 |  |  |  |  |  |  |  |
Help! HJT log can't access internet anymore
 |
•
•
•
•
Originally Posted by gerbil 
nemesis, that regkey...
[Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch] you checked and posted is okay [scan picked up a false positive, is all], so just delete your copy of the text file from your sys if you kept one.
These 3 files....
C:\WINDOWS\TEMP\1E2D5597.exe
C:\WINDOWS\system32\nweipeg.dll
C:\Documents and Settings\Shaun Thomas\Local Settings\Application Data\hrcopul.dll,vuljcec
-Avenger got one, HT got another and AVG cleaned the last - i don't think i was being too zealous in getting you to do a final check for them... they are gone.
If there is no Need2find program files folder then it is gone. Ignore the key.
No Altnet or Myway folders in program files?
No trace of these in program files
Then good, you are looking pretty clean.
CCleaner has a reg cleaner function - start it, select issues, check the 2 lefthand boxes [that automatically fills all the boxes] , Scan for Issues and then fix them. [which should, but may not, take care of any need2find reg entries]
Update and run Adaware - if it reports anything other than cookies or your MRU list items post the log.
Adaware was clear
Do another Panda scan, post the log if it finds anything other than cookies.
Incident Status Location
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/baidubar Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Shaun Thomas\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
And just in case, this one: go to http://www.f-secure.com/blacklight/ and click the link at foot of page to download the latest version. Start it, agree, scan. If it finds anything, post it. [leave pc alone while it runs]
This is clear.
It's late now, so I'll get back to you soon on the O4s.
Cheers.
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Panda is picking up traces of need2find, wupd and baidubar adware pests. If you are not getting any ads or popups now then i would ignore their existence. To remove all the keys or files would take an inordinate effort.
Now that you appear clean, change your banking, email passwords if you have not already.
"It's late now, so I'll get back to you soon on the O4s."... still applies..
Now that you appear clean, change your banking, email passwords if you have not already.
"It's late now, so I'll get back to you soon on the O4s."... still applies..
Last edited by gerbil; Jan 28th, 2007 at 9:29 am.
•
•
•
•
Originally Posted by gerbil
Panda is picking up traces of need2find, wupd and baidubar adware pests. If you are not getting any ads or popups now then i would ignore their existence. To remove all the keys or files would take an inordinate effort.
Now that you appear clean, change your banking, email passwords if you have not already.
"It's late now, so I'll get back to you soon on the O4s."... still applies..
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
=SOUNDMAN.EXE places an icon in your system tray for diagnostic services on your Realtek sound sys. If you don't want it use its option list to kill it.
=RealPlay.exe puts a quick launch icon in your system tray - if you don't use it, remove it. If i did use a quick launch icon for it, it would be in the quick launch tray anyway, not the sys tray!
=igfxtray.exe is another system tray icon. Remove it; u can start its functions via the pgm anyway.
=hpcmpmgr.exe checks for HP driver updates. REmove it and do it manually every few months.
= HDAudPropShortcut.exe - if you don't use it, remove it. If its removal cuts features that you find that you like to have, then put it back.
=PRONoMgr.exe - gives access to diagnostic features of your ethernet card. How often do you need those? Remove it.
=hkcmd.exe puts up a system tray icon, and also gives you access so that you can use hotkeys to change video card settings. Do you do that? Remove it.
=jusched.exe tries, but it never did work for me, or many others I see. Disallow it via control panel > java, and check for updates manually, monthly.
=aoltray.exe -stuff in your sys tray uses resources... you can remove this and connect via a desktop icon which does not sit in memory.
=companion.exe - sys tray access to rarely? used AOL functions n utilities. You can access them other ways. Remove it.
=hpqtra08.exe -diagnostics access tht you ca get other ways whne needed. Remove it.
=hpqthb08.exe speeds up the first start of Image Zone in a session. Subsequent starts are faster anyway. So if you can bear the longer first start time, remove it.
