HijackThis Log - From Another PC - Resolved Logs

November 27, 200520 yr

Here it is from someone's PC I'm working on, please check, last thing I need to do on it:

Logfile of HijackThis v1.99.1

Scan saved at 12:25:35, on 27/11/2005

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE

C:\WINDOWS\TWAIN_32\DIGICAM\DIGISRV.EXE

C:\PROGRAM FILES\AROVAX SHIELD\AROVAXSHIELD.EXE

C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\E_S10IC2.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

D:\INSTALLERS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe

O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe /h

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE

O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html

November 27, 200520 yr

Administrator

Generated by Tarun's HijackThis Converter v0.44 Beta.

Default-color items are optional, red are known to be malicious.

Changed registry value

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/

Enumeration of existing IE's BHO's

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL

Enumeration of existing IE's toolbars

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE

Extra IE context menu items

O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html

If you use System Restore Remover Pro and get rid of System Restore, the pc will work a lot better.

November 27, 200520 yr

Author

Do you have a link for System Restore Remover Pro? What exactly will it do, remove the whole System Restore program? The only thing I can think og going through is this lot:

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE

November 27, 200520 yr

Administrator

Link

I believe you can also remove PCHealth. I'm not a fan of toolbars, I really see them as junk. Taking up web browsing space and you never really know what they're monitoring.

November 27, 200520 yr

Author

And it will help the PC a lot then, having system restore removed?

November 27, 200520 yr

Administrator

You're basically removing something that doesn't work. On my ME machine, after I removed it Windows ME was very stable. Even got it to 99% system resources free a few times. :hug:

November 27, 200520 yr

Author

I'll give that a go, what about PCHealth?

November 27, 200520 yr

Administrator

Removed that too.

November 28, 200520 yr

Author

Whjat does PCHealth do, do you have a link for the program to get rid of it, and are ypu sure that getting rid of System Restore (and possibly PCHealth) won't screw up the PC?

November 28, 200520 yr

Administrator

System Restore Remover Pro can remove System Restore, PCHealth, Windows Movie Maker and a few others things on Windows ME. I've used it every time I formatted my comp and found it very safe and stable. Your results may very, but I doubt it.

November 28, 200520 yr

Author

With that program what do you reommend I get rid of? The owner doesn't only really uses it for browsing the net and making Office docs e.c.t.

November 28, 200520 yr

Administrator

System Restore and PC Health. Ask him about Windows Movie Maker, though.

November 28, 200520 yr

Author

Its a her! What does PCHealth do? Windows Movie Maker I'm not sure on.

November 28, 200520 yr

Administrator

Windows ME PC Health

November 28, 200520 yr

is there a program which eliminates the system restore in XP? and if so, is that a good thing or bad?

November 29, 200520 yr

Author

I'll keep PCHealth, but get rid of System Restore.

HijackThis Log - From Another PC

Featured Replies

Recently Browsing 0

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)