We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Any advice please
Comments
-
Hi, sorry i know some people said to not post the hijack this log but someone said to do it. Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 09:33:16, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NoAdware4\NoAdware4.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents And Settings\Dave\My Documents\Unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - !!5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O3 - Toolbar: (no name) - !!72FC055B-1AE7-493D-8AA4-C9F8C7D1C115} - (no file)
O3 - Toolbar: link list multi - {EDF8DDB7-396F-219C-BAE5-33C9B655F19E} - blank (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: !!26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: !!4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeAccept that some days you're the pigeon and some days you're the statue.0 -
Hi carrie .... it was me who suggested it.
I suggest you print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.
Download CleanUp! here….. http://www.cleanup.stevengould.org/ .......
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System [highly unlikely] do NOT run Cleanup and let me know as we will use another utility
Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.
Reboot your system in Safe Mode (by repeatedly tapping the F8 key until the menu appears).
I'm not convinced about the NoAdware program so, for the time being, I'm going to recommend its removal.
Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for this one ...
C:\Program Files\NoAdware4\NoAdware4.exe
Click > Start > Control Panel > Add / Remove Programs and uninstall the program IF FOUND:
NoAdware4
Next open HijackThis and click on Scan. Check the following entries (make sure you do not miss any):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - !!72FC055B-1AE7-493D-8AA4-C9F8C7D1C115} - (no file)
O3 - Toolbar: link list multi - {EDF8DDB7-396F-219C-BAE5-33C9B655F19E} - blank (file missing)
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...can8/oscan8.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab
Please remember to close all other windows, including browsers, before clicking “Fix checked”.
Delete the following Files and Folders indicated in bold IF they still exist:
C:\Program Files\NoAdware4
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
If you get an error when deleting a file right click on the file and click once on properties.
Then check to see if the Read Only attribute is checked/ticked. If it is uncheck/untick it and try deleting the file again.
Reboot your System in normal mode.
If you have a fast internet connection (Broadband) run online scans here….
http://www.pandasoftware.com/activescan/
…and here…..
http://housecall.trendmicro.com.
When running the Panda Activescan make sure you click the Free Online Virus Scan in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.
Once it has finished save the Activescan log. Then post that log in your next post.
Please run ALL the free scans offered by Housecall.
Make sure they both perform full system scans.
If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details back to this thread.
Please post a fresh HijackThis log so that we can check if your system is clean.
MOST IMPORTANTLY…..
Please also give us an update on how your system is operating now.0 -
you have too many programs runnign that is just bringign fdown your memory
also some file extensiosn which dont ring a bell
be careful.0 -
skimmed though the wole post so apologies if any of my answers dotn appear to be linked
also dont forget to do msconfig
this will stop porgrams running when you next next reboot the system..0 -
New Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 20:36:27, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents And Settings\Dave\My Documents\Unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - !!5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: !!1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: !!26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: !!4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Some of the things you said to check after the hijack this log (016 - DPF files) weren't there. But i checked the ones that were.
Thank you for all this. Carrie.Accept that some days you're the pigeon and some days you're the statue.0 -
O16 - DPF: !!04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: !!17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: !!1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab
O16 - DPF: !!26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
(I uninstalled this??!!)
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-30.cab
O16 - DPF: !!4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/C...2/OCI/setup.exe
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab
I don't know what any of these are?
Also the comp seems a bit better. Quick quicker and my outlook express isn't going weird (and by that i mean it kept saying folder not found and i'd have to restart the computer to be able to access emails)Accept that some days you're the pigeon and some days you're the statue.0 -
Hi carrie
A few things before I look more at the log.
> From the looks of things you didn't run the Panda Activescan online check. I asked for the Activescan log to help me investigate what might be hiding deeper in your computer. Please run that scan now and post the log to this thread.
> I'll explain more about those 016 entries.
When you visit a site and interact with it (e.g. download things or use it to scan your machine) it loads up ActiveX controls. Those 016 entries indicate which sites have been visited and what may have been downloaded.
