Post by: CSOM on November 14, 2004, 10:53:53 PM
My McAfee seems to be popping up almost daily with something new, and it doesn't ever completely get rid of it. I've done a full system scan, with McAfee, Stinger, a few online scans, as well as my AdAware system scan, and I'm still having problems.
Can someone review my hijack log, and advise?
Much appreciated.
Logfile of HijackThis v1.98.2
Scan saved at 10:01:39 PM, on 11/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\drivers\dcfssvc.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\WINNT\FSScrCtl.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Outlook Express\msimn.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\AIM95\aim.exe
D:\PROGRA~1\McAfee.com\Agent\mcagent.exe
d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
d:\program files\mcafee.com\vso\mcmnhdlr.exe
d:\program files\mcafee.com\shared\mghtml.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Mike Fehl\Desktop\hijackthis.exe
D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
d:\program files\mcafee.com\vso\mcvsmap.exe
d:\program files\mcafee.com\shared\mcinfo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.######.com/categories.cfm?catid=40 (http://\"http://forums.######.com/categories.cfm?catid=40\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\winnt\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [centurytel.net DSL Cleanup] D:\WINNT\CTECleanup.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CleanUp] D:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mcagntps.dll] rundll32.exe advpack.dll,RegisterOCX d:\PROGRA~1\mcafee.com\agent\mcagntps.dll
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Screen Saver Control.lnk = D:\WINNT\FSScrCtl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://d:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O16 - DPF: ESPN.com MLB GameCast - http://scores.espn.go.com/java/MLBGameCastInstall.cab (http://\"http://scores.espn.go.com/java/MLBGameCastInstall.cab\")
O16 - DPF: ESPN.com NBA GameCast - http://scores.espn.go.com/java/NBAGameCastInstall.cab (http://\"http://scores.espn.go.com/java/NBAGameCastInstall.cab\")
O16 - DPF: Yahoo! Euchre - http://yog31.yahoo.com/yog/y/em0_x.cab (http://\"http://yog31.yahoo.com/yog/y/em0_x.cab\")
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab (http://\"http://205.159.125.199/central/02030106/cccabs/CleverContent.cab\")
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp1.csom.umn.edu/qp2.cab (http://\"http://qp1.csom.umn.edu/qp2.cab\")
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://cedarpoint.com/CFIDE/classes/CFJava.cab (http://\"http://cedarpoint.com/CFIDE/classes/CFJava.cab\")
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab (http://\"http://www.ofoto.com/OfotoDND.cab\")
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab (http://\"http://a19.g.akamai.net/7/19/7125/1290/ftp.coupons.com/v7/brix7ie.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx (http://\"http://surfer.www.conxion.com/surferplugin.ocx\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab (http://\"http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB (http://\"http://216.249.24.141/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab (http://\"http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab\")
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/M....cab?4,0,1323,0 (http://\"http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0\")
Post by: guestolo on November 14, 2004, 11:15:28 PM
If you don't use Viewpoint Manager, probably installed by AIM I would definitely uninstall it via Add/Remove Programs
Restart your computer once it's removed
Back in Windows
Do another scan with Hijackthis and put a check next to these entries
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
I would remove the next one too, software registration reminder, many consider to be as bad as spyware as it's know to call back home and report information about your computer
O4 - Startup: PowerReg SchedulerV2.exe
RESTART your computer
Can you let me know what folder or directory McAffee is finding these files in
Post by: CSOM on November 15, 2004, 11:24:44 PM
Did as instructed. Oddly enough I haven't had one pop up today, but when one does, it comes up 7-10 times in a row always. Mostly in my winnt\system32 or in program files somewhere... I will pay better attention next time to where it is...
