Jump to content


Photo

about:blank


  • Please log in to reply
1 reply to this topic

#1 iamahoosier

iamahoosier

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 03 July 2004 - 04:16 PM

I've read the faq's- appear to have a common problem but am needing help to remove.
On start-up something is blocking my Mcafee virus scan. am unable to run, have ran repair and it won't fix.
Hijac log-
Logfile of HijackThis v1.98.0
Scan saved at 4:59:28 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetPumper\NetPumper\NetPumperIEProxy.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\PestPatrol\PPMemCheck.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\FreeMem Professional\fmempro.exe
C:\Program Files\VirtuaReminder\VirtuaReminder.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NETPUM~1\NETPUM~1\NETPUM~1.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Steve\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: (no name) - {2D1D3A53-86EB-4BF7-BDDF-99782BB29AB3} - C:\WINDOWS\System32\bogm.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Professional\fmempro.exe" Startup
O4 - HKCU\..\Run: [VirtuaReminder] C:\Program Files\VirtuaReminder\VirtuaReminder.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\NetPumper\AddUrl.htm
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.co...ease/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop...virus/PCPAV.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...orts/wtinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.co...aploader_v5.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Filter: text/html - {2A3E9421-CE2D-41EA-84CA-8064B9B6F13E} - C:\WINDOWS\System32\bogm.dll
O18 - Filter: text/plain - {2A3E9421-CE2D-41EA-84CA-8064B9B6F13E} - C:\WINDOWS\System32\bogm.dll

Thanks,
Steve :scratchhead:

#2 freeatlast

freeatlast

    E x p l o r e r

  • Retired Staff
  • PipPipPipPipPip
  • 833 posts

Posted 03 July 2004 - 04:22 PM

Download and install : "FINDnFIX.exe" from any of
the links in my signature.

Run the "!LOG!.bat" file, wait for the final output (log.txt)
post the results....
Submit Files: Posted Image
----------------------------------------------------------------------
Posted ImagePosted ImagePosted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button