|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Eddy
Cadet
Joined: Nov 29, 2003
Posts: 3
Location: Belgium
|
 Posted: Sat Nov 29, 2003 6:43 pm Post subject: Power scan 1.0 |
|
|
Hello,
I'm also having trouble removing 'Power scan 1.0'. I've downloaded your 'TomCoyote' program and will be running it shortly hereafter. I believe I have to go back to the forum and post the results, right?
kind regards,
Eddy
|
|
| Back to top |
|
 |
Eddy
Cadet
Joined: Nov 29, 2003
Posts: 3
Location: Belgium
|
| Posted: Sat Nov 29, 2003 6:57 pm Post subject: Reply to Power scan: HijackThis log |
|
|
Hello again,
This is the HijackThis log:
Logfile of HijackThis v1.97.7
Scan saved at 20:01:34, on 29/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
C:\ANTI-V~1\avgserv.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\Explorer.EXE
J:\PROGRA~1\Date Manager\DateManager.exe
C:\Anti-virus programmas\avgcc32.exe
J:\PROGRA~1\PrecisionTime\PrecisionTime.exe
J:\Program Files\QuickTime\qttask.exe
J:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
J:\Program Files\Free Surfer\fs20.exe
J:\Program Files\ISTsvc\istsvc.exe
J:\Program Files\Bargain Buddy\bin\bargains.exe
J:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\CalCheck.exe
J:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
J:\Program Files\WinZip\WZQKPICK.EXE
J:\WINDOWS\System32\wuauclt.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Microsoft Office\Office10\WINWORD.EXE
J:\WINDOWS\System32\ctfmon.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132151
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132151
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132151
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - J:\PROGRA~1\BARGAI~1\bin\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - J:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - J:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - J:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NeroCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Date Manager] "J:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Anti-virus programmas\avgcc32.exe /startup
O4 - HKLM\..\Run: [PrecisionTime] J:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [InCD] J:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InstantAccess] J:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] J:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [freesurfer] J:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [IST Service] J:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Bargains] J:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] J:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] J:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = J:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\CalCheck.exe
O4 - Global Startup: KODAK Software Updater.lnk = J:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: WinZip Quick Pick.lnk = J:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/nl/win/QuickTimeInstaller.exe
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexyworlds.nl/pr/163/plugin/plugin.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37809.8398148148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://vad.mainentrypoint.com/dialer/bin/CE10632/dialer_activex.cab
Can you tell me which are harmless, and which are not?
kind regards,
Eddy
|
|
| Back to top |
|
|
Acheton
Forums Admin
Premium Member
Joined: Sep 04, 2003
Posts: 8925
Location: Uk
|
|
| Back to top |
|
|
Eddy
Cadet
Joined: Nov 29, 2003
Posts: 3
Location: Belgium
|
| Posted: Sun Nov 30, 2003 5:36 am Post subject: Fresh log after rebooting .... |
|
|
Hallo ach,
The first time I restarted the computer, the Power scan screen still appeared. So I made another scan and saw a file with that name. I deleted that file, rebooted and ... hey presto ... no mention of Power scan again.
The 'TomCoyote' program and your help really did the trick, thank you again. I do run an anti-virus program (AVG 6.0) Would you recommend another virus program and which one? Or am I being too hasty here?
This is the fresh log after rebooting:
Logfile of HijackThis v1.97.7
Scan saved at 6:31:53, on 30/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
C:\ANTI-V~1\avgserv.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\Explorer.EXE
J:\PROGRA~1\Date Manager\DateManager.exe
C:\Anti-virus programmas\avgcc32.exe
J:\PROGRA~1\PrecisionTime\PrecisionTime.exe
J:\Program Files\QuickTime\qttask.exe
J:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
J:\Program Files\Free Surfer\fs20.exe
J:\Program Files\ISTsvc\istsvc.exe
J:\Program Files\Messenger\MSMSGS.EXE
J:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\CalCheck.exe
J:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
J:\Program Files\WinZip\WZQKPICK.EXE
J:\WINDOWS\System32\wuauclt.exe
J:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - J:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - J:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NeroCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Date Manager] "J:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Anti-virus programmas\avgcc32.exe /startup
O4 - HKLM\..\Run: [PrecisionTime] J:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [InCD] J:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InstantAccess] J:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] J:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [freesurfer] J:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [IST Service] J:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] J:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "J:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FlashPath Monitor.lnk = J:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\CalCheck.exe
O4 - Global Startup: KODAK Software Updater.lnk = J:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: WinZip Quick Pick.lnk = J:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/nl/win/QuickTimeInstaller.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37809.8398148148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
kind regards,
Eddy
|
|
| Back to top |
|
|
Bulldog
General
Premium Member
Joined: Nov 16, 2003
Posts: 4375
Location: Canada
|
| Posted: Sun Nov 30, 2003 9:00 am Post subject: |
|
|
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - J:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [IST Service] J:\Program Files\ISTsvc\istsvc.exe
Reboot and delete:
J:\Program Files\ISTsvc <-- folder
.
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
