 |  |  |  |  |  |  |  |
Woe is Me
 |
OK- keep us posted.
In terms of not being able to change the file association/extension, you do have to be logged in to an account with administrative rights to make such changes.
If the added entries you found in your hosts file refered to sites such as Panda's, Symantec/Norton, McAfee, etc., you should be able to reach those sites now that you've deleted their entries.
Just FYI:
The entries in the "hosts" file are mappings of host names/URLs to their respective IP addresses. This is essentially like having a small DNS server on your own computer, in that when you type a URL into your browser (or click on a link to a URL on a web page), Windows will look in the hosts file to see if the URL you typed/clicked has a matching IP address there. If so, Windows will direct your browser to that IP address; if not, Windows will then look to your DNS servers to match the URL with an actual IP address. (The use of hosts files was how hostname-to-IP address mapping/resolution was done before DNS was invented.)
The problem with this method is that:
A) By default, Windows will consult the local hosts file before consulting any DNS servers on your network or on the Internet.
B) There is no error checking at all concerning validity of the mappings in your hosts file. You (or someone else) can put any hostname-to-IP mapping entry you want into the hosts file; when your browser encounters that hostname, it will automatically ty to go to the associated IP address listed in hosts.
Just for grins, you can test this yourself.
1. Put the following entry at the end of your hosts file and save the file:
64.233.167.99 www.spooge.com
2. Open a web browser and type this in the location/address box:
www.spooge.com
If your browser took you to Google, congratulations- you've just demonstrated what a huge security hole the hosts file presents. :mrgreen:
*Setting the "read only" attribute on the hosts file can keep viruses, hijackers, etc. from making unwanted changes to the file.
In terms of not being able to change the file association/extension, you do have to be logged in to an account with administrative rights to make such changes.
If the added entries you found in your hosts file refered to sites such as Panda's, Symantec/Norton, McAfee, etc., you should be able to reach those sites now that you've deleted their entries.
Just FYI:
The entries in the "hosts" file are mappings of host names/URLs to their respective IP addresses. This is essentially like having a small DNS server on your own computer, in that when you type a URL into your browser (or click on a link to a URL on a web page), Windows will look in the hosts file to see if the URL you typed/clicked has a matching IP address there. If so, Windows will direct your browser to that IP address; if not, Windows will then look to your DNS servers to match the URL with an actual IP address. (The use of hosts files was how hostname-to-IP address mapping/resolution was done before DNS was invented.)
The problem with this method is that:
A) By default, Windows will consult the local hosts file before consulting any DNS servers on your network or on the Internet.
B) There is no error checking at all concerning validity of the mappings in your hosts file. You (or someone else) can put any hostname-to-IP mapping entry you want into the hosts file; when your browser encounters that hostname, it will automatically ty to go to the associated IP address listed in hosts.
Just for grins, you can test this yourself.
1. Put the following entry at the end of your hosts file and save the file:
64.233.167.99 www.spooge.com
2. Open a web browser and type this in the location/address box:
www.spooge.com
If your browser took you to Google, congratulations- you've just demonstrated what a huge security hole the hosts file presents. :mrgreen:
*Setting the "read only" attribute on the hosts file can keep viruses, hijackers, etc. from making unwanted changes to the file.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Good morning,
After a week's worth of birthday celebration, I've managed to do another HJT logfile. Here it is:
Logfile of HijackThis v1.98.2
Scan saved at 6:05:37 AM, on 11/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
F:\WINDOWS\System32\CTsvcCDA.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchosting.exe
F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\WINDOWS\surfmonkey\SMProxy.exe
F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
F:\WINDOWS\System32\scrgrd.exe
F:\WINDOWS\System32\wuapdate16.exe
F:\WINDOWS\System32\winsys.exe
F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\System32\ybeuq.exe
F:\Program Files\EarthLink TotalAccess\TaskPanl.exe
F:\Program Files\America Online 9.0\aoltray.exe
F:\WINDOWS\System32\wuauclt.exe
F:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = F:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Propel Accelerator] "F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] F:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TCP/IP PerfManager] ybeuq.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [TCP/IP PerfManager] ybeuq.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [SpySweeper] F:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe /0
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKCU\..\Run: [TCP/IP PerfManager] ybeuq.exe
O4 - HKCU\..\Run: [E6TaskPanel] "F:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Thanks,
