Annoyances.org
Home » Windows XP Discussion Forum » Message 1114989033 Search | Help | Home
  
re: New list of utilities
Sunday, May 1, 2005 at 4:10 pm
Windows XP Annoyances Discussion Forum
Posted by Sonya (3 messages posted)

Still experiencing problems...

Logfile of HijackThis v1.99.1
Scan saved at 3:45:41 PM, on 01/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\svchost.exe
C:\DOCUME~1\JASBAT~1\LOCALS~1\Temp\nnmtx.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\gegre.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Microsoft Service] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\nerocheck.exe /i
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Windows Secure Connection] winsc.exe
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrl32.exe
O4 - HKLM\..\Run: [CWETQ] C:\WINDOWS\aidwaew.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\RunServices: [Windows Secure Connection] winsc.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Secure Connection] winsc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {93D153C4-4F21-4022-9D86-04CDAFB3A231} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thanks.


On Saturday, April 9, 2005 at 5:06 pm, Falcon wrote:
>

Perform the following:


>

    >
    >
  1. Disable System Restore >style="color:black;text-decoration:none" href="http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam">*

    2. >
    >
  2. Perform an online
    >virus scan    * >style="color:black;text-decoration:none" href="http://www.pandasoftware.com/activescan/com/activescan_principal.htm">* >style="color:black;text-decoration:none" href="http://www.bitdefender.com/scan/licence.php">* >style="color:black;text-decoration:none" href="http://vil.nai.com/vil/stinger/">*.

    3. >
    >
  3. Download, update, and run these tools:
    >
    > Repeat as necessary until clean.
    >

    4. >
    >
  4. If you still experience problems after doing these steps, download
    >HijackThis >href="http://www.majorgeeks.com/download3155.html">* and post a log
    >to
    >this forum.

    5. >
    >
  5. To protect against reinfection, download and use these:

    > If at all possible, I recommend that you use alternative software, particularly
    >web browsers and email clients:
    > If this is not a viable option, or for additional protection, use these:
    >
    >

    6. >
    >
  6. Optionally Reenable
    >System Restore    *.
    >Better alternatives to
    >System Restore.

    7. >

>
>


> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to allow
>me to keep them
> up-to-date or post additional info. If you are unable to use the links above, click
>the stars
> instead, which are a direct link to the page in question.
>


>
>




Written in response to:
New list of utilities (Falcon: Saturday, April 9, 2005 at 5:06 pm)

Responses to this message:
*re: New list of utilities (Falcon: Sunday, May 1, 2005 at 6:17 pm)

All messages in this thread [show all]
-New list of utilities (Falcon: Sat, Apr 9, 2005, 5:06 pm)
*re: New list of utilities (joe: Sat, Apr 9, 2005, 5:35 pm)
-re: New list of utilities (Paulina: Sun, Apr 10, 2005, 6:38 am)
-re: New list of utilities (Matthew D. Healy: Thu, May 5, 2005, 6:12 pm)
*re: New list of utilities (Paulina: Fri, May 6, 2005, 12:45 am)
*re: New list of utilities (Scott Busche: Sun, Apr 17, 2005, 4:47 pm)
-re: New list of utilities (Sonya: Sun, May 1, 2005, 4:10 pm)
-re: New list of utilities (Falcon: Sun, May 1, 2005, 6:17 pm)
-re: New list of utilities (Sonya: Wed, May 4, 2005, 8:45 pm)
-re: New list of utilities (Falcon: Thu, May 5, 2005, 6:20 am)
*re: New list of utilities (Sonya: Thu, May 5, 2005, 1:50 pm)
*removal of Seeve (barb: Sat, May 21, 2005, 11:28 am)
*re: New list of utilities (Alex: Mon, Jun 23, 2008, 10:13 pm)
Return to the Windows XP Discussion Forum

All content at Annoyances.org is Copyright © 1995-2008 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.