- This topic has 10 replies, 8 voices, and was last updated 16 years, 1 month ago by
.
-
Posts
-
ok my gf’s dad is having probs with his pc, iv put it down to AOL and the fact he’s runnng mcshite antivirus but if sombody could have a look over the hijack this log it would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 11:32:23, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32svchost.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
c:program filesmcafee.comagentmcagent.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSsystem32VTtrayp.exe
C:Program FilesVIARAIDraid_tool.exe
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesVoyagerTestfts.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesCommon FilesAOL1147499009eeAOLSoftware.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesBT Voyager 105 ADSL Modemdslstat.exe
C:Program FilesBT Voyager 105 ADSL Modemdslagent.exe
C:Program FilesMuiltmedia keyboard Utility1.3KbdAp32A.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:Program FilesAOL 9.0baoltray.exe
C:Program FilesAOL Companioncompanion.exe
c:program filescommon filesaol1147499009eeservicesantiSpywareAppver2_0_12AOLSP Scheduler.exe
c:program filescommon filesaol1147499009eeaolsoftware.exe
C:Program FilesAOL 9.0bwaol.exe
C:Program FilesAOL 9.0bshellmon.exe
C:Program FilesCommon FilesAOLaoltpspd.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FilesHijackThisHijackThis.exeR1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR” onclick=”window.open(this.href);return false;
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR” onclick=”window.open(this.href);return false;
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR” onclick=”window.open(this.href);return false;
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 – URLSearchHook: AOLTBSearch Class – {EA756889-2338-43DB-8F07-D1CA6FB9C90D} – C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre1.6.0_03binssv.dll
O2 – BHO: AOL Toolbar Launcher – {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} – C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 – BHO: Windows Live Toolbar Helper – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:Program FilesWindows Live Toolbarmsntb.dll
O3 – Toolbar: AOL Toolbar – {DE9C389F-3316-41A7-809B-AA305ED9D922} – C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914-B692-46c4-B683-905236F6F655} – c:progra~1mcafee.comvsomcvsshl.dll
O3 – Toolbar: Windows Live Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:Program FilesWindows Live Toolbarmsntb.dll
O4 – HKLM..Run: [VTTimer] VTTimer.exe
O4 – HKLM..Run: [VTTrayp] VTtrayp.exe
O4 – HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 – HKLM..Run: [SoundMAX] “C:Program FilesAnalog DevicesSoundMAXSmax4.exe” /tray
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [%FP%Friendly fts.exe] “C:Program FilesVoyagerTestfts.exe”
O4 – HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe
O4 – HKLM..Run: [RemoteControl] “C:Program FilesCyberLinkPowerDVDPDVDServ.exe”
O4 – HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1147499009eeAOLSoftware.exe
O4 – HKLM..Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
O4 – HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesJavajre1.6.0_03binjusched.exe”
O4 – HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 – HKLM..Run: [VSOCheckTask] “c:PROGRA~1mcafee.comvsomcmnhdlr.exe” /checktask
O4 – HKLM..Run: [VirusScan Online] “c:PROGRA~1mcafee.comvsomcvsshld.exe”
O4 – HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 – HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 – HKLM..Run: [DSLSTATEXE] C:Program FilesBT Voyager 105 ADSL Modemdslstat.exe icon
O4 – HKLM..Run: [DSLAGENTEXE] C:Program FilesBT Voyager 105 ADSL Modemdslagent.exe
O4 – HKLM..Run: [FLMK08KB] C:Program FilesMuiltmedia keyboard Utility1.3KbdAp32A.exe
O4 – HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 – HKLM..Run: [RegDoctor] C:Program FilesRegDoctorRegDoctor.exe -Quick
O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 – Global Startup: AOL 9.0 Tray Icon.lnk = C:Program FilesAOL 9.0baoltray.exe
O4 – Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: &AOL Toolbar Search – c:program filesaolaol toolbar 2.0resourcesen-GBlocalsearch.html
O8 – Extra context menu item: &Windows Live Search – res://C” onclick=”window.open(this.href);return false;:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx” onclick=”window.open(this.href);return false;
O8 – Extra context menu item: Open in new background tab – res://C” onclick=”window.open(this.href);return false;:Program FilesWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/229?df40e8e75c3a41f5bc9683616230a342
O8 – Extra context menu item: Open in new foreground tab – res://C” onclick=”window.open(this.href);return false;:Program FilesWindows Live ToolbarComponentsen-gbmsntabres.dll.mui/230?df40e8e75c3a41f5bc9683616230a342
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_03binssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_03binssv.dll
