Adaware and Spybot preventing 3Com card from working

[news.rcn.com]

This is to some extent a re-post although I am posting the OP at the end for
completeness:

Yesterday I got in a Latitude running Windows 2000 infested with spyware and
adware. I could only find lying around and installed a 3Com PC card and
installed the drivers and client manager. There is something curious but
probably irrelevant about this computer because with no NIC in it, it shows
a 2MBPS connection and some packets going out with usually virtually nothing
coming in. Sometimes a packet or so.

The card worked immediately although not all that well as it wouldn't
complete brining in an 18 Meg Windows Update file (it got 80% and then
effectively stopped)

But it did update NAV corporate edition, I installed Spybot and Adaware and
it updated both and ran both. It found hundreds of infestations, all of
which I removed without caring whether someone had installed some program
which needed ads or pop-ups to run. SUDDENLY the whole 3Com card stopped
working and started showing the WLAN screen with an X in the middle showing
that there is no connection between the card and any base station.
Diagnostics shows the presence of the card which still flashes pleasingly
but with no result.

So I updated the firmware on the card to an earlier version than before (see
below). Still nothing. So I updated the drivers to the more recent 204
version. Still nothing.

Anyone got any idea what could conceivably be causing this?

OP below which went out to alt internet wireless and various MS forums
(where no one had any idea what could be stopping this card from working)

I have about ten or twelve computers with a mixture of mostly PCs but a few
Macs, all supposedly connected on the network. Some of them even network
together! I Have a mixture of mainly notebooks but a few desktops (with
internal NICs or USB devices). Netgear, Buffalo, Linksys, D-Link, etc NICs.
All seem reasonably easily configurable or if not, the Technical Support
departments know their hardware's quirks and can tell you what is wrong.
(except possibly Netgear whose MA401 is very quirky and while it does work
with 98 or XP, it is only really happy with Linux: But their MA301 and MA111
work fine)

But I am having a problem with a 3com PC card, a 3crwe62092A with a curious
flat spring-out aerial. It has a gigantic 32 megabyte install exe file which
doesn't seem to comprise a configurable scanner. But the card installs, and
shows up in device manager without any exclamation marks. The card is
always properly recognised on boot and flashes pleasingly to show it is
working. It's extraordinarily limited utility usually even shows the
strength of the link and link quality. And you can even switch between
networks (though you cant see what they are or whether they are encrypted or
even whether they are your own or a neighbour's).

But it is the only card I have never managed to get to connect
to the Internet. And it has an internal diagnostic utility which doesn't
allow you to do much but which has never shown it working, even when it is
showing a good link quality and signal strength!

On any computer I have ever installed it on. (I need hardly add that
whenever I have had this problem, I have always connected some alternative
NIC and they have inevitably worked immediately and without either problems
or configuration issues)

There is also a 500 kb update to the file which device manager seems to
think it doesn't need. Obviously when I can't get the card to work, I update
the driver. On no computer has that ever made the slightest difference.
There is also a firmware update which does nothing.

3Com seems to be the only NIC company which couldn't care less about
supporting its products and has actively refused to assist. Has anyone else
had these problems with either this company or this card OR found that
uninstalling the whole shooting match and installing some generic scanner
does the job if you can get the 3com card drivers themselves installed?

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>

| This is to some extent a re-post although I am posting the OP at the end for
| completeness:
|

< snip >

3Com NICS are some of the *best* in the industry. I think you are coming to a faux
conclusion. There is no conlicts between antio spayware and the hardware. Your problem is
NOT virus related but OS and/or hardware related.

Please post in an appropriate News Group such as;
news://msnews.microsoft.com/microsoft.public.win2000.general

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is to some extent a re-post although I am posting the OP at the end for
completeness:

Yesterday I got in a Latitude running Windows 2000 infested with spyware and
adware. I could only find lying around and installed a 3Com PC card and
installed the drivers and client manager. There is something curious but
probably irrelevant about this computer because with no NIC in it, it shows
a 2MBPS connection and some packets going out with usually virtually nothing
coming in. Sometimes a packet or so.

