Internet Explorer problem! Need some help.. - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 12-29-2005, 10:50 PM   #11 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

I was just curious about it, I didnt think it was anything so thats why I asked.
__________________

__________________
Osiris is offline  
Old 12-29-2005, 11:25 PM   #12 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 119
Default

I've just done what needed and it seems no effected, may be I need a reboot? OK?
__________________

__________________
First come, last serve
Fly4High is offline  
Old 12-29-2005, 11:31 PM   #13 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

have you removed those entries yet? if so repost your log..
__________________
Osiris is offline  
Old 12-29-2005, 11:41 PM   #14 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 119
Default

I have remove all the issues but it seems UAService cannot be remove. It run as SYSTEM id, I couldn't stop it neither remove it from HijackThis. Here's the log I've just run:

*********************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:38:32 AM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\D-Tools\daemon.exe
D:\Setup\Fonts\unikey\UniKeyNT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Setup\Firewalls & Securities\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [UniKey] D:\Setup\Fonts\unikey\UniKeyNT.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe


**************************************************

Pls help to check again! Thanks a lot! I really appriciated!
__________________
First come, last serve
Fly4High is offline  
Old 12-29-2005, 11:49 PM   #15 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

install and update this program

http://www.ewido.net/en/download/


Did it find annything?

also run it in safemode
__________________
Osiris is offline  
Old 12-29-2005, 11:57 PM   #16 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 119
Default

Ok,
I'm downloading and will operate it soon! Hope this will help!
Thanks!
__________________
First come, last serve
Fly4High is offline  
Old 12-30-2005, 02:24 AM   #17 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 119
Default

I'm now running Ewido anti-malware scan as you advice! It's seems my machine had been infected some malwares! Waiting until it complete scanning and I'll inform you about the result!
Hope it can solve the problem!
Thanks...
__________________
First come, last serve
Fly4High is offline  
Old 12-30-2005, 02:32 AM   #18 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

whatever it finds, remove. and then repost your log here
__________________
Osiris is offline  
Old 12-30-2005, 03:27 AM   #19 (permalink)
True Techie
 
Join Date: Nov 2005
Posts: 119
Default

Phew... it take so long to scan full system(approximately more than 1 hour)! At last, done! All the infected file have been removed. And here is the log detail I've save to file:

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 3:22:12 PM, 12/30/2005
+ Report-Checksum: 6EC19538

0: System Process
4: System Process
292: C:\Program Files\ewido anti-malware\ewidoctrl.exe
324: C:\Program Files\ewido anti-malware\ewidoguard.exe
376: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
504: c:\program files\mcafee.com\agent\mcdetect.exe
524: C:\Program Files\Network Associates\VirusScan\mcshield.exe
556: C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
568: C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
684: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
748: C:\Program Files\ewido anti-malware\SecuritySuite.exe
780: \SystemRoot\System32\smss.exe
816: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
856: \??\C:\WINDOWS\system32\csrss.exe
860: C:\WINDOWS\system32\RegSrvc.exe
880: \??\C:\WINDOWS\system32\winlogon.exe
924: C:\WINDOWS\system32\services.exe
936: C:\WINDOWS\system32\lsass.exe
1092: C:\WINDOWS\system32\svchost.exe
1168: C:\WINDOWS\system32\svchost.exe
1216: C:\WINDOWS\system32\wdfmgr.exe
1292: C:\WINDOWS\system32\UAService.exe
1312: C:\WINDOWS\System32\svchost.exe
1348: C:\WINDOWS\system32\S24EvMon.exe
1416: C:\WINDOWS\system32\svchost.exe
1436: C:\Program Files\Internet Explorer\iexplore.exe
1524: C:\WINDOWS\system32\svchost.exe
1816: C:\WINDOWS\system32\ZCfgSvc.exe
1840: C:\WINDOWS\System32\alg.exe
2076: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2344: C:\WINDOWS\Explorer.EXE
2360: C:\WINDOWS\system32\1XConfig.exe
2460: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2708: C:\WINDOWS\system32\igfxtray.exe
2716: C:\WINDOWS\system32\hkcmd.exe
2740: C:\WINDOWS\LTSMMSG.exe
2748: C:\Program Files\Apoint2K\Apoint.exe
2764: C:\WINDOWS\system32\00THotkey.exe
2780: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
2800: C:\PROGRA~1\mcafee.com\agent\mcagent.exe
2820: C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
2824: C:\Program Files\iTunes\iTunesHelper.exe
2840: C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
2848: C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
2856: C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
2868: C:\Program Files\D-Tools\daemon.exe
2880: D:\Setup\Fonts\unikey\UniKeyNT.exe
2916: C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
3004: C:\Program Files\iPod\bin\iPodService.exe
3060: C:\Program Files\Apoint2K\Apntex.exe
4040: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

********************************************

So, it is all right or have I forgot any log!
Pls help to check! Appreciated your kindly help!!!
__________________
First come, last serve
Fly4High is offline  
Old 12-30-2005, 03:54 AM   #20 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

I meant hijack this log...
__________________

__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 07:54 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.