|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Win 98 & ME Support Find support for Windows 98 / ME here |
 |
|
|
LinkBack | Thread Tools |
11-17-2003, 07:06 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: NJ
Posts: 5
OS: Win ME
|
Need to clean PC
Hello guys, my PC has been acting funky and I see you guys like to use HiJackThis, so here is my log, can you see anything weird that I should get rid of??
Thanks in advance: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB05.EXE C:\WINDOWS\SYSTEM\HPHMON04.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\MWSVM.EXE C:\WINDOWS\UPTODATE.EXE C:\PROGRAM FILES\STEAM\STEAM.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\WINDOWS\SYSTEM\HPHIPM11.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\STIMON.EXE D:\HIJACK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch....&version_id=18 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {F6EA9D77-09B8-4D6C-9CFC-133E76360424} - C:\WINDOWS\SYSTEM\SPOOXLSS.DLL O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing) O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Ebates (HKCU) O10 - Broken Internet access because of LSP provider 'lsp.dll' missing O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...883.5609606481 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...ed/install.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...wdir85r321.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.169/code/iPIX-ImageWell-ipix.cab O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CAB O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOf...1/Mx0n11n3.cab
__________________
Mephy |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-17-2003, 09:00 PM
|
#2 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
C:\WINDOWS\UPTODATE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch...p;version_id=18 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing) O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL (file missing) O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CAB O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalO...O1/Mx0n11n3.cab I should have stopped and had you run Spybot, but I was thinking "we're almost done...". Two browser hijackers and a whole bunch of crapware (excuse my language). Open a new HJT log and check all of the above to be fixed. Then, with all explorer and browser windows closed, tell HJT to fix them. Reboot. Find and delete: C:\WINDOWS\UPTODATE.EXE C:\WINDOWS\IEASST.DLL C:\WINDOWS\SYSTEM\STLBDIST.DLL C:\PROGRAM FILES\SUPERBAR \SUPERBAR.DLL (folder) C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL ] (folder) Please post a new HJT log here so that we can make sure that we got everything. Last edited by jgvernonco; 11-17-2003 at 09:01 PM. |
|
|
|
|
11-19-2003, 07:26 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: NJ
Posts: 5
OS: Win ME
|
PC
Great, I actually just ran Spybot last night!! Funny!! I did the few things you mentioned, and it got rid of the few things that I could not remove myself! Great! I will post HJT again to see if anything remains that you believe should be removed:
C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\HPZTSB05.EXE C:\WINDOWS\SYSTEM\HPHMON04.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\MWSVM.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\WINDOWS\SYSTEM\HPHIPM11.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE D:\HIJACK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {F6EA9D77-09B8-4D6C-9CFC-133E76360424} - C:\WINDOWS\SYSTEM\SPOOXLSS.DLL O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O10 - Broken Internet access because of LSP provider 'lsp.dll' missing O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...883.5609606481 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...ed/install.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...wdir85r321.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.169/code/iPIX-ImageWell-ipix.cab
__________________
Mephy |
|
|
|
|
11-19-2003, 08:47 PM
|
#5 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
MWSVM.EXE? Why, that's just a little old SeekSeek Hijacker that I missed on the first pass.
