Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

First hjt log, help ! but in simple english please!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby six-h » June 11th, 2007, 12:38 pm

beynac

Funnily enough, it does seem to be Gmail that is affected worse than others which are all perceptably slower loading, but I also tried a slightly questionable site, and that didn't seem to be affected!

With gmail, I get the "connecting" symbol, and after approx 20 seconds with a white screen that just says "Loading..." in the top left corner, the task bar displays "waiting for Http;//gmail..."
Then the task bar changes to "Done" - still a white screen, The word"loading (which is in black) at top left disapears, task bar flashes the "waiting for gmail" message again a couple of times, then back to "Done" - still a white screen for a second or two, then the "Loading" message from gmail, which is white on a red block, appears in the top right eventually followed by my in box. All this takes a minimum of 38 seconds!!

I've been looking for some way of altering the threshold for trusted sites, but it would appear tis is only available, in the form of a "White List" to paying customers!

Six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

Unread postby beynac » June 11th, 2007, 3:10 pm

Have you tried my suggestion about uninstalling and re-installing? If that doesn't work, then uninstall it and try Site Advisor.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 11th, 2007, 4:05 pm

Hi beynac,

Sorry to be a pest,
Yes, I removed it and zap! home page loads almost instantly.
Downloaded again and back to the "world wide wait"!
It even takes about 10 seconds to open a new tab (IE7)

Maybe something is in conflict with it.
Is Site Advisor an effective alternative?

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 11th, 2007, 4:15 pm

I agree. It sounds as if there's a conflict somewhere. Site Advisor is a good alternative. The main thing is that, with either of them, you get a warning if you try to go to a known, 'iffy' web page.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 11th, 2007, 5:18 pm

Beynac

Have unloaded SiteHound, and installed SiteAdvisor, much quicker on the sites I've tried so far, and gmail is back to it's old self,"Zap"!

Noticed that the "Advisor Button" has to be selected anew for each site you visit! (Tools>Toolbars, and check SiteAdvisor.)
Strangely, SiteHound is still listed in there too!

Maybe I don't have it configured right, for the button to disappear like that?

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » June 11th, 2007, 5:31 pm

Beynac

I sometimes run speedtests to keep an eye on my connection, and have just visited ZD.Net, (one such)
where SiteAdvisor showed caution, clicking more info, shows that they have links to doubleclick.
Wasn't that one of the nasties that I had on my machine?
Will SiteAdvisor block it, or just warn me that I may become infected?

Regarding set up, I have selected all three of the opions below: -
Highlight search result links
Show verdict in Safe Search
Use SSL communications to server

Is that right in your opinion?

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 12th, 2007, 4:05 am

Good Morning.

Noticed that the "Advisor Button" has to be selected anew for each site you visit! (Tools>Toolbars, and check SiteAdvisor.) ...Maybe I don't have it configured right, for the button to disappear like that?

That doesn't sound right at all. A quote from the McAfee website:
McAfee wrote:Add SiteAdvisor to Internet Explorer or Firefox and our safety button will turn red, yellow, or green depending on the safety rating of the Web site you are currently viewing. Before you do something dangerous, it will warn you.

I haven't used SiteAdvisor so i don't have personal experience of the settings or of its use. I've looked on the McAfee support site and there appear to be several reasons why this can happen. If you've installed the firewall, it could be that which is stopping it.
McAfee wrote:Sometimes a personal firewall (e.g., in Norton Internet Security) will start blocking SiteAdvisor's communications after you restart Windows, even after you have told the firewall to 'Allow' communications for SiteAdvisor. Do you remember ever being prompted with something similar to 'SiteAdv.exe is attempting to access the network... Allow: Yes/No' If so, please try opening your firewall configuration page and ensuring that for SiteAdvisor/SiteAdv.exe something similar to 'Always Allow' is listed.

Please let us know if this is still an issue (with details on your operating system, browser version, and security software) and we will get this working for you.

I suggest that you have a look on the McAfee Technical Help site. Select SiteAdvisor from the list of products and look at both Common Issues and Configuration/Features in the categories. If you still have a problem, you can ask them for help.

Strangely, SiteHound is still listed in there too!

There may be an orphaned registry entry following the uninstall. If you post a HijackThis log, I can tell you which line(s) to fix.

SiteAdvisor showed caution, clicking more info, shows that they have links to doubleclick. Wasn't that one of the nasties that I had on my machine? Will SiteAdvisor block it, or just warn me that I may become infected?

DoubleClick appears on a lot of sites. It is not an infection, it just installs tracking cookies and is therefore not really harmful. However, if you have installed SpywareBlaster, it will block these.

Regarding set up, I have selected all three of the opions below: -
Highlight search result links
Show verdict in Safe Search
Use SSL communications to server

Is that right in your opinion?

I don't know about the first two (as I said, I have no experience of using SiteAdvisor), but the third one seem unnecessary to me ("Use SSL communications to server").
McAfee wrote:'Use SSL Communications To Server' will encrypt all communication between your SiteAdvisor software and our servers. It uses https:// for transmitting data instead of http://. Encrypted communications will be slower, but private. Non-encrypted will be faster, but not private.

I wouldn't have thought that you would be sending them any private information. I think that this probably refers to you giving them feedback on websites.

Hope this helps - don't forget to post the HijackThis log.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 12th, 2007, 8:50 am

Hi Beynac

I seem to be getting that Disc error message more frequently, happened again this morning.
I've not yet disabled Dit.exe, but I think I'll have to try it.

Another strange thing on startup today was that the Icon for ATF Cleaner remained "Generic" once windows had fully loaded. I right clicked it and selected Properties, and without further input from me, whilst I was reading the file path, a message came up that I didn't fully have time to read, to the effect that the path was not valid!
Closing the properties window, I opened the file via My Docs. and opened the programme. It ran OK so I closed all and the desktop Icon had rectified it's self! Strange!

I must say, I have never had any notifications from: - eTrust, Windows Firewall, or from the newly installed SpywareBlaster, all of which I understand are active.
Although I am about to replace Windows Firewall with the Sunbelt one, I don't have a clue how I should have it configured, so have left it at default.
However, one of the reports that was generated during my clean-up, suggested that "something" had altered the firewall settings which made me unsure that the settings are to my advantage, so to speak!
Just looking at the options,
Under "Exceptions, the only items listed are: -
iTunes, Network diagnostics for Windows, Remote assistance,and Speedtouch Home install Wizard.

Under Advanced Tab, Network connection settings: -
1394 connection 3, Local Area connection, and Wireless Network connection, are ticked

Under Services, MDAP 1, and MDAP2 are ticked. Nothing under ICMP.
There is no mention of any individual programmes having permissions except iTunes! So I don't know if the Firewall is effective or not!

Whils I'm "Bending your ear" concerning security, with what frequency would you suggest that I should run AVG AntiVirus/Spyware, and ATF Cleaner, and should I expect any visible signs that SpywareBlaster is doing something!? :?

Regards SiteAdvisor, although the "Button" irksomely has to be added to the toolbar manually on every occasion of either opening a new tab, or indeed opening IE.
Present or not, every Google search result is colour coded, and has the programmes popup advice windows concerning each item which is fine.
Because the button doesn't automatically show though, you are not advised about directly typed URL's and clicked links, which I can't imagine was the intent of the programme.

I have looked on the website, and at all the FAQ's, and some of the posts in the forum, but none seem to cover this. That leads me to believe that there is some problem in my machine, rather than the programme.
I have joined the forum and posted a query, but sofar, no takers.

Glad to hear that DoubleClick is not harmfull, but if it comes up on any reports, I'll "Kill" it!

Sorry to take up your valuable time with these small problems, tell me to take them elsewhere if I'm a nuisance, but I feel more confident in taking advice from you, than from "strangers"!! :roll:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:27, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\Geoff Vost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 12th, 2007, 9:33 am

Hi.

I seem to be getting that Disc error message more frequently, happened again this morning.
I've not yet disabled Dit.exe, but I think I'll have to try it.

Yes, try it.

