Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My STUPIDITY


  • Please log in to reply
19 replies to this topic

#1 phil7

phil7

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 17 January 2005 - 07:55 PM

Yeah, I was real STUPID! I forgot to re-able the System Restore after a successful cleaning. While I was deciding which Firewall to install, my daughters got this computer infected again!! Please help. I ran Adaware, Spybot, AVG 7, A2, and System Security Suite. They removed much spyware and other things which I don't know about. So here is my current HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 7:45:13 PM, on 1/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TWARNMSG.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/channel/START
F1 - win.ini: run=hpfsched
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TWarnMsg] TWarnMsg.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.176.20.26/islandcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 04:24 PM

Your log looks fine. Is there a specific problem that you are having that I just am not seeing?

#3 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 06:55 PM

Yes I have some issues. My computer won't shut off. It close out of Windows (ME) but won't shut off the power. I got some infection noices of a Trojan with MacAfee and AVG. Also with AdAware and Spybot. They couldn't remove it. But then no more messages about it. Soi I tried A-Squared and it removed some malware. I still have the shut-down problem. I also have the HJT log of my last clean scan and there is an extra entry. Could I remove it? I think it is WMIEXE.EXE. I hope this helps.
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 07:04 PM

WMIEXE.EXE is a valid system file.

And now that I am looking a little closer, are you running two anti-virus programs? That's a bad idea, because they will cause your system to mess up in any number of ways.

Other than that, when was the last time you defragged?

#5 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 07:41 PM

Yes, I am running MacAfee and AVG7. When I got the Trojan infection message I then installed A-Squared because I read it was recommended on BP to remove Trojans. Bad idea I guess. Also I can't remember if I just defragged this PC or my other. This one is for my girls. It's hard to keep up with it all. My MacAfee subscription just ran out. I was thinking of installing Norton System Security with the firewall and anti-virus. Is this a good idea or should I go for the freebies like Sygate and AVG? :thumbsup:
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 07:51 PM

lol..it is definately hard to keep up with it all...

Uninstall your MacAfee, and I would be willing to bet that alot of your problems will clear up.What happens is that your AV's get messed up if they happen to be grabbing for the same piece of real-estate (simple explanation). Then what happens is that neither one works properly, and you start having system errors.

A^2 is a wonderful application, and it isn't an AV, so you won't have conflict problems with it.

Sygate is a good free firewall, ZoneAlarm is another one. You may want to consider disabling notifications when you do. They are very good at letting you know that they are doing their job. The downside is that if you don't know better, you assume that you are constantly being attacked, when in reality all they are sensing is normal Internet traffic, of which about 99% is completely benign.

AVG is a good free AntiVirus, I use one called AntiVir which I find works well also.

The one problem I have with the combination packages is that they are an all or nothing, meaning if something happens to the application, then your system tends to be completely unprotected. It's like having a combination phone/fax/answering machine/dictaphone/copier/ back-scratcher... if one part goes down, your entire office goes with it.

The other problem that comes with the big name Anti-Virus vendors is that they sometimes are targeted by malware, and they are shut down, not unlike Microsoft being the target of multiple exploits.

This may be of some help:
http://www.security-forums.com/forum/viewtopic.php?t=14711

#7 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 08:04 PM

Thanks Groovicus. I understand exactly the rational of stand alone or all-in-one scenerios. I appreciate you waking me up on that! I got the Norton program through the endless rebate offers and ending getting it for free, so I took the bait, but haven't installed it yet. I do like AVG7. Tried Zone Alarm but wasn't comfortable with it and had an awful time removing it a few years ago. Sygate seems to be working fine on my other PC running XP. I'll try removing MacAfee (wish me luck) :thumbsup: and hope this solves the problem. FYI, in the AVG Vault there are Trojans listed. Maybe they were purged from my system. Also if this does work I would like to post anoither HJT log on this thread just as a precaution and peace of mind.
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 08:09 PM

AVG is telling you that they are in the vault, but they are quarantined, and not hurting anything. You should be able to go in and delete them.

Feel free to post a log when you are done, and I will take a look for you. :thumbsup:

#9 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 08:44 PM

OK Groovicus, here goes:
1-I removed MacAfee (hopefully all)
2-Restarted PC (did not power off so could not automatically reboot) existing
problem. I have to hold down the power button to override system the press it
again to start the PC
3-Updated and AdAware and SpyBot (AdAware found 5 dataminers in IE cache)
removed them. SpyBot came up clean.
4-Tried restarting again, same problem.
5-Ran HJT 1.99 (Log below)

Logfile of HijackThis v1.99.0
Scan saved at 8:34:18 PM, on 1/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TWARNMSG.EXE
C:\WINDOWS\SYSTEM\WLANSTA.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/channel/START
F1 - win.ini: run=hpfsched
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TWarnMsg] TWarnMsg.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.176.20.26/islandcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 08:51 PM

Your log looks Ok, but it appears that Norton System Works is still running. It's really not necessary, and takes more resources than it is worth (IMHO)

Everything else looks fine though. :thumbsup:

#11 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 09:00 PM

I here what you're saying. I had this problem right at Christmastime and Cryo at BP helped me through a HJT cleaning and the prob was resolved. What do I do now? Should I go back to my old thread with Cryo and follow his steps again to see if that cures it or should I use my last clean HJT log as a model and remove anything that has been added up to now? I can always reinstall A-Squared. MacAfee and AVG did detect a Trojan like a week later. Is this still lurking somewhere? I'll disable Norton System Works. Your ho is greatly appreciated!!
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#12 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 09:10 PM

You can if you want, but your system looks fine. Is something else happening that I am not seeing in there?

#13 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 09:14 PM

Yes, when I click to shut down the PC and walk away it does not power down. I have to manually hold the power button for 5 or so seconds to shut it off. All the software and Windows are closed and I get a dark screen, but the power stays on. :thumbsup:
Iíve learned two things in life: One, there is a God; Two, Iím not Him!

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:35 PM

Posted 18 January 2005 - 09:25 PM

Doh!! I remember that!!

Try defragging, and then cleaning all of your temp files. I'm not sure if this works on ME or not, but go to Start>Run> and type in cleanmgr..

if it works, it will bring up the cleanmanager, and allow you to clean up temp files. If not, then we can use a different application to clean your temp files.

Have you tried doing a shutdown, and then walking away for a couple of hours? I used to have a Win98 system that afer running for a few days would take forever to shut down, because the swap memory was so full, that it took forever to save the information that needed to be saved, to be saved.

Also, sometimes it is a good idea to run Defrag in safe mode. It will generally do a better job. :thumbsup:

#15 phil7

phil7
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 18 January 2005 - 09:30 PM

Hey, Groovicus, I hope I didn't offend you! I really do value all you at BP. You guys have helped many times. I don't know about a couple of hours but when my girls have shut down the PC, later as I would be closing house for the night it's been in that limbo state. I'll try the clean and defrag thing. Also I noticed that there are MacAfee items in the latest HJT log. Should I remove them? And I don't know what Island Cam is doing there too.
Iíve learned two things in life: One, there is a God; Two, Iím not Him!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users