 C:\WINDOWS\MWSVM.EXE R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_7.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.169/code/iPIX-ImageWell-ipix.cab Open a new HJT log, check all of the above items to be fixed, Then, with all explorer and browser windows closed, tell HJT to fix them. Reboot. Find and delete: C:\WINDOWS\MWSVM.EXE C:\WINDOWS\NEM214 .DLL (may be a folder) Please bear with me and post one more log so I can make sure all is well. Consider the programs below to help keep your system "sparkling fresh). :brush: jgvernonco’s recommended security software Zonealarm Firewall (free edition) Zone Labs: http://www.zonelabs.com/store/conte...reeDownload.jsp Free antivirus software http://www.avast.com/i_idt_153.html Spyware blocking programs (free): Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions). http://www.javacoolsoftware.com/spywareblaster.html Spyware Killers (free)! Spybot Search & Destroy http://download.com.com/3000-2144-1...&tag=button Adaware Ad-aware - Software - Lavasoft http://www.lavasoftusa.com/software/adaware/ I run both of these, as they occasionally find something that the other did not. Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource. Gibson Research Corporation Home Page http://grc.com/default.htm The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it! Stay safe! Enjoy the WWW! |
|
|
|
|
11-20-2003, 06:27 PM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: NJ
Posts: 5
OS: Win ME
|
PC
Great, I did all that, as for the MWSVM, is it safe to delete MWSVM.OSX, MWSVM.DAT, & MWSVM.BIN, I know what these kind of files are, but I want to make sure they are OK to delete. Thanks for the recommendations, but I HAD a router with a built in firewall that was really great, but it just fried last week that's why this happened, I will be getting another one soon, here is another HJT log:
C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB05.EXE C:\WINDOWS\SYSTEM\HPHMON04.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\WINDOWS\SYSTEM\HPHIPM11.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE D:\HIJACK\HIJACKTHIS.EXE
__________________
Mephy |
|
|
|
|
11-23-2003, 07:12 PM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: NJ
Posts: 5
OS: Win ME
|
PC
Great, here is the new log:
C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE C:\WINDOWS\SYSTEM\HPZTSB05.EXE C:\WINDOWS\SYSTEM\HPHMON04.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\WINDOWS\SYSTEM\HPHIPM11.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINAMP3\WINAMP3.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\HIJACK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {F6EA9D77-09B8-4D6C-9CFC-133E76360424} - C:\WINDOWS\SYSTEM\SPOOXLSS.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O10 - Broken Internet access because of LSP provider 'lsp.dll' missing O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...883.5609606481 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...ed/install.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...wdir85r321.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
__________________
Mephy |
|
|
|
|
11-24-2003, 05:17 AM
|
#9 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
One last little thing that needs to be done.
Download LSP Fix from the link below and run it. Then you should be good to go! http://www.cexx.org/lspfix.htm You might want to review some of the programs below. Multiple lines of defense are a good thing. jgvernonco’s recommended security software Zonealarm Firewall (free edition) Zone Labs: http://www.zonelabs.com/store/conte...reeDownload.jsp Free antivirus software http://www.avast.com/i_idt_153.html Spyware blocking programs (free): Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions). http://www.javacoolsoftware.com/spywareblaster.html Spyware Killers (free)! Spybot Search & Destroy http://download.com.com/3000-2144-1...&tag=button Adaware Ad-aware - Software - Lavasoft http://www.lavasoftusa.com/software/adaware/ I run both of these, as they occasionally find something that the other did not. Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource. Gibson Research Corporation Home Page http://grc.com/default.htm The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it! Stay safe! Enjoy the WWW! |
|
|
|
|
11-26-2003, 09:29 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: usa
Posts: 5
OS: XP home edition
|
IE_ClrSch.DLL
hello. I am brand new to this forum. I suddenly began having problems with my computer 2 weeks ago, when my neice was visiting, and she downloaded lots of crap.(excuse my language) Anyways, I have been working and working for days on my computer, and now have adware, spybot search and destroy, have my computer set on high security etc. I have not been able to delete the IE_ClrSch.DLL, however. I went to microtrend, and followed all of the steps.....(going through the registry key, etc) but everytime I open the registry key after deleting CLRSCH....,, it is right back there. I located it in a file, but could not delete it.) I also found 2nd thought, and lycos sidesearch, but I believe that I have finally eliminated those. I downloaded Hijack this, tonight, and here is the info.....(I also tried to delete a few suspicious processes last night, but they kept returning under different "names" ARGH! Spybot DID find alot of things that adaware did not, so I will probably keep both......any help would be appreciated. (computer is running MUCH better since using spybot. (heck! I couldnt even type without problems the last few days)
Thank you in advance.... Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Norton Internet Security\IAMAPP.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\CallWave\IAM.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\Bqx21Xm1.exe C:\WINDOWS\System32\Bqx21Xm1.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sally\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe C:\Program Files\Outlook Express\msimn.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlueFrog.com - The Best Internet! R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [4S2NSLA3QS#366] C:\WINDOWS\System32\MkqkPr5.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Support (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409 O16 - DPF: symsupportutil - https://www-secure.symantec.com/tech...upportutil.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {35B1769E-299A-4E17-B9D0-E669A02C0F18} (QCDownload2 Class) - http://www.redsquik.net/download/QCDownload.cab O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0...ll/xscan53.cab O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...379.2349884259 O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/SysQuery.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9A3E3570-7B16-4501-95CC-D700F6DA87B9}: NameServer = 205.232.82.10 205.232.82.16 |
|
|
|
|
11-27-2003, 10:37 AM
|
#11 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
Pokey,
Would you please post your problem and your log in your own, new thread. You are likely to get ignored here, as this problem will look resolved when people scan it. Thanks |
|
|
|
|
| Thread Tools | |
|
|
