Unable to run Ad-Aware or SpyBot

larsonjean · 2006/04/04

A friend of mine was having problems with her computer and didn't know what to do so I brought it over to my house thinking it just needed updating Windows, etc. Boy, was I wrong.

I'm sure it has a trojan or virus on it but I can't seem to get anywhere with the removal of whatever it is.

I have run Ad-Aware and Spybot and it picks up many problems but when I try to either Quarantine or "Fix Problems ", it starts to do so but then hangs up and never completes the program.

She has AOL 9.0 security center with McAfee running from AOL. Obviously it is not doing a good job.

She said a friend of her husband and he did get on some "girlie" site and once in awhile they would get porno pictures popping up on the screen.

Where do I start? I just seem to try getting a handle on this situation but end up never getting anything cleaned up.

Following is some information that I received from Spy-Bot that may be helpful. Of course I never removed anything because the program hung up.

"Error during check!
Mailbot (Datei C:\Windows\win.ini kann nicht geoffnet werden. The process cannot access the file because it is being.......
Connect MFC Application (13 entries)
Cool WWWSearch.Feat2Installer (2 entries)
Daily Toolbar (2 entries)
EDGACCESS (1 entry)
eGroup.Instant Access (1 entrie)
FunWebProducts (3 entrie)(
MagicControl.Agent (22 entires)

Please help me get started on what I should try first. NOthing is working.

Thank you for any help you can offer.

Jean

PeteC · 2006/04/05

Jean

Download and run the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ". Run Ewido and post the log here.

Download and run CoolwebShredder

Then download HijackThis through Quicklinks in my signature, save it to a folder on the hard drive, not to the desktop or a temporary location, run it and post the log here. If you can't download it to the infected computer it will fit on a floppy.

larsonjean · 2006/04/05

Hi, for now I have just run the Ewido program and will post the log here. I will do the CoolWeb Shredder next and report the outcome then. Thanks.
Jean

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:05:46 AM, 4/5/2006
+ Report-Checksum: FD60D379

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} -> Adware.SpyBlocs : Cleaned with backup
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH\CurVer -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGAUTH.EGEGAUTH.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE.EGComSvc -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE.EGComSvc\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE.EGComSvc.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2946440387-3453929556-1259280750-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup
HKU\S-1-5-21-2946440387-3453929556-1259280750-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} -> Adware.SpyBlocs : Cleaned with backup
HKU\S-1-5-21-2946440387-3453929556-1259280750-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup
[632] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[656] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[700] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[712] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[864] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[928] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
[1020] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[1072] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[1264] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[1376] VM_01401000 -> Adware.NaviPromo : Error during cleaning
[1520] VM_00EB1000 -> Adware.NaviPromo : Error during cleaning
[1656] VM_00CD1000 -> Adware.NaviPromo : Error during cleaning
[1672] VM_00CA1000 -> Adware.NaviPromo : Error during cleaning
[1680] VM_00B91000 -> Adware.NaviPromo : Error during cleaning
[1716] VM_009B1000 -> Adware.NaviPromo : Error during cleaning
[1732] VM_00C51000 -> Adware.NaviPromo : Error during cleaning
[1740] VM_00C11000 -> Adware.NaviPromo : Error during cleaning
[1752] VM_00CD1000 -> Adware.NaviPromo : Error during cleaning
[1788] VM_01011000 -> Adware.NaviPromo : Error during cleaning
[1868] VM_008C1000 -> Adware.NaviPromo : Error during cleaning
[1884] VM_00AA1000 -> Adware.NaviPromo : Error during cleaning
[1948] VM_01091000 -> Adware.NaviPromo : Error during cleaning
[1988] VM_02191000 -> Adware.NaviPromo : Error during cleaning
[164] VM_01921000 -> Adware.NaviPromo : Error during cleaning
[264] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[412] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[480] VM_01481000 -> Adware.NaviPromo : Error during cleaning
[908] VM_01CA1000 -> Adware.NaviPromo : Error during cleaning
[3140] VM_01141000 -> Adware.NaviPromo : Error during cleaning
[3240] VM_00881000 -> Adware.NaviPromo : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.casinodelrio[2].txt -> TrackingCookie.Casinodelrio : Cleaned with backup
C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.m : Cleaned with backup

::Report End

larsonjean · 2006/04/05

Hi, I just ran HiJackThis and here is the report:

Logfile of HijackThis v1.99.1
Scan saved at 11:23:14 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\windows\system32\xpatkh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142276626\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\common files\aol\1142276626\ee\aolssc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Owner\Desktop\downloads\Windows Help Downloads\HiJackThis Reports\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [xpatkh] c:\windows\system32\xpatkh.exe xpatkh
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142276626\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe "
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://c:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopSwatterFWBInitialSetup1.0.0.15.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060_XP.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

_________________________
Thanks for any help you can give me.

Jean

PeteC · 2006/04/05

Jean

Mu opinion of all things AOL has not improved any by seeing those logs - it's a bit of a mess.

I guess you ran CoolwebShredder?

Download Killbox and unzip it.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy C:\WINDOWS\system32\msplock32.dll and paste it into Killbox and then hit the Delete File button (with a red circle and white X). Confirm to delete and when asked if you want to reboot, say Yes:

If you get a Pending Operations message, just close it and restart your computer manually.

Repeat for this file ....

C:\windows\system32\xpatkh.exe - no hits on Google so very suspicious.

Restart in Safe Mode and scan with Spybot.

Then scan again with HJT and fix these entries - if they remain, most will ....

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [xpatkh] c:\windows\system32\xpatkh.exe xpatkh
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060_XP.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee Inc. - (no file)

Scan again with HJT and post a new log - do the same with Ewido.

larsonjean · 2006/04/05

Pete, I am running SpyBot on my friend's machine right now but I'll try to answer a few questions you had before.

Yes, I did run CoolwebShredder. It said No Cool Web was found on the system.

I did download and ran Killbox and checked the boxes you told me too. I tried to copy msplock32.dll and xpathk.exe but neither of them were in the system 32 folder.

Right now I looked at the other computer and noticed that spybot has stopped running after I told it to fix problems. It is still running though and has an hour glass. The new problems are:
"Error during check!
Mailbot (Datei C:\Windows\win.ini kann nicht geoffnet werden. The process cannot access the file because it is being.......
Connect MFC Application (3 entries)
EDGACCESS (1 entry)
eGroup.Instant Access (1 entrie)
MagicControl.Agent (10 entires)

At least a few of the problems are gone compared to what SpyBot reported earlier in my posting.

I'll let spybot run for awhile to see if it finally finishes. If not, I'll exit it and try to run HJT and fix the entries you told me to.

I'll post again soon.

Thank you. Maybe I should really give her computer back and tell her it needs professional help with a complete reformat. What do you think?

Jean

PeteC · 2006/04/05

Maybe I should really give her computer back and tell her it needs professional help with a complete reformat. What do you think?
Click to expand...

We don't give up that easily Keep at it and keep on posting back.

larsonjean · 2006/04/05

OK, I'll keep working at it.

One Question: Should I turn off System Restore or does it matter.?

PeteC · 2006/04/05

Should I turn off System Restore
Click to expand...

Yes

I'm researching the various problems right now so bear with me

PeteC · 2006/04/05

I tried to copy msplock32.dll and xpathk.exe but neither of them were in the system 32 folder.
Click to expand...

Copy and paste the paths I posted not the files. If, as I believe, there is a form of rootkit on the computer you will not see those files.

PeteC · 2006/04/05

After you've run killbox and HJT again I would like you to do an online virus scan at Housecall and post what is found. I am hoping that this will get rid of MagicControl.Agent.

larsonjean · 2006/04/05

Pete, I'm afraid I am very confused by all these programs. First of all I will post the HiJack This Report here:
Logfile of HijackThis v1.99.1
Scan saved at 10:13:12 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142276626\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Owner\Desktop\downloads\Windows Help Downloads\HiJackThis Reports\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142276626\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe "
O8 - Extra context menu item: &AOL Toolbar search - res://c:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll/SEARCH.HTML
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopSwatterFWBInitialSetup1.0.0.15.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

The programs are just not working as I would expect them to. I'm in the middle of running the Ewido and right now it says it has 3 infected items. I will report more on this tomorrow.

The KillBox is just not user friendly. I can't put in the folder name and try to delete it as it will not allow a folder to be deleted, just a file and those files mentioned earlier cannot be found.

I did run House Call several times and I just don't think it cleaned anything.

What I plan to do is go to bed tonight and try to start fresh in the morning. I'm sure I have gotten rid of some of the problem but there still is a way to go.

I will go over your notes in the morning and try to work the programs again.

By the way I did turn off system restore. I hope this is OK.

More later and thank you for trying to help me get this computer fixed. I'm ready to throw it out the window.

Jean

larsonjean · 2006/04/05

One more report before I go to bed. I just finished runniing Ewido anti-malware and it said 9 infected object found. I found them in the Quarantine folder and deleted them.