The card worked immediately although not all that well as it wouldn't
complete brining in an 18 Meg Windows Update file (it got 80% and then
effectively stopped)

But it did update NAV corporate edition, I installed Spybot and Adaware and
it updated both and ran both. It found hundreds of infestations, all of
which I removed without caring whether someone had installed some program
which needed ads or pop-ups to run. SUDDENLY the whole 3Com card stopped
working and started showing the WLAN screen with an X in the middle showing
that there is no connection between the card and any base station.
Diagnostics shows the presence of the card which still flashes pleasingly
but with no result.

I've known spyware to mess up drivers before; you could try uninstalling it
from the device manager, removing & rebooting then plugging it back in and
reinstalling the drivers.

Have you checked the Event Log for anything relevant?
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDf0EB7uRVdtPsXDkRAvy0AJ97liS5cVsHEddj2bgJrANgrKTu/gCfZAjv
M6rTmWrfr1EzupAAf3ElKYA=
=bS7k
-----END PGP SIGNATURE-----

 

[Duane Arnold]

From: "news.rcn.com" <news.rnc.com>

| This is to some extent a re-post although I am posting the OP at the
| end for completeness:
|

< snip >

3Com NICS are some of the *best* in the industry. I think you are
coming to a faux conclusion. There is no conlicts between antio
spayware and the hardware. Your problem is NOT virus related but OS
and/or hardware related.

Please post in an appropriate News Group such as;
news://msnews.microsoft.com/microsoft.public.win2000.general

I have used many a 3Com NIC(s) and never had a major problem with them. I
even called 3COM support with no issues from them.

Duane

 

[Max Wachtel]

news.rcn.com news.rnc.com on 11/19/2005 in

This is to some extent a re-post although I am posting the OP at the
end for completeness:

Yesterday I got in a Latitude running Windows 2000 infested with
spyware and adware. I could only find lying around and installed a
3Com PC card and installed the drivers and client manager. There is
something curious but probably irrelevant about this computer because
with no NIC in it, it shows a 2MBPS connection and some packets going
out with usually virtually nothing coming in. Sometimes a packet or
so.

The card worked immediately although not all that well as it wouldn't
complete brining in an 18 Meg Windows Update file (it got 80% and
then effectively stopped)

But it did update NAV corporate edition, I installed Spybot and
Adaware and it updated both and ran both. It found hundreds of
infestations, all of which I removed without caring whether someone
had installed some program which needed ads or pop-ups to run.
SUDDENLY the whole 3Com card stopped working and started showing the
WLAN screen with an X in the middle showing that there is no
connection between the card and any base station. Diagnostics shows
the presence of the card which still flashes pleasingly but with no
result.

So I updated the firmware on the card to an earlier version than
before (see below). Still nothing. So I updated the drivers to the
more recent 204 version. Still nothing.

Anyone got any idea what could conceivably be causing this?

OP below which went out to alt internet wireless and various MS
forums (where no one had any idea what could be stopping this card
from working)

I have about ten or twelve computers with a mixture of mostly PCs but
a few Macs, all supposedly connected on the network. Some of them
even network together! I Have a mixture of mainly notebooks but a few
desktops (with internal NICs or USB devices). Netgear, Buffalo,
Linksys, D-Link, etc NICs. All seem reasonably easily configurable
or if not, the Technical Support departments know their hardware's
quirks and can tell you what is wrong. (except possibly Netgear
whose MA401 is very quirky and while it does work with 98 or XP, it
is only really happy with Linux: But their MA301 and MA111 work fine)

But I am having a problem with a 3com PC card, a 3crwe62092A with a
curious flat spring-out aerial. It has a gigantic 32 megabyte install
exe file which doesn't seem to comprise a configurable scanner. But
the card installs, and shows up in device manager without any
exclamation marks. The card is always properly recognised on boot
and flashes pleasingly to show it is working. It's extraordinarily
limited utility usually even shows the strength of the link and link
quality. And you can even switch between networks (though you cant
see what they are or whether they are encrypted or even whether they
are your own or a neighbour's).

