Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

cleaning computer


  • This topic is locked This topic is locked
33 replies to this topic

#16 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 03:32 PM

under tools i see "File Signature Varification Utility" but no System File Checker, is this the same thing?

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 03:35 PM

Yes

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 03:43 PM

There isnt anything here that says scan for altered files, it says "Notify me if any System Files are not signed" and there is another option which lets you look for any type of file you want. When i ran this it made a pretty big log file, would probably need 3 posts to get it all down, do you want me to post it?

#19 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 04:25 PM

There isnt anything here that says scan for altered files, it says "Notify me if any System Files are not signed" and there is another option which lets you look for any type of file you want. When i ran this it made a pretty big log file, would probably need 3 posts to get it all down, do you want me to post it?

No. That's won't help any.

Can you post a new HJT log please?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 04:44 PM

HJT doesnt work on my computer :(

#21 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 04:51 PM

Go here and run the online scan
http://www.ewido.net/en/download/

Let me know what it found.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 06:58 PM

--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 8:54:30 PM 6/22/2006 + Scan result: C:\Documents and Settings\Dan Bernier.DANBERNIER\Local Settings\Temporary Internet Files\Content.IE5\ODMFWD6Z\gtdownls[1].cab/gtdownls_95.ocx -> Adware.Gdown : No action taken. :mozilla.79:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.80:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.81:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.94:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.95:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.96:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.97:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.50:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. :mozilla.98:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken. :mozilla.41:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.146:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Clickzs : No action taken. :mozilla.147:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Clickzs : No action taken. :mozilla.35:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.298:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Euroclick : No action taken. :mozilla.299:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Fastclick : No action taken. :mozilla.21:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Findwhat : No action taken. :mozilla.292:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.47:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.48:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.49:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.257:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Masterstats : No action taken. :mozilla.36:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.82:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Overture : No action taken. :mozilla.83:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Overture : No action taken. :mozilla.59:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.60:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.61:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.62:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.67:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.68:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.101:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Revenue : No action taken. :mozilla.75:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.76:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.77:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.78:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.239:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken. :mozilla.240:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken. :mozilla.241:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken. :mozilla.297:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken. :mozilla.52:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.55:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.56:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.57:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Zedo : No action taken. :mozilla.58:C:\Documents and Settings\Dan Bernier.DANBERNIER\Application Data\Mozilla\Firefox\Profiles\21i636to.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

#23 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 07:08 PM

Clink the link here and download the older version of HijackThis and lets see if that works. You'll need to unzip it.
http://www.merijn.or...ackthis1982.zip

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 07:27 PM

Still doesnt work, do you think somthing could be blocking the program from working? This is so annoying because this program worked on the 19th. :(

#25 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 07:31 PM

Still doesnt work, do you think somthing could be blocking the program from working? This is so annoying because this program worked on the 19th. :(

Yes.


Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
This can take several miniutes to load.

See if it will run now in Safe Mode. If so, save the scan and reboot normal and post the log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#26 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 07:51 PM

ooook, i figured it out, i just installed Visual Basic runtime 6 files and it is working again.

here it is:

Logfile of HijackThis v1.99.1
Scan saved at 9:50:04 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mymiami.muoh...al/frameset.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.game...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150405159812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

#27 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 08:01 PM

Great

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab


Close ALL windows and browsers except HijackThis and click "Fix checked"




Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#28 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 08:31 PM

ok here is my second hijackthis log, also do you know what the last line of the log means? it says a file is missing. here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:42 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mymiami.muoh...al/frameset.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vto_x.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.game...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt2_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150405159812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

#29 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2006 - 08:37 PM

That's a bug in HJT. That entry belongs to your wireless card. Log looks good :thumbup: How's it running?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#30 Griffdog

Griffdog

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 22 June 2006 - 08:39 PM

seems to be running ok, could you recomend what programs i should be running on a regular basis to keep my system clean? thanks much.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users