Ultimate Predator Posted November 27, 2005 Posted November 27, 2005 Here it is from someone's PC I'm working on, please check, last thing I need to do on it: Logfile of HijackThis v1.99.1 Scan saved at 12:25:35, on 27/11/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE C:\WINDOWS\TWAIN_32\DIGICAM\DIGISRV.EXE C:\PROGRAM FILES\AROVAX SHIELD\AROVAXSHIELD.EXE C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\E_S10IC2.EXE C:\WINDOWS\SYSTEM\E_S10IC2.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE D:\INSTALLERS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe /h O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
Administrator Tarun Posted November 27, 2005 Administrator Posted November 27, 2005 Generated by Tarun's HijackThis Converter v0.44 Beta. Default-color items are optional, red are known to be malicious. Changed registry value R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/ Enumeration of existing IE's BHO's O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL Enumeration of existing IE's toolbars O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE Extra IE context menu items O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html If you use System Restore Remover Pro and get rid of System Restore, the pc will work a lot better.
Ultimate Predator Posted November 27, 2005 Author Posted November 27, 2005 Do you have a link for System Restore Remover Pro? What exactly will it do, remove the whole System Restore program? The only thing I can think og going through is this lot: Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
Administrator Tarun Posted November 27, 2005 Administrator Posted November 27, 2005 Link I believe you can also remove PCHealth. I'm not a fan of toolbars, I really see them as junk. Taking up web browsing space and you never really know what they're monitoring.
Ultimate Predator Posted November 27, 2005 Author Posted November 27, 2005 And it will help the PC a lot then, having system restore removed?
Administrator Tarun Posted November 27, 2005 Administrator Posted November 27, 2005 You're basically removing something that doesn't work. On my ME machine, after I removed it Windows ME was very stable. Even got it to 99% system resources free a few times. :hug:
Ultimate Predator Posted November 27, 2005 Author Posted November 27, 2005 I'll give that a go, what about PCHealth?
Administrator Tarun Posted November 27, 2005 Administrator Posted November 27, 2005 Removed that too.
Ultimate Predator Posted November 28, 2005 Author Posted November 28, 2005 Whjat does PCHealth do, do you have a link for the program to get rid of it, and are ypu sure that getting rid of System Restore (and possibly PCHealth) won't screw up the PC?
Administrator Tarun Posted November 28, 2005 Administrator Posted November 28, 2005 System Restore Remover Pro can remove System Restore, PCHealth, Windows Movie Maker and a few others things on Windows ME. I've used it every time I formatted my comp and found it very safe and stable. Your results may very, but I doubt it.
Ultimate Predator Posted November 28, 2005 Author Posted November 28, 2005 With that program what do you reommend I get rid of? The owner doesn't only really uses it for browsing the net and making Office docs e.c.t.
Administrator Tarun Posted November 28, 2005 Administrator Posted November 28, 2005 System Restore and PC Health. Ask him about Windows Movie Maker, though.
Ultimate Predator Posted November 28, 2005 Author Posted November 28, 2005 Its a her! What does PCHealth do? Windows Movie Maker I'm not sure on.
Administrator Tarun Posted November 28, 2005 Administrator Posted November 28, 2005 Windows ME PC Health
1984 Posted November 28, 2005 Posted November 28, 2005 is there a program which eliminates the system restore in XP? and if so, is that a good thing or bad?
Ultimate Predator Posted November 29, 2005 Author Posted November 29, 2005 I'll keep PCHealth, but get rid of System Restore.
Recommended Posts