Logfile of HijackThis v1.99.1 - walter-j : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Logfile of HijackThis v1.99.1 - walter-j

Please help. MSIE 6 is very slow for the first 10 minutes after boot up, then stops responding all together.

Comment: The log looks clean. You may want to remove additional software like pogo just to see it that helps. You may want to update your MCAFEE anti-virus data file (check that date is not longer older the 2 weeks old) and do an perform a complete scan of all the computer disk. If you anti-virus has expired, you may want to tryout AVG. Remember to uninstall the expired program first.

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: pogo.com / home / home.jsp?sls=2&site=pogo
O16 - DPF: Harvest Mania by pogo - website: game1.pogo.com / applet-6.2.0.30 / harvest / harvest-ob-assets.cab
O16 - DPF: Squelchies by pogo - website: game1.pogo.com / applet-6.1.5.21 / squelchies / squelchies-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - website: game1.pogo.com / applet-6.1.5.28 / jumbee / jumbee-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - website: download.games.yahoo.com / games / web_games / popcap / bejeweled2 / popcaploader_v6.cab

Scan saved at 9:24:50 PM, on 5 / 31 / 2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA~1 \ mcafee.com \ vso \ mcvsshld.exe
C: \ PROGRA~1 \ mcafee.com \ agent \ mcagent.exe
C: \ Program Files \ Java \ jre1.5.0_01 \ bin \ jusched.exe
c: \ progra~1 \ mcafee.com \ vso \ mcvsescn.exe
C: \ PROGRA~1 \ Compaq \ EASYAC~1 \ BttnServ.exe
c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsrte.exe
C: \ WINDOWS \ system32 \ pctspk.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ System32 \ svchost.exe
c: \ PROGRA~1 \ mcafee.com \ vso \ mcshield.exe
C: \ Download \ z-UnZip-02 \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: store.presario.net / scripts / redirectors / presario / storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: pogo.com / home / home.jsp?sls=2&site=pogo
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: store.presario.net / scripts / redirectors / presario / storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard,ShellNext = website: us.mcafee.com / root / campaign.asp?cid=8954&affid=0-3
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = 127.0.0.1
N2 - Netscape 6: user_pref("browser.startup.homepage", "website: google.com / "); (C: \ Documents and Settings \ Windows User \ Application Data \ Mozilla \ Profiles \ default \ skiquoty.slt \ prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine: / / C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C: \ Documents and Settings \ Windows User \ Application Data \ Mozilla \ Profiles \ default \ skiquotyslt \ prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C: \ PROGRA~1 \ SPYBOT~1 \ SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c: \ progra~1 \ mcafee.com \ vso \ mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ system32 \ msdxm.ocx
O4 - HKLM \ .. \ Run: [WCOLOREAL] "C: \ Program Files \ COMPAQ \ Coloreal \ coloreal.exe"
O4 - HKLM \ .. \ Run: [CPQEASYACC] C: \ Program Files \ Compaq \ Easy Access Button Support \ StartEAK.exe
O4 - HKLM \ .. \ Run: [Microsoft Works Portfolio] C: \ Program Files \ Microsoft Works \ WksSb.exe / AllUsers
O4 - HKLM \ .. \ Run: [Microsoft Works Update Detection] C: \ Program Files \ Microsoft Works \ WkDetect.exe
O4 - HKLM \ .. \ Run: [srmclean] C: \ Cpqs \ Scom \ srmclean.exe
O4 - HKLM \ .. \ Run: [VSOCheckTask] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcmnhdlr.exe" / checktask
O4 - HKLM \ .. \ Run: [VirusScan Online] "c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsshld.exe"
O4 - HKLM \ .. \ Run: [MCAgentExe] c: \ PROGRA~1 \ mcafee.com \ agent \ mcagent.exe
O4 - HKLM \ .. \ Run: [MCUpdateExe] C: \ PROGRA~1 \ mcafee.com \ agent \ mcupdate.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.5.0_01 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb07.exe
O4 - HKLM \ .. \ Run: [HPHmon04] C: \ WINDOWS \ system32 \ hphmon04.exe
O4 - HKLM \ .. \ Run: [HPHUPD04] "C: \ Program Files \ HP Photosmart 11 \ hphinstall \ UniPatch \ hphupd04.exe"
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" -osboot
O4 - Startup: 4t Tray Minimizer.lnk = G: \ Programs \ Windows \ System \ 4t Tray Minimizer \ 4t-min.exe
O4 - Startup: DeskSweeper.lnk = G: \ Programs \ Windows \ DeskSweeper \ DeskSweeper.exe
O4 - Startup: Micro-Sys Launcher.lnk = G: \ Programs \ Windows \ Launcher \ Micro-Sys Launcher \ Launcher.exe
O4 - Startup: PopTray.lnk = G: \ Programs \ Internet \ PopTray \ PopTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C: \ Program Files \ ScanWizard 5 \ ScannerFinder.exe
O8 - Extra context menu item: &Google Search - res: / / c: \ program files \ google \ GoogleToolbar1.dll / cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / c: \ program files \ google \ GoogleToolbar1.dll / cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res: / / c: \ program files \ google \ GoogleToolbar1.dll / cmcache.html
O8 - Extra context menu item: Similar Pages - res: / / c: \ program files \ google \ GoogleToolbar1.dll / cmsimilar.html
O8 - Extra context menu item: Translate into English - res: / / c: \ program files \ google \ GoogleToolbar1.dll / cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: \ WINDOWS \ System32 \ Shdocvw.dll
O9 - Extra button: Support - {200C1772-FFF0-4B47-A5EF-D32AA027F0A5} - C: \ Program Files \ Internet Explorer \ SIGNUP \ Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=website: store.presario.net / scripts / redirectors / presario / storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: First Class Solitaire by pogo - website: game1.pogo.com / applet-6.2.0.30 / solitaire2 / solitaire2-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - website: game1.pogo.com / applet-6.2.0.30 / harvest / harvest-ob-assets.cab
O16 - DPF: Squelchies by pogo - website: game1.pogo.com / applet-6.1.5.21 / squelchies / squelchies-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - website: game1.pogo.com / applet-6.1.5.28 / jumbee / jumbee-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - website: download.mcafee.com / molbin / shared / mcinsctl / en-us / 4,0,0,83 / mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - website: v5.windowsupdate.microsoft.com / v5consumer / V5Controls / en / x86 / client / wuweb_site.cab?1107318856230
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - website: download.mcafee.com / molbin / shared / mcgdmgr / en-us / 1,0,0,20 / mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - website: download.games.yahoo.com / games / web_games / popcap / bejeweled2 / popcaploader_v6.cab
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C: \ Program Files \ Kerio \ Personal Firewall 4 \ kpf4ss.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c: \ PROGRA~1 \ mcafee.com \ vso \ mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C: \ PROGRA~1 \ McAfee.com \ Agent \ mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c: \ PROGRA~1 \ mcafee.com \ vso \ mcvsrte.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C: \ WINDOWS \ system32 \ pctspk.exe
O23

Post your comment

Mail this page