Latest log
Logfile of HijackThis v1.98.2
Scan saved at 10:33:00 PM, on 11/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\drivers\dcfssvc.exe
D:\WINNT\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINNT\system32\svhost.exe
D:\PROGRA~1\AIM95\aim.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINNT\FSScrCtl.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Mike Fehl\Desktop\hijackthis.exe
D:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
d:\program files\mcafee.com\shared\mghtml.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.######.com/categories.cfm?catid=40 (http://\"http://forums.######.com/categories.cfm?catid=40\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\winnt\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Microsoft Systems] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Systems] svhost.exe
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Systems] svhost.exe
O4 - Startup: Screen Saver Control.lnk = D:\WINNT\FSScrCtl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://d:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O16 - DPF: ESPN.com MLB GameCast - http://scores.espn.go.com/java/MLBGameCastInstall.cab (http://\"http://scores.espn.go.com/java/MLBGameCastInstall.cab\")
O16 - DPF: ESPN.com NBA GameCast - http://scores.espn.go.com/java/NBAGameCastInstall.cab (http://\"http://scores.espn.go.com/java/NBAGameCastInstall.cab\")
O16 - DPF: Yahoo! Euchre - http://yog31.yahoo.com/yog/y/em0_x.cab (http://\"http://yog31.yahoo.com/yog/y/em0_x.cab\")
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab (http://\"http://205.159.125.199/central/02030106/cccabs/CleverContent.cab\")
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp1.csom.umn.edu/qp2.cab (http://\"http://qp1.csom.umn.edu/qp2.cab\")
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://cedarpoint.com/CFIDE/classes/CFJava.cab (http://\"http://cedarpoint.com/CFIDE/classes/CFJava.cab\")
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab (http://\"http://www.ofoto.com/OfotoDND.cab\")
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab (http://\"http://a19.g.akamai.net/7/19/7125/1290/ftp.coupons.com/v7/brix7ie.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx (http://\"http://surfer.www.conxion.com/surferplugin.ocx\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab (http://\"http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB (http://\"http://216.249.24.141/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab (http://\"http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab\")
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/M....cab?4,0,1323,0 (http://\"http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0\")
Post by: guestolo on November 15, 2004, 11:55:24 PM
Let's get a good incite of what the culprits name is
Set Windows to Show Hidden Files and Folders
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next: Go to this online malware scan
http://virusscan.jotti.dhs.org/ (http://\"http://virusscan.jotti.dhs.org/\")
Give the link time to load
Use the browse button and navigate to this file
D:\WINNT\system32\svhost.exe <--this file, Don't confuse it with svchost.exe, which is legitimate
Right click on the file and select it
Use the Submit button
Post back the results of the file
If you find time
I see you have also done an Online Virus Scan
Could you do one at RAV's also
http://www.ravantivirus.com/scan/ (http://\"http://www.ravantivirus.com/scan/\")
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and dat files
Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan
Then click the Scan my PC button
Let it completely finish scanning
Copy and Paste the results back here
Could you also post a fresh hijackthis log and we'll try a fix from that point, thanks
Post by: CSOM on November 17, 2004, 08:08:56 AM
Service load: 0% 100%
File: svhost.exe
Status: INFECTED/MALWARE
Packers detected: PE-DIMINISHER
AntiVir No viruses found (0.15 seconds taken)
Avast No viruses found (1.52 seconds taken)
BitDefender Win32.P2P.SpyBot.Gen (0.87 seconds taken)
ClamAV No viruses found (0.32 seconds taken)
Dr.Web Win32.HLLW.ForBot.based (0.57 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.SdBot.gen (0.62 seconds taken)
mks_vir No viruses found (0.20 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.45 seconds taken)
Norman Virus Control Sandbox: W32/Backdoor; [ General information ]
* File length: 87578 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\svhost.exe.
* Creates file C:\WINDOWS\SYSTEM\ntfsdi.txt.
[ Changes to registry ]
* Creates value "Microsoft Systems"="svhost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "Microsoft Systems"="svhost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates value "Microsoft Systems"="svhost.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
[ Network services ]
* Connects to "ilx.no-ip.biz" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname ILX-00263.
* IRC: Uses username ILX-39610.
* IRC: Joins channel #test with password test.
* IRC: Sets the usermode for user ILX-00263 to +i.
* IRC: Sets the usermode for user ILX-00263 to -s.
* IRC: Sets the channel mode for channel #test to +nts.
[ Process/window information ]
* Creates a mutex botid.
* Will automatically restart after boot (I'll be back...). (31.61 seconds taken)
Statistics
Last piece of malware found was Backdoor.Win32.SdBot.gen in rBot032.exe, detected by:
Scanner Malware name Time taken
AntiVir X 0.16 seconds
Avast X 1.53 seconds
BitDefender X 0.80 seconds
ClamAV X 0.32 seconds
Dr.Web X 0.54 seconds
F-Prot Antivirus X 0.06 seconds
Kaspersky Anti-Virus Backdoor.Win32.SdBot.gen 0.62 seconds
mks_vir X 0.20 seconds
NOD32 X 0.44 seconds
Norman Virus Control X 1.04 seconds
Service statistics:
5310 files (4058 of those unique) have been uploaded & scanned since 05/11/2004, the day of the last database purge.
