trek2100
asked on
Can't uninstall ad blocking software
I downloaded and installed some ad blocking software, Ad Annihilator, from Downloads.com. The software commandered Internet Explorer. When I tried to uninstall it, the uninstaller wasn't able to find the install.log file. I tried reinstalling, rebooting, uninstalling, rebooting but couldn't get rid of it.
Any suggestions?
Any suggestions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm afraid Ad Annihilator is one of an increasing number of fake malware products that actually can be used to install more malicious products.
See http://www.2-spyware.com/corrupt-anti-spyware for further info.
Treat it as if it is a malware infection so try Spybot/AdAware and HijackThis afterwards to check you have cleared all the remaining traces.
See http://www.2-spyware.com/corrupt-anti-spyware for further info.
Treat it as if it is a malware infection so try Spybot/AdAware and HijackThis afterwards to check you have cleared all the remaining traces.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No Vee_Mod, but MASQUERAID maybe staying, :)
It's 33 minutes past midnight and I haven't had a wink, I'm off to bed in a minute, :)
My brain cells need recharging.
@MASQUERAID,
I just saw your post at the other thread, I got here anyhow thanks.
It's 33 minutes past midnight and I haven't had a wink, I'm off to bed in a minute, :)
My brain cells need recharging.
@MASQUERAID,
I just saw your post at the other thread, I got here anyhow thanks.
OK folks I get the next 8 hour watch ;)
I hope trek2100 has enough to fix this. If not post again.
I hope trek2100 has enough to fix this. If not post again.
You might want to try ad-aware 2007 (free version) from LavaSoft. It will fix many of your malware needs and it has a feature called Ad-Watch which can help you in the future by detecting the malware as you are about to download it.
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.lavasoftusa.com/products/ad_aware_free.php
ASKER
Thanks to all who suggested solutions. IE is still acting kind of funny but a least I can access my web email.
no probs, glad its gone,
if IE is still acting funny run a system file checker, system is restore is also good bfore the time youinstalled these.
Please be aware that it pays to delete these occasionally so as not bring back a poblem of malware.
While I'm here may I suggest you add some ectr protection,
use spyware blaster
It doesn't scan and clean for spyware - it prevents it from ever being installed.
It's main features include:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially dangerous sites in Internet Explorer.
http://www.javacoolsoftware.com/spywareblaster.html
if IE is still acting funny run a system file checker, system is restore is also good bfore the time youinstalled these.
Please be aware that it pays to delete these occasionally so as not bring back a poblem of malware.
While I'm here may I suggest you add some ectr protection,
use spyware blaster
It doesn't scan and clean for spyware - it prevents it from ever being installed.
It's main features include:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially dangerous sites in Internet Explorer.
http://www.javacoolsoftware.com/spywareblaster.html
ASKER
Will take your advice and get SpywareBlaster. Have Anonymizer anti-spyware installed. I'm pretty careful about downloading from the internet. In this case I downloaded the software from Download.com. The editors review of the software gave it a 5 star rating and users gave it 4 stars so I thought I was safe.
yes its become something of a hit and mis who can you trust, I don thave any other tools apart from my AVG spyware blaster and NAT, xpsp2 firewall. But i run ccleaner every time before closing my machine I clear out all my history and ie usage, run my avg when I boot up.
Update everything everyday.
Including windows updates which has the maliscious software remover updated every month.
where possible I always logon manually.
I ue hjackthis and post my logs here
http://www.hijackthis.de/
same place for downlownload as it provides a result straight away.
I also have Panda and Trend emails everyday notifying me of the latest threats.
Informed is well armed.
Cheers
Merete
Update everything everyday.
Including windows updates which has the maliscious software remover updated every month.
where possible I always logon manually.
I ue hjackthis and post my logs here
http://www.hijackthis.de/
same place for downlownload as it provides a result straight away.
I also have Panda and Trend emails everyday notifying me of the latest threats.
Informed is well armed.
Cheers
Merete
Vee_Mod: we were referring to installing programs off the internet with high ratings that can turn out to be nasties??
No one fromEE provided this program to trek2100 to install he made that decision himself and found he had a problem and came to us
I dont understand your comment if you felt my final comment was referring to who one can trust here at experts exchange my comment was mis taken in context as i was referring trek2100 experince.
you do make a good point however.
No one fromEE provided this program to trek2100 to install he made that decision himself and found he had a problem and came to us
I dont understand your comment if you felt my final comment was referring to who one can trust here at experts exchange my comment was mis taken in context as i was referring trek2100 experince.
you do make a good point however.
Glad to know it's gone, thanks!
Yeah, SpywareBlaster from Javacool is a great addition and it doesn't need any resources to protect you because it doesn't need to run in the background, all it needs is to check for updates like weekly or so and install if any, then re-enable all protection. I have it installed in my pc and I use its database a lot to check for bad 016 entries in Hijackthis.
SUPERAntispyware that Vee_Mod suggested is the best malware scanner out there so far. It has very good detection and removal rate compared to other leading malware scanners like SpySweeper, or AVG Antispyware.
And the best thing is it's free as an on-demand scanner with all the updates. The paid version has real-time protection.
Winhelp2002 hosts file is also a great protection to block ads, banners and hijackers.
You might like to check out TonyKlein's article to tighten your security, "How did I Get Infected in the First Place?"
http://forums.spybot.info/showthread.php?t=279
>>IE is still acting kind of funny but a least I can access my web email.<<
Let us check your Hijackthis log for any suspicious entries, some nasties can also hide from the scan, but there are also other diagnostic tool we can suggest if Hijackthis log shows up clean.
Vee_Mod,
Thanks for the compliments and kind words, I very much appreciate it.
Yeah, SpywareBlaster from Javacool is a great addition and it doesn't need any resources to protect you because it doesn't need to run in the background, all it needs is to check for updates like weekly or so and install if any, then re-enable all protection. I have it installed in my pc and I use its database a lot to check for bad 016 entries in Hijackthis.
SUPERAntispyware that Vee_Mod suggested is the best malware scanner out there so far. It has very good detection and removal rate compared to other leading malware scanners like SpySweeper, or AVG Antispyware.
And the best thing is it's free as an on-demand scanner with all the updates. The paid version has real-time protection.
Winhelp2002 hosts file is also a great protection to block ads, banners and hijackers.
You might like to check out TonyKlein's article to tighten your security, "How did I Get Infected in the First Place?"
http://forums.spybot.info/showthread.php?t=279
>>IE is still acting kind of funny but a least I can access my web email.<<
Let us check your Hijackthis log for any suspicious entries, some nasties can also hide from the scan, but there are also other diagnostic tool we can suggest if Hijackthis log shows up clean.
Vee_Mod,
Thanks for the compliments and kind words, I very much appreciate it.
ASKER
rpggamergirl,
It was suggested that I post a copy of my HiJackThis log. Being a new member, I don't know if its against policy to post it here or if I should post it in some other location for you to view. My apologies to all if I posted it in the wrong location.
Logfile of HijackThis v1.99.1
Scan saved at 8:59:04 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\NETGEAR\WN511B\Utili ty\WN511B. exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\DesktopEarth\Desktop Earth.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.e xe
C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
C:\Program Files\Maxtor\Utils\SyncSer vices.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Anonymizer\Anonymize r Software\Anonymizer.exe
c:\program files\anonymizer\anonymize r software\common\AnonProxy. exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX E
C:\Program Files\Microsoft Office\Office10\WINWORD.EX E
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Sta rt Menu\Programs\UTILITIES\hi jackthis\H ijackThis. exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = proxy-memh3131d.network.fe dex.com:31 28
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0 0400523e39 a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_01\bin \ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\2 .0.301.716 4\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0 0400523e39 a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-2 51F5593EC9 A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2569.dl l
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc .exe -startgui
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utili ty\WN511B. exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe " /tray
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymize r Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IECaptureS elLinks.ht ml
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppendSe lLinks.htm l
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IECapture. html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien t.dll/Acro IEAppend.h tml
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom izeIEMenu. html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 6} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 6} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 9} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 9} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0 0400523e39 a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0 0400523e39 a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178825120215
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180830652217
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog on.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9 4D524869DB 5} - C:\WINDOWS\system32\WPDShS erviceObj. dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga .exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.e xe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncSer vices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
It was suggested that I post a copy of my HiJackThis log. Being a new member, I don't know if its against policy to post it here or if I should post it in some other location for you to view. My apologies to all if I posted it in the wrong location.