Here is the report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:36:32 PM, 4/5/2006
+ Report-Checksum: 267A3D79

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Program Files\Dxyvaob\Cmhnue.ex$ -> Trojan.Small.cy : Cleaned with backup
C:\WINDOWS\system32\EGDACCESS_1070.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\WINDOWS\system32\EGDACCESS_ASPIV4_1067.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\WINDOWS\system32\EGDACCESS_ASPIV4_1068.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\WINDOWS\system32\EGDACCESS_ASPIV4_1070.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\WINDOWS\system32\sysinetsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup

::Report End

GoodNight for now.

Jean

PeteC · 2006/04/06

Jean

Trust you had a good night I am sorry if I have confused you - unfortunately my efforts in this are are not as polished as those with more experience in dealing with these matters. At present there is a lack of expertise on the BBS for dealing with Spyware & Viruses and I am trying to step into the gap

Anyway progress is being made - the HJT log looks clean to me although it must be said that HJT does not/cannot find everything.

I would like you to look in Add/Remove programs and uninstall Mysearch if present and also PopSwatter (use the popup blocker in IE 6 or the Google toolbar which has an excellent popup blocker). Then scan with HJT again and fix these two entries if still present.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopSwatterFWBInitialSetup1.0.0.15.cab

As Killbox fails to delete the files mentioned they are probably not there.

If Housecall found nothing that is good and Ewido has cleaned up EGDACCESS along with a couple of other things.

I suggest you download Windows Defender which gives real time protection against spyware, autoscans and auto updates - it seems to work well.

Post another HJT log if you like, but I think this is a far as I can go with this - unless there are still some unresolved problems

larsonjean · 2006/04/06

Hi Pete,

Here is the HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:41 PM, on 4/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\AOL\1142276626\ee\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\common files\aol\1142276626\ee\aolssc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\downloads\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142276626\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\RunOnce: [Run IPH] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\RunOnce: [0063631144370609mcinstcleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\mcvsinst\006363~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\RunOnce: [0066081144370684mcinstcleanup] C:\PROGRA~1\mcafee.com\mpfpinst\006608~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O8 - Extra context menu item: &AOL Toolbar search - res://c:\Program Files\Common Files\AolCoach\en_en\player\plugin\ToolBar.dll/SEARCH.HTML
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1142276626\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
______________________________________________________________

I did download
I suggest you download Windows Defender and ran that and it took out more entires.

I'm sure this computer is a lot better than when I started without a doubt. But for some reason I still think it is not completely free and clear. Maybe you can let me know one more time how the above report looks.

I was able to run SpyBot now with no problems and removed the few problems that were found.

I will continue to run the scans just to make sure and I plan to return her computer tomorrow, come what may.

I really do not like the Aol Security Center. I don't feel it is up to what it is supposed to be but I can't prove it.

Thank you again for all the help you gave me. I couldn't have done it without you. I was discouraged at first but I feel much better now.

Jean

PeteC · 2006/04/07

Jean

You are most welcome

The log looks to be clean. There is one entry which concerns me though ....

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee Inc. - (no file)

This indicates to me that the McAfee SecurityCenter Update Manager is probably not running and therefore McAfee is not being updated.

I really do not like the Aol Security Center. I don't feel it is up to what it is supposed to be but I can't prove it.
Click to expand...

The mess that the computer was in speaks volumes for the poor performance of AOL Security Center, IMO

IMHO I would dump that and install the free version of Zone Alarm and AVG Free

Remember to turn on System Restore before you return the computer.

larsonjean · 2006/04/09

Hi Pete,

Just a quick update to let you know I returned the computer to my friend today and I'm sure that whatever garbage was on it is now gone.

I did uninstall the AOL Security Center as I agree with you, I don't think it was working correctly. I did install AVG Free Virus Checker and also Zone Alarm. I just hope she will be able to understand how these work. At least I tried to explain it to her.

Yes, thanks, I did turn on System Restore also.

The whole ordeal was quite a problem but it makes me feel happy that I was able to get it back to good order. And without your help I'm sure it wouldn't have been possible.

Thanks again.

Jean

P.S. I've never been dissatisfied posting my problems to this help line. I do help many senior citizens in our area and without this help I wouldn't be able to have such a success rate.

PeteC · 2006/04/10

Let's hope all goes well from now on

I am getting close to senior citizen status myself and it is a pleasure to be able to help others, senior citizens or not. Your confidence must have been boosted by fixing this computer - remember the Board is always here to fall back on when problems seem to be unsurmountable.

Log in or Sign up

Unable to run Ad-Aware or SpyBot

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

Unable to run Ad-Aware or SpyBot

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

larsonjean Well-Known Member Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches