401 EVP HijackThis Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gary2

Thread Starter
Joined
Sep 23, 2003
Messages
3
Hi, I keep getting the 401 EVP warning in IE.
I ran HijackThis and recieved the following log.
Any Help as to which ones should be removed would be greatly appreciated.
Thanks:)

Logfile of HijackThis v1.97.2
Scan saved at 3:50:38 PM, on 9/23/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
D:\PROGRAM FILES\TREND\PCCIOMON.EXE
D:\PROGRAM FILES\TREND\PCCPFW.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAM FILES\PINNACLE\PINNACLE PCTV\REMOTE\REMOTERM.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAM FILES\TREND\PCCGUIDE.EXE
D:\PROGRAM FILES\TREND\PCCCLIENT.EXE
D:\PROGRAM FILES\TREND\POP3TRAP.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
D:\PROGRAM FILES\WINAMP\WINAMPA.EXE
D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\DUNMON\DUNMON.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\securityID=816093-MS03-011&privacyAPI32=x401.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PCTVRemote] d:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\PINNACLE\PPE\ppe.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "D:\Program Files\Trend\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend\Pop3trap.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "D:\Program Files\Trend\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] D:\Program Files\Trend\PCCPFW.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: winampa.exe.lnk = D:\Program Files\Winamp\winampa.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Outlook.exe.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://pcworld.idg.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O19 - User stylesheet: c:\windows\java\my.css
 
Joined
Jul 24, 2003
Messages
420
Hi gary2 ,

Please do the following ,

Download CWShredder www.spywareinfo.com/~merijn/files/cwshredder.zip
Close all browser windows , check the Taskbar for minimized windows as well , Run CWShredder.


Scan Hijack This , put a check in the following entries and hit ''Fix Checked'' ,

O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O19 - User stylesheet: c:\windows\java\my.css


Shutdown & Reboot your computer

Navigate to and Delete the following
c:\windows\java\my.css


Next , download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems.

Shutdown & Reboot your computer

Consider downloading SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

When your finished , Rescan Hijack This and post a new log for a follow-up review

Good luck
 

gary2

Thread Starter
Joined
Sep 23, 2003
Messages
3
Thanks for your help.

I now have the fllowing log.

Logfile of HijackThis v1.97.2
Scan saved at 10:29:59 PM, on 9/23/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
D:\PROGRAM FILES\TREND\PCCIOMON.EXE
D:\PROGRAM FILES\TREND\PCCPFW.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAM FILES\PINNACLE\PINNACLE PCTV\REMOTE\REMOTERM.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAM FILES\TREND\PCCGUIDE.EXE
D:\PROGRAM FILES\TREND\PCCCLIENT.EXE
D:\PROGRAM FILES\TREND\POP3TRAP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
D:\PROGRAM FILES\WINAMP\WINAMPA.EXE
D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [PCTVRemote] d:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [PCLEPCI] D:\PROGRA~1\PINNACLE\PPE\ppe.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "D:\Program Files\Trend\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend\Pop3trap.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "D:\Program Files\Trend\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] D:\Program Files\Trend\PCCPFW.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: winampa.exe.lnk = D:\Program Files\Winamp\winampa.exe
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Outlook.exe.lnk = D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://pcworld.idg.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab

I am also unsure on a few other things.
1. Was the 401 EVP warning authentic, or just some kind of hoax to get people to buy software
2. Was my security at great vulnerability, ie. should I change my passwords etc.
3. Should I run ZonAllarm with SpywareBlaster and SpywareGuard, or would this cause conflicts?

Thanks
 
Joined
Mar 9, 2003
Messages
4,699
1. Was the 401 EVP warning authentic, or just some kind of hoax to get people to buy software

Run your mouse over the "warning", if the pointer turns into a hand and finger, it's an ad

2. Was my security at great vulnerability, ie. should I change my passwords etc.

Probably not, but it never hurts to change passwords once in awhile.

3. Should I run ZonAllarm with SpywareBlaster and SpywareGuard, or would this cause conflicts?

In general, I would not think you would get any conflicts.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top