on the left select [color=blue][b]Options[/b][/color] [*]Now select [color=blue][b]Advanced. [/b][/color] On the right remove the check against [b][u]Only delete files in Windows Temp folders older than 48 hours. [/u][/b] [*]Select [color=blue][b]Cookies. [/b][/color]When CCleaner is run it will remove all of the cookies in the left window; if there are cookies that you wish to retain then select them and transfer them to the right window. Multiple selections can be made by holding down the [b]Ctrl[/b] key before selecting. [*]Select [color=blue][b]Cleaner [/b][/color]from the left menu and the [b]Windows [/b]tab [list] [*]Under[b] Internet Explorer [/b]place ticks in all but the last box [*]Under [b]Windows Explorer [/b] tick the last two only [*]Under[b] System [/b]tick all boxes [*]There is no need to tick anything under [b]Advanced[/b] [*]From the menu on the left click on [color=blue][b]Analyze [/b][/color] [*]When the analysis is complete, click on [color=blue][b]Run Cleaner[/b][/color] and [color=blue][b]OK[/b] at the next screen[/color] [*]Close [b] CCleaner[/b][/list] 7. Please post [list=a] [b] [*]The Ewido log [*]A new HijackThis log [*]How is the computer running [/b] [/list] GT Posted by: Fly4High Hi Whisperer, It seems there's a considerable amount of work should be done here. I'll take time to complete all these processes and return the reports ASAP. Thanks a lot again for enthusiatic helping! Posted by: Whisperer Whenever you are ready Posted by: Fly4High Hi Whisperer, AS you suggested before, I've done all the processes you've mentioned and now I post all report for you: A. Ewido log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:59:25 AM, 4/25/2006 + Report-Checksum: 7B511035 + Scan result: C:\Documents and Settings\Linhnd\Cookies\linhnd@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Linhnd\Cookies\linhnd@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup ::Report End B. Lastest HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 10:09:38 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE D:\Setup\Fonts\unikey\UniKeyNT.exe C:\WINDOWS\system32\svchost.exe D:\Setup\Firewalls & Securities\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 219.43.22.65:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FolderGuard] C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE /CL O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [UniKey] D:\Setup\Fonts\unikey\UniKeyNT.exe O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Holdfast Battle Net - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\CGA Gameing Platform\GameClient.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{2253E909-FB5B-4B1F-BAD9-03FD7CA8BC81}: NameServer = 210.245.0.10 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: FolderGuard - C:\PROGRA~1\WINABI~1\FOLDER~1\FGuard32.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe C. My computer working fine, and I feel it run faster. If there's any further suggestions, pls post! Thanks a lot for your help! Posted by: Whisperer I would like you to produce a list of installed programs to assist me in the cleanup. 1. To do this open your [color=red][b]HijackThis[/b] [/color] [list=a][*]Click on [color=blue][b]Open the Misc Tools section[/b] [/color] or [color=blue][b]Config...[/b] [/color] button, depending on how you are set up. [*] If you used the [b]Config... [/b] option then click the [color=blue][b]Misc Tools[/b] [/color] tab [*]Select [color=blue][b]Open Uninstall Manager[/b] [/color], a list of your installed programs will be displayed. Please do not be tempted to edit the contents! [*]Select the [color=blue][b]Save List...[/b] [/color]button and save the file to your desktop.[/list]2. Please post a copy of this list in your next reply GT Posted by: Fly4High Hi Whisperer, This is the Save list log file contents: 2Wire Wireless Client Able2Extract v3.0 Adobe Photoshop 7.0 Adobe Reader 7.0.7 Adobe® Photoshop® Album Starter Edition 3.0 ALPS Touch Pad Driver ASTRA32 - Advanced System Information Tool 1.30 AVIcodec (remove only) CCleaner (remove only) Codec Pack - All In 1 6.0.0.2 DAEMON Tools DivX DivX Player Duwamish 7.0 (VB) E-recon for Acelife (C:\Program Files\E-Recon\) ewido anti-malware Folder Guard Google Talk (remove only) Google Toolbar for Internet Explorer Herosoft HeroVideo(3000) HijackThis 1.99.1 Intel(R) Extreme Graphics 2 Driver Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet iTunes J2SE Runtime Environment 5.0 Update 6 Macromedia Flash MX Macromedia Flash MX 2004 Macromedia Flash Player 8 Macromedia Shockwave Player McAfee VirusScan Enterprise Microsoft .NET Framework 1.1 Microsoft Office XP Professional with FrontPage Microsoft SQL Server 2000 