I don't know what happened with ATF Cleaner but, if it happens again, delete the shortcut and create a new one. You won't get any notifications from eTrust unless it finds an infected file. It appears to be fully functional, as far as i can tell from the HijackThis log. If you have decided to replace it with AVG AntiVirus, I suggest that you get this done. The Windows Firewall will just block certain incoming traffic. I wouldn't expect any notifications. I wouldn't worry too much about this as you have decided to install Sunbelt's firewall. Likewise SpywareBlaster. As I said before, it doesn't work by running on the computer. It just blocks access to certain baddies in you registry. You won't therefore, get any notifications or visible signs that it is working.

I suggest that you run ATF Cleaner and then AVG Anti-Spyware very week. Don't forget to update AVG Anti-Spyware first!

I'm sorry but I don't think that I can help you with SiteAdvisor (I have no experience of the program). You could try an uninstall/re-install and see if that helps. If that doesn't work, I suggest that you wait for a reply on the forum. Bear in mind that the response may not be particularly quick. You could try a post on the PC Advisor forum. If it gives you too much trouble, then I suggest that you don't use it.

SiteHound has left some 'orphans' on your computer. Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)


Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

Good luck with McAfee!
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 12th, 2007, 3:24 pm

Back again beynac,

I added the "Dit.exe" fix to your current instructions, and guess what, it's all worked! :D
I tried reading an SD card, and my USB stick, and no problems with either one!! :D :)

I shut down after doing it, as I had to go out.
I help out at a computer class at my local U3A (University of the 3rd Age) mainly retired folk who have no children or grandchildren to teach them!

Talk about the blind being led by the partially sighted!! :glasses7:

Just got in at 7pm and had a lovely clean boot!
SiteHound's toolbar entry has gone, and SiteAdvisor's button is now ever present! :shock:

I think I'll post the news on their forum, since inspite of several viewings, there were no responses.
Maybe it may help someone in the future.

Thanks again for your incredible help and kindness,

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 12th, 2007, 3:36 pm

That's great news! :D

It looks as if the remnants of SiteHound were stopping SiteAdvisor from working properly (one to remember for the future). I'm pleased that the fix with "Dit.exe" worked.

I should think that the knowledge gained through your recent experiences will be a big help to you with your computer class! :)

Best wishes,
beynac
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 12th, 2007, 3:46 pm

beynac

"Not Arf", as Alan Freeman used to say, (God that shows my age!!)

However, I would never attempt to help or assist anyone in what you have guided me through.
I would persuade them to "follow in my tracks!", and direct them to your door in the certain knowledge that help lies within!

Thanks again
six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby six-h » June 13th, 2007, 1:53 pm

beynac, Help!

I've been trying out the SiteAdvisor programme, visiting "Green" sites,
suddenly noticed that something had turned off the Google Popup Blocker.
I turned it back on, and later a popup window overpowered the IE window, advertising antivirus protection, saying "Is your computer running slower? do you have a virus, download... etc.

I tried to close it from the task bar, no joy.
Tried the Red X close button, big mistake, it tried to make a connection with IE.
I closed the tab and opened Task manager, it was showing 47% cpu usage to IE.
Even with this closed, it still shows 47% usage!

I've run AVG AntiSpyware, and it found nothing.
I am about to run Spybot, and AVG Antivirus.
can you help me?
Logging off for a while to run those, and will await your advice.

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England

Unread postby beynac » June 13th, 2007, 2:11 pm

Please post a HijackThis log.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby six-h » June 13th, 2007, 3:01 pm

Hi beynac,

So much for my "invincibility test!"
I've run ATF Cleaner, and then AntiVirus, Spybot and AdAware, all clear!

"iexplorer.exe" is still showing 47% cpu usage, even when it's closed!,The entry in the Taskmanager seems to refresh once a second, (It appears to be blinking)

Hope that hjt finds that it's something and nothing, but it's scaring me!!

Logfile of HijackThis v1.99.1
Scan saved at 19:48:31, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wisptis.exe
C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\Geoff Vost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7243283515
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Geoff Vost\My Documents\Security Progs\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

I do appologise for taking up your valuable time, when you could be helping those that have not got into a mess through curiosity and stupidity!

six-h
six-h
Regular Member
 
Posts: 142
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware