pc mighty max?[RESOLVED]
Started by
maudin8
, Mar 22 2005 04:19 PM
#1
Posted 22 March 2005 - 04:19 PM
#2
Posted 25 March 2005 - 07:54 AM
This is my hijackthis log. it is short and i thought someone might be able to take a quick look at it and see if they see anything. Any advice is greatly appreciated. thx in advance!!
Logfile of HijackThis v1.99.1
Scan saved at 9:59:27 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.032\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 9:59:27 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.032\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#3
Guest_thatman_*
Posted 27 March 2005 - 08:44 AM
Hi maudin8
Welcome to geekstogo!
Please read through the instructions before you start (you may want to print this out).
HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder C:\HJT and place the program into that new folder C:\HJT.
Please set your system to show all files; please see here if you're unsure how to do this.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\System32\winprox.dll
C:\WINDOWS\web\related.htm
Exit Explorer, and reboot as normal afterwards.
Post back a fresh HijackThis log and we will take another look.
Kc
Welcome to geekstogo!
Please read through the instructions before you start (you may want to print this out).
HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder C:\HJT and place the program into that new folder C:\HJT.
Please set your system to show all files; please see here if you're unsure how to do this.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\System32\winprox.dll
C:\WINDOWS\web\related.htm
Exit Explorer, and reboot as normal afterwards.
Post back a fresh HijackThis log and we will take another look.
Kc
#4
Posted 01 April 2005 - 09:43 AM
Edited after merging posts, sorry thatman
Edited by Efwis, 01 April 2005 - 09:46 AM.
#5
Posted 06 April 2005 - 07:07 AM
Here is my log, sorry it took so long, had work to do. anyway, i ran an anti-spyware called bps spyware and it listed the coolwwwsearch. so i followed the path into the registry and deleted it. i ran it after a reboot and it came up again, but the registry was clean. i didn't see anything on hijackthis log. is it showing up because the remover is a trial version? hijackthis picks up everything right?? any more advice would be greatly appreciated. i am trying to clean up my system and tweak it then turn off the restore and use my external HD to make a clean backup. On eother question i had was about safe mode. i rebooted and pressed f8, it gave me a choice of what to boot with but said nothing about "safe", seemed to work though. thanks again. here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#6
Guest_thatman_*
Posted 06 April 2005 - 07:40 AM
Hi maudin8
Bulletproofsoftcom-sites-now-installing-adware
You need to remove that pile of adware from you system?
Read this and see why. http://netrn.net/spy...talling-adware/
Kc
Bulletproofsoftcom-sites-now-installing-adware
You need to remove that pile of adware from you system?
Read this and see why. http://netrn.net/spy...talling-adware/
Kc
#7
Posted 06 April 2005 - 07:47 AM
hmmm, intersting. Does this mean since i am running the trial version, i have all that crap?? i don't remember doing a eula. I guess i should get rid of that program. Would any of that crap show up on my log? was my log alright?? Looking to you for help.
#8
Posted 06 April 2005 - 12:24 PM
sorry about the pm, didn't notice.
#9
Guest_thatman_*
Posted 07 April 2005 - 01:48 AM
Hi maudin8
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
#10
Posted 08 April 2005 - 12:20 PM
i'm am posting from a different machine than my own, internet not available for online virus scan. here is my hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thank you.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thank you.
#11
Guest_thatman_*
Posted 22 April 2005 - 11:30 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users