You can scan with HJT and put tick marks next to all those ones you listed if you like. They will be reinstalled if you go to the sites again. Those particular ones won't cause any harm if removed.
One thing .... Incredimail. I don't advise it. It's a resource hog and the program can be dreadfully hard to remove. I think it's junk but that's just my opinion. Check on the web to see what others think of it and you'll find much the same opinion.
Please let me have your comments on these points and post a new HJT log if you decide to remove those 016 entries or make any other changes.
Remember - a HJT log is useless if you make changes to it. A new log is necessary after any changes.0 -
pchelpman wrote:Albert - if you, carrie or anyone else would like me to look at your HJT logs I'd be happy to do it. It would at least give me some peace of mind that your PCs are OK.
Over to you!
PChelpman, thanks for the offer .. it isn't that I don't understand them, just that the net is being taken over by hijack this logs.. put any dll or exe name in google, and you have to trawl through millions of peoples hijackthis logs to find out any information about it. They clutter up the internet, and make information harder to find. The problem will only get worse..
I'd prefer the OP's to post them here, and come back with specific queries..
http://www.hijackthis.de/Ever get the feeling you are wasting your time? :rolleyes:0 -
Hi albertross
Actually, there are many help sites who are reporting a drop in the number of logs to fix. The main thing is that Google/Yahoo search bots aren't crawling all the main help sites as much at the moment. Google is implementing a new algorithm (they do this every few months) - this one's called Big Daddy and it is completely reindexing the web.
So, since these HJT help sites so highly indexed before, they came up when you search for all kinds of PC problems. With the new update a lot of forum posts have not been indexed yet which means lower trafficfor many whilst others are so busy they can't answer all the questions. Some HJT log-related queries go unanswered for weeks and end up being abondoned.
This is affecting all big sites on the net, at least since the beginning of March, and especially hurts forum-based sites. Actually ... writing this I've just thought ... it could even affect MSE as well.
Carrie ... how's it going?0 -
Sorry i didn't do this earlier. Here is my panda scan log.
Incident Status Location
Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\msbb321.dll
Adware:adware/comet Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Spyware:spyware/betterinet Not disinfected :\WINDOWS\INF\biini.inf
Adware:adware program Not disinfected C:\WINDOWS\ss3unstl.exe
Adware:adware/savenow Not disinfected C:\PROGRAM FILES\VVSN
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet2
Adware:adware/shorty Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\!!147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/virtualbouncer Not disinfected Windows Registry
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@247realmedia[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Dave\Cookies\dave@xmts[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adviva[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dave\Cookies\dave@hitbox[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statse.webtrendslive[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statcounter[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Dave\Cookies\dave@adopt.hbmediapro[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Cookies\dave@as1.falkag[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F2275C83-1FB9-4436-8E33-95E3A1A31BDD}\{DF3B883F-9070-45F8-8271-DB86A75C6B5D}.txt[{DF3B883F-9070-45F8-8271-DB86A75C6B5D}.txt]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F2275C83-1FB9-4436-8E33-95E3A1A31BDD}\!!5F6A8871-FC3A-4FA5-8D6E-3816A55BDFD0}.txt[!!5F6A8871-FC3A-4FA5-8D6E-3816A55BDFD0}.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F2275C83-1FB9-4436-8E33-95E3A1A31BDD}\{B2BD91DC-C4CC-4404-A4E4-8C6E69509190}.txt[{B2BD91DC-C4CC-4404-A4E4-8C6E69509190}.txt]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F2275C83-1FB9-4436-8E33-95E3A1A31BDD}\{BC7A7FE4-AEE3-480C-8665-D05EAC7E8AFB}.txt[{BC7A7FE4-AEE3-480C-8665-D05EAC7E8AFB}.txt]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{F2275C83-1FB9-4436-8E33-95E3A1A31BDD}\{F30BDE4D-567E-4190-9EDF-108A4F666EA0}.txt[{F30BDE4D-567E-4190-9EDF-108A4F666EA0}.txt]
And....Accept that some days you're the pigeon and some days you're the statue.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards