maynardvdm Posted April 26, 2008 Posted April 26, 2008 Hi Can Seth or Ron please look at this log for me (THANKS): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:02 AM, on 2008/04/26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CmzBackup\CmzBackupService\CmzBackup.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = :: MWEB - Home :: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Search - http://**edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm801YYZA O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.*mweb.co.za O15 - Trusted Zone: http://*.newcomputer O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {BF7FD4D9-F0EE-45CF-8CCF-2A3388B5FA33} (LetterCreation.TextEditor) - http://newcomputer/flexebroker/LetterPrinting/LetterCreation/LTCRN.CAB O16 - DPF: {C62B2C98-2A8A-4777-98C5-0E70BB57A449} - http://newcomputer/flexebroker/Downloads/IDICrystal/IDIReports.CAB O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: CmzBackup - Unknown owner - C:\Program Files\CmzBackup\CmzBackupService\CmzBackup.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Seth Posted April 26, 2008 Posted April 26, 2008 Hi Maynard. Looks good for the most part. 1) Remove MyWebSearch. It's "grey area" malware. Sas will detect it, but you have to put a check mark in the box to remove it. MB detects it as well, but I don't know if you have to check mark it. 2) If you use sites that need Java, then uninstall any old versions and reinstall the latest. Also, don't disable jusched from msconfig. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
maynardvdm Posted April 26, 2008 Author Posted April 26, 2008 (edited) Thanks Seth, I will enable it again, coz i disabled everything except McAfee. I am still trying to convince them McAfee is crap LOL But Thanks. Edited April 26, 2008 by maynardvdm Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Seth Posted April 26, 2008 Posted April 26, 2008 NP. They'll probably get MWS again, so you might want to show them how to remove it. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
maynardvdm Posted April 26, 2008 Author Posted April 26, 2008 I will remove it for them and all "useless" programs too. :) Thanks again. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
maynardvdm Posted April 27, 2008 Author Posted April 27, 2008 This is the log after scanning with MB, SAS and the ESET online scan and after running ATF : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:00 AM, on 2008/04/27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CmzBackup\CmzBackupService\CmzBackup.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = :: MWEB - Home :: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm801YYZA O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.mweb.co.za O15 - Trusted Zone: http://*.newcomputer O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {BF7FD4D9-F0EE-45CF-8CCF-2A3388B5FA33} (LetterCreation.TextEditor) - http://newcomputer/flexebroker/LetterPrinting/LetterCreation/LTCRN.CAB O16 - DPF: {C62B2C98-2A8A-4777-98C5-0E70BB57A449} - http://newcomputer/flexebroker/Downloads/IDICrystal/IDIReports.CAB O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: CmzBackup - Unknown owner - C:\Program Files\CmzBackup\CmzBackupService\CmzBackup.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe The first O8 entry has a reference to mywebsearch, can i use hijack this to remove it or is it not a problem there. I tried looking under "add-ons" in IE but could not find mywebsearch, so i think its gone now. THANKS. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Seth Posted April 27, 2008 Posted April 27, 2008 It's a benign entry. You can use HT to remove it. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
maynardvdm Posted April 27, 2008 Author Posted April 27, 2008 Thanks for looking at it for me Seth, I appreciate it :D Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
maynardvdm Posted April 27, 2008 Author Posted April 27, 2008 2) If you use sites that need Java, then uninstall any old versions and reinstall the latest. Also, don't disable jusched from msconfig. This pc doesnt have any java installed. Its not my pc and i dont think they use sites with java (though not sure). Do you think i should install java or just leave it? Thanks again. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Seth Posted April 27, 2008 Posted April 27, 2008 I would install it as many programs and web sites require it. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
AdvancedSetup Posted April 28, 2008 Posted April 28, 2008 Well luckily most do not require Java, a lot do require JavaScript though So... what is the difference between Java and JavaScript anyway? They are both similar and quite different depending on how you look at them. First their lineage: Java is an Object Oriented Programming (OOP) language created by James Gosling of Sun Microsystems. JavaScript was created by the fine people at Netscape. JavaScript is a distant cousin of Java. It is also an OOP language. Many of their programming structures are similar. However, JavaScript contains a much smaller and simpler set of commands than does Java. It is easier for the average weekend warrior to understand. If this is for like your Parents and they're not computer savvy then you may want to install the latest for them and set it to auto-update without them having to go do it. Myself, I don't have Java installed on my computer - If the site needs it, well I probably don't need that site ;) I do have it on my work computer though as there are many Server products that use it for a management interface. Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
maynardvdm Posted April 28, 2008 Author Posted April 28, 2008 Thanks Ron. I will install JavaScript then for them :D Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
AdvancedSetup Posted April 28, 2008 Posted April 28, 2008 You don't have to install JavaScript (you can't anyway). Most browsers automatically recognize it built-in. Remove all versions of JAVA, then go here and get this installation of Sun JAVA Get Sun Java . Quote Need help with your computer problems? Then why not join Free PC Help. Register hereIf Free PC Help has helped you then please consider a donation. Click here Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.