housecall scan!!!????

[drhayden1]

i ran my weekly scan of housecall & kaspersky online a/v scanners,avast a/v scan,ewido online and spywareterminator and spyware doctor full scans and housecall is the only one that came up with this-as suggested by help of davidr in pm's be a detective and investigate it in hijack this and see if i can find it-i couldn't find it-not that knowledgeable of hijackthis and was wonder since this a low risk adware threat what to do and or is it a false positive
click on pic to supersize

[Lisandro]

I can't read the file name and path... 
Did you upload it to Jotti and/or VirusTotal?

[DavidR]

You don't need to read the path or file names as they are Browser Helper Objects for McAfee and Pest Patrol.

All that is required is confirming that these Browser Helper Objects were installed by you for a legitimate purpose, e.g. do you have a McAfee browser tool, like SiteAdvisor and one PestPatrol ?

If yes then no problem, but you have to confirm this.

HJT analysis will show the 02 BHO entries, detailing what these entries are for.

[drhayden1]

no i don't have site advisor as of yet
have firefox but haven't got the siteadvisor extension yet

HJT analysis will show the 02 BHO entries, detailing what these entries are for.

have the hijackthis from the a-squared free website   http://www.hijackfree.com/en/
and where would i find those 2 entries
do an analysis of my laptop

[drhayden1]

 
i have opera,firefox,avant & polonus new browser on here
but what extensions like site advisor none as of yet
so what would it be
could it be something like a password manager type thing on one of the browsers?

[mauserme]

Dan - why not post the HJT log and we can all walk through it ...

[polonus]

Hello Dan,

Can you post a HJT logfile for us to check up on. This seems a browser helper object adware. Did you loose memory because of it? Or did your IE browser have altered settings? Did you find questionable cookies?
We had a specific problem to-day at work, someone downloaded a nasty toolbar infested Mirc, hope yours is easier to tackle.

Damian

P.S. Keith, you must have read my mind. We do this one together, won't we?

[drhayden1]

how can i post it-it exceeds the character limit
keith-i will send to your email address

[essexboy]

Split it in two say first part up to 04 then the rest

[polonus]

Hi drhayden1,

After we got this cleansed, you are going to get www.scandoo.com as your searchengine page. There you have the same features as siteadvisor. NoScript is a must on Mozilla browsers because you can ban javascript  etc. to be executed on pages you do not trust, and allow it temporarily for pages you have been before. I'd also advise to use the Netcraft toolbar to keep you out of the phishing bernuda. And now we wait for you to come up with your HJT log, if it does not fit in one posting, use two, whatever is convenient,

polonus

I spotted essexboy is around also, not much that can go wrong then, Dan.

[drhayden1]

Explorer And Browser Addons:   Good   
Name:    AcroIEHlprObj Class
Path:    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Location:    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID:    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   Unknown - may be bad   
Name:    SSVHelper Class
Path:    C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
Location:    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID:    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
   Unknown - may be bad   
Name:    URL Exec Hook
Path:    shell32.dll
Location:    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID:    {AEB6717E-7E19-11d0-97EE-00C04FD91972}


is this them

[FreewheelinFrank]

It could just be a false positive detection by Trend Micro- their spyware scanner always seems to pick up on a few registry entries that it thinks are spyware.

As Kaspersky, Ewido, etc. find nothing, I suspect it will turn out to be a false alarm.

[essexboy]

In order

Adobe

Java

Active desktop

All legit

[drhayden1]

keith and bob-gonna send to your email addresses-its way toooooooo long to post-its a block long
 

[polonus]

Hi Dan, can you check this one: http://www.spywareremove.com/remove3721.html

Found it under shellexecutehooks removal.
Remove CnsMin Manually
Note: This manual removal process is difficult and you run the risk of destroying your computer.

Remove CnsMin registry values:
Software\Microsoft\Internet Explorer\AdvancedOptions\!CNS\\connect2party.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\B83FC273-3522-4CC6-92EC-75CC86678DA4\connect2party.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\B83FC273-3522-4CC6-92EC-75CC86678DA4
Software\Microsoft\Internet Explorer\AdvancedOptions\!CNS\
FD00D911-7529-4084-9946-A29F1BDF4FE5
ECF2E268-F28C-48d2-9AB7-8F69C11CCB71
5D73EE86-05F1-49ed-B850-E423120EC338
AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267
A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927
DF692509-D9EF-48A0-9CD0-3AA5B81F6F68
InterChina
3721
B83FC273-3522-4CC6-92EC-75CC86678DA4
D157330A-9EF3-49F8-9A67-4141AC41ADD4
CnsHelper.CH
CnsHelper.CH.1
CnsMinHK.CnsHook
CnsMinHK.CnsHook.1
1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1



Detect and Delete these CnsMin files:
cnsmin


Our Recommendation:

To avoid the unnecessary risk of damaging your computer, we highly recommend you use a good spyware cleaner/remover to track CnsMin and automatically find and remove other spyware, adware, trojans, and viruses in your PC. But like to see the HJT logfile.

polonus