O9 – Extra button: AOL Toolbar – {3369AF0D-62E9-4bda-8103-B4C75499B578} – C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:WINDOWSsystem32Shdocvw.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {00E1C63A-1060-4EED-928B-2EF2E265D352} (MJPEGRender Control) – http://olta.remotemanager.co.uk/common/activex/MJPEGRender.ocx” onclick=”window.open(this.href);return false;
O16 – DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=58813″ onclick=”window.open(this.href);return false;
O16 – DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) – http://support.asus.com/common/asusTek_sys_ctrl.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204″ onclick=”window.open(this.href);return false;
O16 – DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) – https://signup.msn.com/pages/MsnInstC.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} – http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) – http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) – http://upload.facebook.com/controls/FacebookPhotoUploader3.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147499659875″ onclick=”window.open(this.href);return false;
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://go.divx.com/plugin/DivXBrowserPlugin.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147529214890″ onclick=”window.open(this.href);return false;
O16 – DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) – http://webgames.d.tmsrv.com/c=55e71b2932376df1dd0db7ae7db8011b/aff=t_01ku_wg/p/release/mumbo/wg_luxor_ar/luxor_ar/mjolauncher.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) – http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) – http://webgames.d.tmsrv.com/c=97d5dca91e22e4d766cc34a44203f7b6/aff=t_01ku_wg/p/release/popcap/wg_zuma/popcaploader_v6.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab” onclick=”window.open(this.href);return false;
O17 – HKLMSystemCCSServicesTcpip..{C7F00A12-F365-4CB7-A8F3-1195B1EC8D97}: NameServer = 205.188.146.145
O18 – Protocol: livecall – {828030A1-22C1-4009-854F-8E305202313F} – C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 – Winlogon Notify: WgaLogon – C:WINDOWSSYSTEM32WgaLogon.dll
O21 – SSODL: WPDShServiceObj – {AAA288BA-9A4C-45B0-95D7-94D524869DB5} – C:WINDOWSsystem32WPDShServiceObj.dll
O23 – Service: AOL Connectivity Service (AOL ACS) – AOL LLC – C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 – Service: AOL Spyware Protection Service (AOLService) – Unknown owner – C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 – Service: McAfee.com McShield (McShield) – Unknown owner – c:PROGRA~1mcafee.comvsomcshield.exe
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – Networks Associates Technology, Inc – C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 – Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) – Networks Associates Technology, Inc – c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exeare forgot to add that, problems range from constant internet drop outs, crashes, BSOD, etc etc etc. Tried running a few fixes with no effect. Spy Bot S&D couldent delate any of the problems found and there were lots of them. strangly his AOL anti spyware and anti virus is showing the pc is cleane which is deffo not the case, same with mcafee.
This pc is full of alot of shit and in the past im finding evidence of lots of stuff that hasnt been properly removed, just trying to find out wether its a virus / spyware problem or just general lack of understanding and miss use that is causing the problems.
any help appreciated
You can try this for stuff that can’t be deleted:
http://www.softpedia.com/get/System/Boot-Manager-Disk/MoveOnBoot.shtml” onclick=”window.open(this.href);return false;
Used it a couple of years ago and it worked rather well, but can’t remember how easy it was to use!
Sounds like a reinstall is in need, too much shit happening etc etc
Save yourself some time, always a good way to fix sheet I say
Yup sounds like a re-install and re-education, i have a friend whom installs alot of crap and then deletes the folder when she’s sick of the program, Internet Explorer for example 😐
Infact she’s bringing the computer around tommorow because ‘the screen stays blank,’ it’s the forth time since xmas i’ve sorted it out. Argh gah pffft ect. Its a collection of my odds and sods and it ran perfectly well in various guises for 4+ years.
Anywhos, yeah i’d re-install and never tell another soul you know about PC’s
go into safe mode and run the scans again, if that fails download kaspersky internet security trial it should clean the shit out.
think im just gonna leave him to sort it out, watched him go through his program files folder deleting random stuff today after i told him that probably wasnt the best way to try and get rid of it 🙄
can you recmmend any decent anti spyware / anti virus and pc check up tools that might help him keep it in check once he refomats?
- You must be logged in to reply to this topic.