Logfile of HijackThis v1.99.1
Scan saved at 8:59:04 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\NETGEAR\WN511B\Utili
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\DesktopEarth\Desktop
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.e
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Maxtor\Utils\SyncSer
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Anonymizer\Anonymize
c:\program files\anonymizer\anonymize
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
C:\Program Files\Microsoft Office\Office10\WINWORD.EX
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Sta
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-2
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utili
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLog
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.e
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncSer
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
trek2100,
Thanks for the log, apart from some registry clutters, I couldn't spot any suspicious entries present.
In what way is IE acting funny? would you mind to elaborate please.
>>I don't know if its against policy to post it here <<
There is no policy that I know of with regards to posting hijackthis log in the thread.
Though some Zone Advisors/PE will not allow hijackthis logs to be posted in their zones.
Usually it is recommended that logs are uploaded to EE-Stuff.com or to any hosting sites for 2 reasons that I know of:
1. Because some logs are too long and clutters up the thread and it's much easier for those searching in the FAQ if they don't need to scroll the long threads looking for solutions.
2. Sometimes personal identifiable info can show up in the log usually IF hijackthis is run from the temp folder or under Documents & Settings folder and if real names are being used as user account. So it's for the log owner's own privacy that EE puts into consideration.
In other words, if the Asker is happy to post his log then that's alright. I always removed any personal identifiable info in the log if I see it.
Personally I prefer if Askers paste their hijackthis logs on the question.
In my assigned zones I will delete only long logs like Combofix, autoruns, SilentRunners etc.
Hijackthis zone is the best place to post hijackthis logs, but if the question is posted somewhere else and an expert asks for Hijackthis log then it's okay too.
Thanks for the log, apart from some registry clutters, I couldn't spot any suspicious entries present.
In what way is IE acting funny? would you mind to elaborate please.
>>I don't know if its against policy to post it here <<
There is no policy that I know of with regards to posting hijackthis log in the thread.
Though some Zone Advisors/PE will not allow hijackthis logs to be posted in their zones.
Usually it is recommended that logs are uploaded to EE-Stuff.com or to any hosting sites for 2 reasons that I know of:
1. Because some logs are too long and clutters up the thread and it's much easier for those searching in the FAQ if they don't need to scroll the long threads looking for solutions.
2. Sometimes personal identifiable info can show up in the log usually IF hijackthis is run from the temp folder or under Documents & Settings folder and if real names are being used as user account. So it's for the log owner's own privacy that EE puts into consideration.
In other words, if the Asker is happy to post his log then that's alright. I always removed any personal identifiable info in the log if I see it.
Personally I prefer if Askers paste their hijackthis logs on the question.
In my assigned zones I will delete only long logs like Combofix, autoruns, SilentRunners etc.
Hijackthis zone is the best place to post hijackthis logs, but if the question is posted somewhere else and an expert asks for Hijackthis log then it's okay too.
Another way that might remove it is to download HijackThis from: http://www.spywareinfo.com/~merijn/programs.php
then run "system scan only". Check mark all instances of Ad Annihilator and click "fix checked". I know Ad Annihilator is not a spyware, but this method still might remove it.
Good luck