But it is the only card I have never managed to get to connect
to the Internet. And it has an internal diagnostic utility which
doesn't allow you to do much but which has never shown it working,
even when it is showing a good link quality and signal strength!

On any computer I have ever installed it on. (I need hardly add that
whenever I have had this problem, I have always connected some
alternative NIC and they have inevitably worked immediately and
without either problems or configuration issues)

There is also a 500 kb update to the file which device manager seems
to think it doesn't need. Obviously when I can't get the card to
work, I update the driver. On no computer has that ever made the
slightest difference. There is also a firmware update which does
nothing.

3Com seems to be the only NIC company which couldn't care less about
supporting its products and has actively refused to assist. Has
anyone else had these problems with either this company or this card
OR found that uninstalling the whole shooting match and installing
some generic scanner does the job if you can get the 3com card
drivers themselves installed?

Have you checked for a winsock or LSP issue? Sometimes during malware
removal,connectivity problems arise.
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[news.rcn.com]

Not sure where to find an event log which would tell me anything about this?

 

[news.rcn.com]

I have used many a 3Com NIC(s) and never had a major problem with them. I
even called 3COM support with no issues from them.

Possibly I merely got an unhelpful tech support person whose attitude was
that my card was more than a year old and he didn't have to speak to me:
This was a case of having to call again to get someone to assist who could
identify why this card wouldn't work in any one of numerous computers I
tried to put it in. There is probably a simple answer

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not sure where to find an event log which would tell me anything about this?

Sorry! Right-click My Computer and select Manage.

Navigate to System tools->Event Viewer. Select a log to view it's contents.
Both the System and Application may have relevant errors or information in
them.
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDgGaj7uRVdtPsXDkRAohfAJ9BnDYA9MOpcsp2AozBxNDmRM5QuwCfSViP
EttaQDUgmcRWT1fvzLD/cqQ=
=vD2n
-----END PGP SIGNATURE-----

 

[news.rcn.com]

You were right, it only needed getting the right person at 3Com to correct
the problem in an instant

Can you assist me with another problem please?

This Multi_av program is exceptionally useful (though Kaspersky does
sometimes take up to four hours to run) but I am having trouble using it on
a PCG-F370 which has suddenly slowed down to a crawl: By this I mean that
every command takes at least 20 seconds from pressing ENTER to start
executing.

It is running 98SE which I presume should work with Multi_av as the app
seems to be DOS based? Could some trojan be stopping it from working? Or
does it just not work in 98? I have tried everything else: Defrag, SFC,
updated Spybot and adaware, MicrosoftUpdate, scandisk, NDD etc?

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>

| You were right, it only needed getting the right person at 3Com to correct
| the problem in an instant
|
| Can you assist me with another problem please?
|
| This Multi_av program is exceptionally useful (though Kaspersky does
| sometimes take up to four hours to run) but I am having trouble using it on
| a PCG-F370 which has suddenly slowed down to a crawl: By this I mean that
| every command takes at least 20 seconds from pressing ENTER to start
| executing.
|
| It is running 98SE which I presume should work with Multi_av as the app
| seems to be DOS based? Could some trojan be stopping it from working? Or
| does it just not work in 98? I have tried everything else: Defrag, SFC,
| updated Spybot and adaware, MicrosoftUpdate, scandisk, NDD etc?
|

Sounds like Sony platform.

The Multi AV Scanning Tool does run on Win98SE. Your Sony could have malware, either Viral
or non-viral.

Did you specifically use Ad-aware SE v1.06 and SpyBot Search and Destroy v1.4 ?

How much RAM ?

How many legitim,ate software is being loaded at Startup ?

You can use MSCONFIG.EXE to determine what is being loaded at startup and disable them if
needed.

 

[news.rcn.com]

Yes, I thought that adaware and spybot would cure this problem as they
usually seem to (I think my Spybot is 1.3 but it is suitably updated): When
they don't, SFC always does remove whatever the trojan has put in with 2000
or XP but this time, it didn't help. Everest reports 128 MEG Ram which ought
to be enough

I will check msconfig but I tend not to be able to tell what is needed from
what shouldnt be there and system resources reports that I have 82% left
most of the time so it must be some type of trojan? Which kinda makes sense
if it is clever enough to know to stop a simple DOS program like multi_av
from running in a DOS based environment!

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>

| Yes, I thought that adaware and spybot would cure this problem as they
| usually seem to (I think my Spybot is 1.3 but it is suitably updated): When
| they don't, SFC always does remove whatever the trojan has put in with 2000
| or XP but this time, it didn't help. Everest reports 128 MEG Ram which ought
| to be enough
|
| I will check msconfig but I tend not to be able to tell what is needed from
| what shouldnt be there and system resources reports that I have 82% left
| most of the time so it must be some type of trojan? Which kinda makes sense
| if it is clever enough to know to stop a simple DOS program like multi_av
| from running in a DOS based environment!

The Multi AV Scanning Tool uses a Win32 Command Console. If you use the Kaspersky scanner,
it is a DOS command. If you use the Sophos scanner on Win2K or WinXP it is a Win32 scanner.
If you use Sophos on a Win9x/ME PC it uses a DOS scanner. If you use McAfee it uses a Win32
scanner.

The Multi AV Scanning Tool is NOT a DOS based environment.


Download HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post the file in on of the below locations...

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }

 

[Beauregard T. Shagnasty]

(I think my Spybot is 1.3 but it is suitably updated):

No, it is not suitably updated.

AFAIR, the old 1.3 stopped getting updates about a year ago. You need to
upgrade the program itself to the latest version 1.4.

 

[news.rcn.com]

I tried the Kaspersky tool and all it reports is "bad command or file name"

I may have forgotten to mention, my computer has McAfee in it which updated
itself this morning so I am running a scan. Is it generally regarded as
being any good at catching trojans?

(will have to try HijackThis)

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>

| I tried the Kaspersky tool and all it reports is "bad command or file name"
|
| I may have forgotten to mention, my computer has McAfee in it which updated
| itself this morning so I am running a scan. Is it generally regarded as
| being any good at catching trojans?
|
| (will have to try HijackThis)
|


Using the McAfee module in the Multi AV Scanning tool ?

If you use the Kaspersky module to scan the PC and it is able to downloaded the needed files
it should have all the files needed to perform the scan.

If you are using a Retail Version of McAfee VirusScan it does NOT include the command line
scanner and it has limited comparative functionality.

 

[news.rcn.com]

http://www.spywareinfo.com/~merijn/files/HijackThis.exe

I generated this but it doesnt seem wothwhile posting to a malware forum:
It all looks totally harmless except for the AOL stuff which I thought I had
deleted when I got the computer (I cant believe that any of this normal
looking stuff is spyware). Does anyone know any better? The system still
shows 70% resources and does have 128 Meg Ram, - which shouldn't be creating
that 20 second lag between pressing enter on any program and the program
executing: (unless something is masquerading as google toolbar or
RealPlayer or something???). Not sure why the Quick Time Installer would be
there after QT has installed but that cant be causing this problem either?

Logfile of HijackThis v1.99.1
Scan saved at 10:45:11 PM, on 1/3/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER\CLIENTMGR2.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCMNHDLR.EXE
C:\PROGRAM FILES\MCAFEE.COM\SHARED\MGHTML.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://popnav.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {F0067FC4-9D34-476B-B49A-A8B815825040} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VirusScan Online]
"C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE"
/checktask
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe
/embedding
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: PowerPanel.lnk = C:\Program
Files\PowerPanel\PROGRAM\PcfMgr.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WINZIP\WZQKPICK.EXE
O4 - Startup: ClientManager2.lnk = C:\Program Files\BUFFALO\Client
Manager\ClientMgr2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM
FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,75/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,17/mcgdmgr.cab


The McAfee seems to be a retail version residing on the hard drive (and I
wasn't using Spybot 1.3, it IS 1.4).

 

[David H. Lipman]

|
| I generated this but it doesnt seem wothwhile posting to a malware forum:
| It all looks totally harmless except for the AOL stuff which I thought I had
| deleted when I got the computer (I cant believe that any of this normal
| looking stuff is spyware). Does anyone know any better? The system still
| shows 70% resources and does have 128 Meg Ram, - which shouldn't be creating
| that 20 second lag between pressing enter on any program and the program
| executing: (unless something is masquerading as google toolbar or
| RealPlayer or something???). Not sure why the Quick Time Installer would be
| there after QT has installed but that cant be causing this problem either?
|
| Logfile of HijackThis v1.99.1
| Scan saved at 10:45:11 PM, on 1/3/06
| Platform: Windows 98 SE (Win9x 4.10.2222A)
| MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

< HJT log snipped >

Nobody said for you to post the log here !
I specifically provided a list of places to post the log.
We don't want HJT logs posted here or in alt.comp.virus , alt.privacy.spyware , etc.

This is NOT the place to post HJT logs -- PERIOD.

The following is what I suggest you remove.

However, do NOT follow my advice or anyone else's advice on what to remove until you post in
one of the below forums I told you to post in in the beginning.

R3 - Default URLSearchHook is missing
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {F0067FC4-9D34-476B-B49A-A8B815825040} - (no file)



Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }

 

[news.rcn.com]

|
| I generated this but it doesnt seem wothwhile posting to a malware
forum:
| It all looks totally harmless except for the AOL stuff which I thought I
had
| deleted when I got the computer (I cant believe that any of this normal
| looking stuff is spyware). Does anyone know any better? The system
still
| shows 70% resources and does have 128 Meg Ram, - which shouldn't be
creating
| that 20 second lag between pressing enter on any program and the program
| executing: (unless something is masquerading as google toolbar or
| RealPlayer or something???). Not sure why the Quick Time Installer
would be
| there after QT has installed but that cant be causing this problem
either?
|
| Logfile of HijackThis v1.99.1
| Scan saved at 10:45:11 PM, on 1/3/06
| Platform: Windows 98 SE (Win9x 4.10.2222A)
| MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

< HJT log snipped >

Nobody said for you to post the log here !
I specifically provided a list of places to post the log.
We don't want HJT logs posted here or in alt.comp.virus ,
alt.privacy.spyware , etc.

This is NOT the place to post HJT logs -- PERIOD.

Sorry, I hadnt realised that those locations were the places to post logs
when you DIDN'T think there was anything amiss with the log itself: But I
now realise that the points you mention arent as inncocuous as I thought and
might well be causing the problems with which this computer is afflicted: (I
did have a Hijack attack about three years ago and did post and was told
exactly what to remove and it completely cured the attack)

 

[Steve Pope]

This is NOT the place to post HJT logs -- PERIOD.

The following is what I suggest you remove.

However, do NOT follow my advice or anyone else's advice on what to
remove until you post in
one of the below forums I told you to post in in the beginning.

Is there no usenet forum for posting Hijack logs? If not
why is this? (Just curious.)

I see no FAQ for this group and the alt.comp.virus FAQ does
not mention such a restriction.

Steve

 

[David H. Lipman]

From: "Steve Pope" <[email protected]>


|
| Is there no usenet forum for posting Hijack logs? If not
| why is this? (Just curious.)
|
| I see no FAQ for this group and the alt.comp.virus FAQ does
| not mention such a restriction.
|
| Steve

Steve:

That's a GOOD question.

the a.c.v and a.c.a-v FAQs don't mention it becuase when a.c.v was created in '94 the
software didn't exist. I don't know when HiJack This! was crated but I don't think it was
around when a.c.a-v created.

I don't know of any anti malware News Group that specifically allow the posting of HJT logs.

BTW: There is a Charter for a.c.a-v.