| hopper |
| (new user ) |
| Tue Jun 01 2004 05:40 PM |
Incredimail
|
I had to remove incredimail since the last update changed settings on my pc which I do not know how to change back: The problem is that I can no longer delete icons on the desktop nor look at their properties. The system appears to shutdown and restart immediately again. The same happens when I want to copy a file in my windows explorer: Windows explorer shuts down without letting me copying or looking at file properties. This only happened after upgrading to the latest version of incredimail. I have removed this email program and attempted to clean my registry but obviously did not get all of it. I tried with Spysweeper but to no avail. Does anyone have any idea what the problem is? or how to change my system so I can copy files again in my windows explorer or delete icons from my desktop??
| bricat |
| (HijackThis Helper) |
| Tue Jun 01 2004 10:54 PM |
|
|
Re: Incredimail
|
First of all download the following programmes:Spybot & Adaware
Update both of them first, then run both programmes and have them fix anything they find.
When you have run and fixed everything with Spybot Search and Destroy and AdAware, please reboot before scanning, as not everything can be removed when Windows is running
Go tothis page, and download 'Hijack This!'.
Unzip it, launch Hijack This, then press Scan, and press Save Log
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
open that file
Go to Edit | Select all
Now click Edit | copy to copy it
Do not change anything just yet
Come back to the forum, Right Click and paste its contents here
Someone will come along and have a look at it, and advise you what still needs to be removed.
When you have been advised on your HijackThis log please download the following to stop most malware from getting into your p.c. in the first place:
Spywareblaster & Spywareguard.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
| hopper |
| (new user ) |
| Wed Jun 02 2004 10:33 AM |
|
Re: Incredimail
|
Thanks for the quick action. I followed your advice and here is the output of the "Hijack This" run:
Logfile of HijackThis v1.97.7
Scan saved at 10:27:25, on 02/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\WinKey\WinKey.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Downloads\Software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: concept/design's onlineTV (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38001.2825347222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5C6DE5-CD07-46D4-B03B-BDE4E7B1263A}: NameServer = 194.72.9.34 194.74.65.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D5C6DE5-CD07-46D4-B03B-BDE4E7B1263A}: NameServer = 194.72.9.34 194.74.65.69
| bricat |
| (HijackThis Helper) |
| Wed Jun 02 2004 11:20 AM |
|
|
|
Re: Incredimail
|
close all windows,rerun HJT, put a tick beside these and click FIX CHECKED
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: concept/design's onlineTV (HKLM)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
| hopper |
| (new user ) |
| Wed Jun 02 2004 12:06 PM |
|
Re: Incredimail
|
I have run HJT again and deleted the items mentioned. After rebooting my PC the problem is still existing.
| bricat |
| (HijackThis Helper) |
| Wed Jun 02 2004 12:23 PM |
|
|
|
Re: Incredimail
|
DISABLE SYSTEM RESTORE. then run a full virus scan.you might have to do this in SAFE MODE.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
| hopper |
| (new user ) |
| Wed Jun 02 2004 01:36 PM |
|
Re: Incredimail
|
I have followed your instrucions. Ran two different virus programs (CA and online Trendmicro). No viruses found.