1245 of those 4058 files contained a virus or any other form of malware.
This page has been visited 11663 times in this time period.
This service managed to spot 77 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 510 suspicious files without any help from scanner results.
However, 39 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.04% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.
Most popular malware:
Rank Malware name Uploaded Last known filename
1 backdoor.sdbot.gen 123 times cvc.exe
2 backdoor.agobot.3.gen 56 times htpasswd.exe
3 tr/drop.delf.fd.1 37 times FFF.SP2.Cleaner.v3.0.exe
4 tr/spam.avafx 34 times vbsys2.dll
5 tr/dldr.small.uv.3 32 times s1p1y.exe
6 backdoor.wootbot.gen 23 times Kopie van 1.exe.exe
7 trojan.downloader.inservice.i 23 times assassin-254.exe
8 win32:trojan-gen. {other} 22 times auto.exe
9 bds/beastdoor.205.a 16 times server.exe
10 win32:trojan-gen. 15 times cia_upx.exe
11 trojan.downloader.zlob.d 14 times a1-search.zip
12 win32.hllw.forbot.based 14 times winzipsys.exe
13 win32.hllw.mybot.based 14 times iexplore.exe.mwt
14 worm/mydoom.ah 14 times msde1.exe
15 backdoor.win32.agobot.gen 14 times ges.exe
Scan started at 11/16/2004 11:44:40 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
Scanned
============================
Objects: 50106
Directories: 2303
Archives: 1205
Size(Kb): 183132
Infected files: 0
Found
============================
Viruses found: 0
Suspicious files: 0
Disinfected files: 0
Mail files: 4027
Logfile of HijackThis v1.98.2
Scan saved at 7:20:35 AM, on 11/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\drivers\dcfssvc.exe
D:\WINNT\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\WINNT\system32\svhost.exe
D:\PROGRA~1\AIM95\aim.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINNT\FSScrCtl.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Outlook Express\msimn.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\svhost.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINNT\system32\notepad.exe
D:\WINNT\system32\svhost.exe
D:\Documents and Settings\Mike Fehl\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.######.com/categories.cfm?catid=40 (http://\"http://forums.######.com/categories.cfm?catid=40\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\winnt\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Systems] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Systems] svhost.exe
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Systems] svhost.exe
O4 - Startup: Screen Saver Control.lnk = D:\WINNT\FSScrCtl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://d:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O16 - DPF: ESPN.com MLB GameCast - http://scores.espn.go.com/java/MLBGameCastInstall.cab (http://\"http://scores.espn.go.com/java/MLBGameCastInstall.cab\")
O16 - DPF: ESPN.com NBA GameCast - http://scores.espn.go.com/java/NBAGameCastInstall.cab (http://\"http://scores.espn.go.com/java/NBAGameCastInstall.cab\")
O16 - DPF: Yahoo! Euchre - http://yog31.yahoo.com/yog/y/em0_x.cab (http://\"http://yog31.yahoo.com/yog/y/em0_x.cab\")
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab (http://\"http://205.159.125.199/central/02030106/cccabs/CleverContent.cab\")
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp1.csom.umn.edu/qp2.cab (http://\"http://qp1.csom.umn.edu/qp2.cab\")
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://cedarpoint.com/CFIDE/classes/CFJava.cab (http://\"http://cedarpoint.com/CFIDE/classes/CFJava.cab\")
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab (http://\"http://www.ofoto.com/OfotoDND.cab\")
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab (http://\"http://a19.g.akamai.net/7/19/7125/1290/ftp.coupons.com/v7/brix7ie.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx (http://\"http://surfer.www.conxion.com/surferplugin.ocx\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab (http://\"http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB (http://\"http://216.249.24.141/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab (http://\"http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab\")
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/M....cab?4,0,1323,0 (http://\"http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0\")
Post by: guestolo on November 17, 2004, 08:09:09 PM
Open Hijackthis>>>Config>>Misc Tools>>Open Process Manager
Left click to Highlight and then Kill these processes
D:\WINNT\system32\svhost.exe
I see 3 occurances of them, remember not to confuse it with svchost.exe
After you have closed those processes click the Back button in Hijackthis
>>Config>>Misc Tools>>Click the Delete File on Reboot button
Copy and paste the bolded text below into the File Name box
D:\WINNT\system32\svhost.exe
Click the OPEN button
Hijackthis will warn the file will be deleted and you must restart your computer
Don't restart yet
Instead, do another scan with Hijackthis and put a check next to these entries
O4 - HKLM\..\Run: [Microsoft Systems] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Systems] svhost.exe
O4 - HKCU\..\Run: [Microsoft Systems] svhost.exe
After you have ticked the above entries, Close All other open Windows, including this one
Leave Hijackthis open and Click FIX CHECKED
Yes to the prompt and exit Hijackthis
Restart your computer
Post back a fresh Hijackthis log and let me know if you are still having problems
Could you also let me know if your version of McAfee's has a Firewall or if you are behind any kind of Hardware firewall(Router), if not, you may think about installing one
I have links to free ones......
