Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help!

Started by pcnoob , Aug 22 2006 08:23 AM

  • Please log in to reply

#1
pcnoob
Posted 22 August 2006 - 08:23 AM

pcnoob

    Member

  • Member
  • PipPipPip
  • 120 posts
Hi all again. Last night I was trying to do a disk clean up threw c drive and it wont let me so this morning I tried to just go to my temp folder and manually deleate everything. (Ive noticed my comp was slowing down so Thought Id do a clean up) and I cant open the temp or temporary folder. Maybe somethings not letting me open it. It just stays on the hour glass thing like its loading but it has never taken more then 3 sec to open before. anytways thought Id ask you guys for some help and see if its its a troj or a virus if not I can move to the windows forum and see if they can help me there. Thanks in advance. i ran adaware this morning found nothing and tried to run trojanhunter but I might of used it before it says my trial is up. ran AVG last night didnt find anything.

Logfile of HijackThis v1.99.1
Scan saved at 8:22:44 AM, on 8/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home pc\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

Edited by pcnoob, 22 August 2006 - 08:28 AM.

  • 0

Advertisements

#2
Metallica
Posted 28 August 2006 - 04:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi pcnoob,

Please download ATF Cleaner by Atribune.
Follow the procedure below to empty your temp folders. Pay attention to the remarks about passwords. You will have to login on every site that requires one. So better uncheck that to avoid problems.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Is there a particular reason why you haven't installed SP2 for XP and IE?

Regards,
  • 0

#3
pcnoob
Posted 28 August 2006 - 12:16 PM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hi thanks for helping. I dont know why my borther in law hasnt installed sp2/. since Ive made my first post 4-5 days Ive lost all my bookmarks, I have someting in my startup thats called IDriverT.exe and theres about 30 of them.Well sometimes there there and soemtimes there not) I googled and it said it was from Itunes. I ve uninstalled itunes(i think). After I posted I ran avg and it found 3 trojan horse downloader zlob.bjt they are in the virus vault.
I did run that scan you asked but you didnt leave further instruction?
  • 0

#4
Metallica
Posted 28 August 2006 - 12:46 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
What do you mean by "I have someting in my startup thats called IDriverT.exe and theres about 30 of them
"
I'm asking because none of them show up in your hijackthis log.
Is WinPatrol blocking them?

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.
Regards,
  • 0

#5
pcnoob
Posted 28 August 2006 - 12:53 PM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hi they were there yesterday and the day before. acually there in my process not start up.(unbless thats the same thing.) also I cant even run a disk clean up threw c drive and when I go to clean it from the file its self windows cant find it. Maybe something blocking me form opening it?
  • 0

#6
Metallica
Posted 28 August 2006 - 01:01 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I will wait for the answer to the second part of my question.

Regards,
  • 0

#7
pcnoob
Posted 28 August 2006 - 01:05 PM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Sorry I cant figure out where to start Ie, theres nothingon my desk top.
  • 0

#8
pcnoob
Posted 28 August 2006 - 01:26 PM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
I cant figure it out. My husband will be home tonight ill have him find it.

Pcnoob
  • 0

#9
Metallica
Posted 29 August 2006 - 02:27 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Click Start > Run > and copy this command:

C:\Program Files\Internet Explorer\iexplore.exe

Then click OK to execute. IE should open.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP