My HJT Log for first time

[scarecrowdr]

I deleted HJT then Reinstalled it n ran a New scan. Here is the Log.
Would appreciate if someone could look at it and addvice if anything is found.
Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 10:29:55, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\My hijack-this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.25\IExifMap.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.25\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115254284562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sctterlr - Unknown owner - (no file)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

[crunchie]

Just a couple of empty entries.

Can you please do the following.

===============

We'll need to disable AdAware's AdWatch, since it might interfere with other program(s) we might be using to 'clean' off your system; you can re-enable it after we're done. To disable this feature, run AdAware SE, then:

1. Click "AdWatch".
2. Click "Tools and Preferences".

(Look at the bottom of the window you will see two options...)


3. Uncheck these options:

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically


Remember to re-enable this feature once your system is clean.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

[scarecrowdr]

WoW! your quick Crunchie----
Before i do that I'll tell you what I have already done..
I did an online scan with AVG n it said I had a "Trojan.BHO.b" (now sorted, i hope)
Downloaded AVG ANTI Spyware n did a scan. It found 14 tracking cookies. (thats nowt n easy to clean) then it found this---
Mozilla 16 C: Doc & settup\name\Application Data\Mozilla\Firefox\Profiles\RWE0FVGX.Default\cookies.txt
Why would it pick that up i wonder!! ?
AnyWay----FireFox now DELETED..I use Avant Browser now..
I got these n are Wondering if I got Too Many!
Spyhunter--Ad-Watch--Ad-Aware--XoftSpySE--Spybot-Search & Destroy--Full Mcaffee with Spamkiller & Antispyware n now AVG Anti-Spyware......I Might Uninstall Mcaffee n put in Full AVG seeing as I bought it for other PC. What say you..
Over to you before I do the Above

[scarecrowdr]

OK my friend--I have done the above & both those are now not in my scan..Should we always close the Browser before hitting 'Fix This'..As I have always done Fix with Browser still active...I feel Stupid being here as I thought I knew how to deal with all this...Bites Tongue n says---Still LEARNING n Proud!!..LOL
I'm Wondering n being Perplexed as to How n Why I'm getting these odd problems Now!
Especially when I thought I was as Tight as a Ducks BUM....Never Think as it's Dangerous! LOL
Over to you.

[crunchie]

Browser closed B4 fixing with hijackthis is the correct procedure or the entries will not be 'fixed.' A reboot and rescan with hijackthis will tell you if they were fixed.
As for the anti-malware tools.........personal choice really and ones surfing habits . I have Adaware, Spybot, Spywareblaster and I may install AVG antispyware on this pc, although it froze on my other one, so I may not. I do also have Avast AV and Kerio firewall.
Truth be told, they don't find anything other than a few cookies as I use Opera 99% of the time and I am careful where I go.

[scarecrowdr]

How on earth you learnt how to do all this is beyond me m8..Thank goodness there are peeps such as you willing to help others....I know a little, but other parts Scrambble my brain---Thanks.
One last thing, as I seem to be going ahead of you.
I always start Avant Browser with a Blank Page, that way i know if I've been Hijacked. (normally) After cleaning, mcaffees poped up n told me of a Reg change to IE. So I now got this..
R0 HKCU\Software\microsoft\internet\explorer\main,local page
Is that OK..
THANKS.

[crunchie]

Like this, do you mean?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 is for Internet Explorer's starting page and search assistant.
If so, it's ok, just means you haven't set anything and it's a redundant registry entry .

[scarecrowdr]

Thanks M8.......Now then, when I do a scan, dureing that scan a Yellow Triangle with ! in centre pops up in my Quick Launch..i click it n it Dissapears..I've noticed this before but whenever I click it, it vanishes..Any Ideas!
Also, one last thing.--This N0.23---O23 - Service: Sctterlr - Unknown owner - (no file) Any Ideas as to what it is.
THANKS

[crunchie]

Ran a google and came up with your log . Try fixing the entry with hijackthis, reboot and see if it's gone.
I have no idea what the yellow triangle bizzo is. Is there anything untoward happening with your PC?

[scarecrowdr]

I'm haveing the Odd Windows Error n programs close..Not had that before..
I got Rid of Evidence Eliminator in case it was that...BUT---I got this of it left in Reg in Run.
C:\program files\evidence eliminator\ee.exe /m
I keep Deleteing the Rugger n it keeps comeing back...I Stop it running at startup but Run puts it back.....Nothing of it Left Anywhere, unless it's Hideing in some Remote place in the REG..Non of the Reg programs I got will get rid of it...So that Yellow Triangle could be something to do with EE..
Over to you M8...Sorry to be a pain..

[crunchie]

Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.