That's about it. Stop these wherever possible from the application checkboxes, otherwise untick them in msconfig [Start > run, type msconfig, startup tab, and answer Yes at next boot], or failing that use hijackthis to fix them.
The O9s are extra buttons in your explorer windows. You decide, you can control them from the bar options.
There. Done. The O4's i do not mention specifically should not be touched.
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
=SOUNDMAN.EXE places an icon in your system tray for diagnostic services on your Realtek sound sys. If you don't want it use its option list to kill it.
=RealPlay.exe puts a quick launch icon in your system tray - if you don't use it, remove it. If i did use a quick launch icon for it, it would be in the quick launch tray anyway, not the sys tray!
=igfxtray.exe is another system tray icon. Remove it; u can start its functions via the pgm anyway.
=hpcmpmgr.exe checks for HP driver updates. REmove it and do it manually every few months.
= HDAudPropShortcut.exe - if you don't use it, remove it. If its removal cuts features that you find that you like to have, then put it back.
=PRONoMgr.exe - gives access to diagnostic features of your ethernet card. How often do you need those? Remove it.
=hkcmd.exe puts up a system tray icon, and also gives you access so that you can use hotkeys to change video card settings. Do you do that? Remove it.
=jusched.exe tries, but it never did work for me, or many others I see. Disallow it via control panel > java, and check for updates manually, monthly.
=aoltray.exe -stuff in your sys tray uses resources... you can remove this and connect via a desktop icon which does not sit in memory.
=companion.exe - sys tray access to rarely? used AOL functions n utilities. You can access them other ways. Remove it.
=hpqtra08.exe -diagnostics access tht you ca get other ways whne needed. Remove it.
=hpqthb08.exe speeds up the first start of Image Zone in a session. Subsequent starts are faster anyway. So if you can bear the longer first start time, remove it.
That's about it. Stop these wherever possible from the application checkboxes, otherwise untick them in msconfig [Start > run, type msconfig, startup tab, and answer Yes at next boot], or failing that use hijackthis to fix them.
The O9s are extra buttons in your explorer windows. You decide, you can control them from the bar options.
There. Done. The O4's i do not mention specifically should not be touched.
Last edited by gerbil; Feb 1st, 2007 at 10:15 am.
Okay thanks for all the help up to now all implemented have a final look at the hijack logfile and advise whenever you have 2 minutes as I appreciate you are probably busy with other things. But things are working much faster here and I am really thankful you have spared this untechy person with your time and knowledge.
Cheers again
Nem
Logfile of HijackThis v1.99.1
Scan saved at 18:17:31, on 01/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLServiceHost.exe
c:\program files\common files\aol\1167336364\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\imabunny.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/?redirect
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167336364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B57F951-2E37-448B-A41D-EEB095D9108B}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Cheers again
Nem
Logfile of HijackThis v1.99.1
Scan saved at 18:17:31, on 01/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLServiceHost.exe
c:\program files\common files\aol\1167336364\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1167336364\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\imabunny.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/?redirect
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167336364\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B57F951-2E37-448B-A41D-EEB095D9108B}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Nothing more to do, log is clean and as straightfwd as can be. I do not have access to AOL so i cannot advise you on any aspects of it, except to say that you can use it as an ISP without needing to take the utilities and auxiliary services. These are probably loaded depending upon settings you choose when you install the software. Try a custom install if it exists as an option and see what choices are provided.
Cheers, g.
Cheers, g.
|
Similar Threads
- Explorer.exe Shell Hijack (HJT Log) (Viruses, Spyware and other Nasties)
- Browser cannot access internet, but other programs can (Web Browsers)
- Removing MSHP.DLL problem - HJT log (Viruses, Spyware and other Nasties)
- my HJT log, 2 of them for 2 comp (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: My Windows keeps restarting, what's going on ?
- Next Thread: downloader-AFH
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware antivirus apple attack audio avg backtoschoolspeech bar botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista war warning windows worm yahoo zeroday