Post by: CSOM on November 19, 2004, 08:17:26 AM
Logfile of HijackThis v1.98.2
Scan saved at 11:41:49 PM, on 11/18/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\drivers\dcfssvc.exe
D:\WINNT\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\AIM95\aim.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\WINNT\FSScrCtl.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Documents and Settings\Mike Fehl\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.######.com/categories.cfm?catid=40 (http://\"http://forums.######.com/categories.cfm?catid=40\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\winnt\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Screen Saver Control.lnk = D:\WINNT\FSScrCtl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://d:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe
O16 - DPF: ESPN.com MLB GameCast - http://scores.espn.go.com/java/MLBGameCastInstall.cab (http://\"http://scores.espn.go.com/java/MLBGameCastInstall.cab\")
O16 - DPF: ESPN.com NBA GameCast - http://scores.espn.go.com/java/NBAGameCastInstall.cab (http://\"http://scores.espn.go.com/java/NBAGameCastInstall.cab\")
O16 - DPF: Yahoo! Euchre - http://yog31.yahoo.com/yog/y/em0_x.cab (http://\"http://yog31.yahoo.com/yog/y/em0_x.cab\")
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab (http://\"http://205.159.125.199/central/02030106/cccabs/CleverContent.cab\")
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp1.csom.umn.edu/qp2.cab (http://\"http://qp1.csom.umn.edu/qp2.cab\")
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://cedarpoint.com/CFIDE/classes/CFJava.cab (http://\"http://cedarpoint.com/CFIDE/classes/CFJava.cab\")
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab (http://\"http://www.ofoto.com/OfotoDND.cab\")
O16 - DPF: {412F2472-59BC-4CCB-A3D4-C16A7D57CDCF} (CouponsIncIECtl Class) - http://a19.g.akamai.net/7/19/7125/1290/ftp.../v7/brix7ie.cab (http://\"http://a19.g.akamai.net/7/19/7125/1290/ftp.coupons.com/v7/brix7ie.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://surfer.www.conxion.com/surferplugin.ocx (http://\"http://surfer.www.conxion.com/surferplugin.ocx\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab (http://\"http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab\")
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB (http://\"http://216.249.24.141/code/PWActiveXImgCtl.CAB\")
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN..._1/axofupld.cab (http://\"http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5/asinst.cab\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab (http://\"http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab\")
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/M....cab?4,0,1323,0 (http://\"http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0\")
Post by: guestolo on November 19, 2004, 07:33:13 PM
My Personal Favorite is Sygate,
but you decide, you only need one
Here's a links to a few of them, they are all recommended by most
and they all have a free version
Sygate Personal Firewall (http://\"http://www.tucows.com/preview/213160.html\")
Zone Alarm by Zonelabs (http://\"http://www.zonelabs.com/store/content/home.jsp\")
Kerio Personal Firewall (http://\"http://www.kerio.com/us/kpf_download.html\")
OutPost by Agnitum (http://\"http://outpost.uk.com/\")
Also, to help tighten up your security
I very much suggest that you install these 2 applications
Both of these will help to Prevent Spyware from ever being installed
and they don't need to Run in the Background, install and run them once
Check for updates once every couple of weeks
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link==Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
Scroll down and click on IE-SPYAD.EXE Free!
Take care CSOM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: CSOM on November 21, 2004, 05:34:41 PM