1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Meanware removal prior to SP2 install

Discussion in 'Malware and Virus Removal Archive' started by e11even, 2005/03/03.

Thread Status:
Not open for further replies.
  1. 2005/03/03
    e11even

    e11even Inactive Thread Starter

    Joined:
    2005/02/26
    Messages:
    7
    Likes Received:
    0
    Hi,

    I have issues similar to many I've seen here and in other forums, and I've been really impressed by the results that knowledgable instruction seemed to have for other folks.

    Is it possible that my machine could actually be free again? I get butterflies imagining that i am not actually doomed to a future of almost being able to put my computer to use. :D

    I also came here on advice to clean as thouroughly as possible before retrying SP2. It failed the first time, citing a lack of permission, and i downloaded and ran SubInAcl (to change permissions of registry keys) as per advice from several sources, but i havent retried cuz of so much meanware.

    I run Windows XP (and Knoppix from CD) on an HP Pavilion with AMD K6-2 550MHz and 256K RAM, and lately there've been times when it took upwards of 10 seconds to register a single click and over a minute to open a small folder. DlfnTmp pops me up ads every five minutes, browser open or not (i have DSL), and it decided yesterday that it wanted to be my start page. Webroot Spy Audit says i have:

    Altnet
    BroadcastPC
    CoolWebSearch (CWS)
    Delfin
    DesktopTraffic
    KeenValue/PerfectNav
    NavExcel
    NavExcel Search Toolbar
    SaveNow - WhenUSave
    ShopAtHomeSelect
    Startpage
    (I deleted the NavExcel folder some time ago)


    And Hijack This! says:

    Logfile of HijackThis v1.97.7
    Scan saved at 21:19:20, on 02/03/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\System Goodies\PurgeIE\PurgeIE_Service.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\PROGRA~1\SYSTEM~1\REGIST~2\rbcs.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\NewTech Infosystems\NTI CD-Maker\Cdmkr32.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\System Goodies\Spyware Adware Malware\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\SYSTEM~1\REGIST~2\rbcs.exe" -autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
    O4 - Startup: Tao.lnk = C:\Program Files\System Goodies\Tao Quote\taoquote.exe
    O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://kiyotake.aa1.netvolante.jp/kxhcm10.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37621.702962963
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I thank you more than i possibly can for your help. :)

    Lev
     
    e11even,
    #1
  2. 2005/03/04
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hello

    Have you cleaned up with Ad-Aware se and SpyBot yet ?
    IF so what versions are they ?


    C:\Program Files\System Goodies\Spyware Adware Malware\Hijack This\HijackThis.exe <<<<<<< replace that with the current version and post a new log please.
    HijackThis 1.99.1
    http://www.merijn.org/files/HijackThis.exe
     
    Lonny Jones,
    #2


  3. to hide this advert.

  4. 2005/03/22
    e11even

    e11even Inactive Thread Starter

    Joined:
    2005/02/26
    Messages:
    7
    Likes Received:
    0
    thanks for your reply.
    I did use Ad-Aware and SpyBot. What worked, however, was the Microsoft AntiSpyware (beta). It cleaned everything up, the SP2 install went without a hitch, and now i don't own that computer anymore.

    peace :)
     
    e11even,
    #3
  5. 2005/03/22
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Thats great, thanks for posting back.
     
    Lonny Jones,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...