|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-31-2005, 02:03 PM
|
#1 (permalink) | |
|
Registered User
Join Date: Aug 2004
Posts: 58
OS: XP
|
HJT log + problem with limewire
Hi Guys
long time not active (or at least not posting), though I've used this board a lot for reference and 'think' that I got an alright sense of what is secure to clean out and what probably not. anyway... Since I'm back home again it was time for me to clean up my dad's computer again...  For starters I did everything you guys listed in the Please, Read This Before Posting A Hijackthis Log. thread Quote:
I ran Ad-aware built 1.06r1 +updates I ran trendmicro's online vius scanner it found a Joke Flipped virus which i deletedI then took HJT from that thread, scanned the system and created a log file. Then I got the Analyzer to do it's job... Here's the log, created by Hijack This Analyzer ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 21:28:52, on 31.05.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Winamp\winampa.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\Programme\Windows NT\Zubehör\wordpad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swissonline.ch/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.swissonline.ch/ O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe End of KRC HijackThis Analyzer Log. ==================================================================== furthermore... I run Limewire and since I have the newest version (4.8.1) on the computer the program doesn't respond anymore. I've tried deinstall/reinstall. Didn't work. What do I have to do??? Help is greatly appreciated. cheers Heinz |
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
05-31-2005, 08:49 PM
|
#2 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Sounds like a Limewire issue...but we don't offer support for P2P software programs. Your hijackthis log is clean though. If the problem is other then limewire please describe it..in detail.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
06-01-2005, 11:36 AM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2004
Posts: 58
OS: XP
|
Oh...yeah...
thanks for the analysis in general! completely forgott to mention that that was my primary intention... Erm... There is one issue though How do I get Web Savings from Ebates off my list of installed software? it won't let itself deinstall. cheers Heinz |
|
|
|
|
06-01-2005, 08:16 PM
|
#4 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
I didn't see if listed on your last log. Post another. See if there is an uninstaller in it's directory. (Should be like C:\Program Files\Web Rebates)
Run this tool also..and check for any other leftovers... Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Run a scan and let it clean the PC. Post a new hijackthis log when complete
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
06-03-2005, 02:51 AM
|
#5 (permalink) | |
|
Registered User
Join Date: Aug 2004
Posts: 58
OS: XP
|
Hi
ewido didn't find Ebates either. It only found a tracking cookie. Also, I must have chucked this folder C:\Program Files\Web Rebates some time ago because sometimes I just go through my program files folder and delete everything I don't recognise as something wanted. (usually after trying to uninstall it... Furthermore, another software entry that doesn't show up on the log is Java 2 Runtime Environment, SE v1.4.1_07 I possibly made the mistake of uninstalling the newer version before the older version (they were both in the software list) Now I've got J2SE Runtime Environment 5.0 Update 2 installed but as I say, the other entry won't go away. Help is much appreciated cheers Adrian PS: log attached PPS: tried to run analyzer on it but told me to get update, which I did. But then it still told me that the newly downloaded version is out of date. Quote:
|
|
|
|
|
|
06-03-2005, 04:08 PM
|
#6 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Ok. Make sure these programs in add/remove programs are removed. Run hijackthis..click config...misc tools and click Open uninstall manager. If your sure the programs are gone...highlight the entry for it..and click delete entry.
Then check again in add/remove and it should not be listed. If it is...you'll need to take it out manually by navigating to the following key in the registry.. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall Fine the folders listed with the name your after..and delete them.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
| Thread Tools | |
|
|