After a week's worth of birthday celebration, I've managed to do another HJT logfile. Here it is:
Logfile of HijackThis v1.98.2
Scan saved at 6:05:37 AM, on 11/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
F:\WINDOWS\System32\CTsvcCDA.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchosting.exe
F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\WINDOWS\surfmonkey\SMProxy.exe
F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
F:\WINDOWS\System32\scrgrd.exe
F:\WINDOWS\System32\wuapdate16.exe
F:\WINDOWS\System32\winsys.exe
F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\System32\ybeuq.exe
F:\Program Files\EarthLink TotalAccess\TaskPanl.exe
F:\Program Files\America Online 9.0\aoltray.exe
F:\WINDOWS\System32\wuauclt.exe
F:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = F:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Propel Accelerator] "F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] F:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TCP/IP PerfManager] ybeuq.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [TCP/IP PerfManager] ybeuq.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [SpySweeper] F:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe /0
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft 16Bit Update] wuapdate16.exe
O4 - HKCU\..\Run: [TCP/IP PerfManager] ybeuq.exe
O4 - HKCU\..\Run: [E6TaskPanel] "F:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Thanks,
After rereading and applying the information, here is the latest HJT logfile:
Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
F:\WINDOWS\System32\CTsvcCDA.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
F:\WINDOWS\surfmonkey\smproxy.exe
F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\QuickTime\qttask.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\EarthLink TotalAccess\TaskPanl.exe
F:\Program Files\America Online 9.0\aoltray.exe
F:\WINDOWS\System32\wuauclt.exe
F:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = F:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Propel Accelerator] "F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] F:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpySweeper] F:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe /0
O4 - HKCU\..\Run: [E6TaskPanel] "F:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Thanks!
Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
F:\WINDOWS\System32\CTsvcCDA.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
F:\WINDOWS\surfmonkey\smproxy.exe
F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\WINDOWS\System32\rundll32.exe
F:\Program Files\QuickTime\qttask.exe
f:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\EarthLink TotalAccess\TaskPanl.exe
F:\Program Files\America Online 9.0\aoltray.exe
F:\WINDOWS\System32\wuauclt.exe
F:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = F:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Propel Accelerator] "F:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe"
O4 - HKLM\..\Run: [ELNKProxy] F:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [AOLDialer] F:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpySweeper] F:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe /0
O4 - HKCU\..\Run: [E6TaskPanel] "F:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - F:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - F:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Thanks!
1.Get rid of SurfMonkey. Why? Because it's a bogus program.
2. Can you tell us what exact problems you're still having (if any)? Aside from the SurfMonkey stuff, you're log looks clean.
2. Can you tell us what exact problems you're still having (if any)? Aside from the SurfMonkey stuff, you're log looks clean.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
DMR,
To the best of my knowledge, everything (aside from minor glitches such as the increased sizes of the desktop icons that can't be reduced) seems to be running smoothly. I was just posting the latest log to make sure that I had followed the instructions as given. When I get near my system again, I'll delete the 04 entry containing the surfmonkey smproxy.exe.
Thanks
To the best of my knowledge, everything (aside from minor glitches such as the increased sizes of the desktop icons that can't be reduced) seems to be running smoothly. I was just posting the latest log to make sure that I had followed the instructions as given. When I get near my system again, I'll delete the 04 entry containing the surfmonkey smproxy.exe.
Thanks
You're welcome 
The desktop icon sizing sounds like it could be a separate (non-spyware issue); is it the entire sceen resolution which has changed, or just the size of the icons themselves?
The desktop icon sizing sounds like it could be a separate (non-spyware issue); is it the entire sceen resolution which has changed, or just the size of the icons themselves?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- SP2 causes freeze at boot (Windows NT / 2000 / XP)
- help required for implementing project using JAVA & XML (Java)
- OK, I'm a little ticked ... XFX NF24-ALH mobo (Motherboards, CPUs and RAM)
- Webmaster Wanted for contract work (Web Development Job Offers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Viruses exploit Microsoft patch cycle
- Next Thread: Can't remove ColdFusion Trojan
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