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual Studio .NET Enterprise Architect 2003 - English Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 MSN MSN Messenger 7.5 MSXML4 Parser PDFCreator PowerArchiver 2004 v9.25 QUICKfind QuickTime RealPlayer Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Skype 2.0 SPT PC-Phone Dialer TOSHIBA Power Saver TOSHIBA Software Modem Trojan Guarder Gold Version Uninstall LAC VIET mtd2002-EVA Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Messenger 5.1 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! extras Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger with BT Communicator Yahoo! Toolbar Thanks. Posted by: Whisperer Hi Fly4High, I am pleased to say that you have a clean log, you do however have Real player still installed, recent changes have called its reputation into dispute. In view of this I would recommend its removal using [b]Add or Remove Programs. [/b] If you prefer to keep it then I suggest you navigate to [b]C:\Program Files\Common Files\Real\Update_OB\[/b] and rename the [b]Realsched.exe[/b] file to [b]Realsched.exe.old[/b] For further information [url=http://www.windowsstartup.com/wso/detail.php?id=3841] [color=red][b]click here. [/b][/color] [/url] If you decide to remove it then you can remove both of the following entries, if you have just gone for the rename then only remove the first, O4 entry. [color=red]With [b]all[/b] other windows closed[/color], start your [b]HijackThis[/b] and click on [color=blue][b]Scan[/b][/color] 1. Click in the check-box to the left of each of the following entries, [u]if found[/u] [list][b][*] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [*]O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll [/b] [/list] 2. Select [color=blue][b]Fix Checked[/b][/color] With that I can affirm that you have a [size=4] [color=red][b][i]Clean Log[/i] [/b][/color][/size] Just a tidy up required. 1. First we make sure that any files in a System Restore point can not reinfect your computer by removing all old system restore points.[list=a] [*]Select the [color=red][b]Start[/b][/color] button and from the available options [*]Right-click the [color=blue][b]My Computer [/b][/color] option and select [b]Properties[/b]. [*]Click on the [b]System Restore[/b] tab. [*]Check the box against [b][u]Turn off System Restore on all drives.[/u][/b] Click [color=blue][b]OK [/b][/color] [*]Click [color=blue][b]Yes [/b][/color]to confirm, then restart the computer [*]After the restart, re-enable System Restore by following steps a-c, but in step c, click to clear the [b][u]Turn off System Restore on all drives.[/u][/b] check box. [/list] 2. HijackThis makes backups of all corrections made in a sub-folder of your HJT folder called Backups. Please navigate to this Backups folder and delete the contents [size=4] [color=red][b][i]Preventative measures[/i] [/b][/color][/size] 1. Please download the following free complementary program and run both it and your Spybot S&D at regular intervals after updating each of them. [list] [*][url=http://www.lavasoftusa.com/support/download][b]AdAware[/b][/url][/list] 2. In addition I would suggest that you install the following 3 free programs, keep these updated as they are background tools [list=a][*][url=http://www.javacoolsoftware.com/sbdownload.html] [b]SpywareBlaster[/b] [/url] - Excellent prevention tool to keep Malware from installing on your system. [*][url=http://www.javacoolsoftware.com/sgdownload.html] [b]SpywareGuard[/b] [/url] provides a shield against infection [*][url=https://netfiles.uiuc.edu/ehowes/www/resource.htm] [b]IE-SpyAd[/b] [/url] puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available [url=http://www.bleepingcomputer.com/forums/index.php?showtutorial=53][u][b]here[/b][/u][/url][/list] 3. [b]Windows Updates[/b]...It is [b]very important[/b] to ensure that Internet Explorer and Windows are kept up to date with the latest [b]critical security patches [/b]from Microsoft. Click on the [color=red][b]Start [/b][/color]button and select [b]Windows Update[/b], follow the online instructions from there. 4. [b][color=red]On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date.[/color][/b] 5. To find out more information about how you could get infected and some excellent guide lines to follow to prevent future infections you can read [url=http://castlecops.com/postlite7736-.html][b][u]this[/u][/b][/url] article by Tony Klein Best wishes and safe surfing GT Posted by: Fly4High Hi Whisperer, U've suggested me very careful and I really appreciated your great helping! It's make me feel more secure about my system. Your hints, guidelines is really helpful! Many thanks again! Wish you good luck! vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |