Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis log [CLOSED]


  • This topic is locked This topic is locked

#31
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
C:\WINDOWS\system32\drivers\XMS1563K.sys moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05252008_122501
  • 0

Advertisements


#32
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

1)
Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop XMS1563K
sc stop catchme
sc stop EagleNT
sc delete XMS1563K
sc delete catchme
sc delete EagleNT
exit


Double click FixServices.bat. A window will open and close. This is normal.

2)
There seems to be a Desktop image loaded on your PC.
If you installed this deliberately please skip to Item 3. If not, follow the next instructions:


Go to Start > Control Panel > Display properties > Desktop > Customize Desktop > Web tab
Uncheck and delete everything you find in there (except for "My current home page")
Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Click Apply, Apply and Exit Display properties.

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.

3)
Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Viewpoint Media Player
    Please take note of any other programs that you don't recognise in that list, and include them in your next response
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these folders, (if present):
    C:\Program Files\Viewpoint

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
insert from text file
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.

Tell me, were those last logs done before or after you removed your anti-virus, because Antivir is stll showing in them.

Cheers,

sage5
  • 0

#33
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Tell me, were those last logs done before or after you removed your anti-virus, because Antivir is stll showing in them.

Sorry I cant remember.

Did you want me to post a new log?
  • 0

#34
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That is probably a good idea.
Can you rescan with Deckard's Systen Scanner using the following:

Re-run Deckard's System Scanner:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /config
  • In the Modules window click the Check All button
  • Click the Scan! button
  • Scans will run, and 2 text files will open in Notepad.
  • Paste the text from both files into your next reply.

  • 0

#35
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
For some reason I only had the one file open.

Deckard's System Scanner v20071014.68
Run by mike on 2008-06-07 14:42:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:14 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mike\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Microgaming\Poker\pokertimeMPP\MPPoker.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...OCX/flashax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif

--
End of file - 7959 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 01:54:45 0 dr-h----- C:\Documents and Settings\mike\Recent
2008-06-06 00:10:34 0 d-------- C:\Program Files\Bodog Poker
2008-05-27 21:22:29 0 d-------- C:\Program Files\ieSpell
2008-05-26 16:40:53 52108 --a------ C:\WINDOWS\system32\drivers\XMS1563K.SYS
2008-05-24 12:21:21 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-12 00:37:06 0 d-------- C:\Program Files\TruePoker
2008-05-11 09:40:07 0 d-------- C:\spoolerlogs
2008-05-10 00:48:51 0 d-------- C:\WINDOWS\system32\FlashAX
2008-05-10 00:09:46 0 d-------- C:\Documents and Settings\mike\Application Data\Microgaming
2008-05-10 00:02:47 0 d-------- C:\Microgaming


-- Find3M Report ---------------------------------------------------------------

2008-06-04 20:19:38 0 d-------- C:\Program Files\CarbonPoker
2008-06-03 21:13:00 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 12:21:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 21:33:48 0 d-------- C:\Program Files\UltimateBet
2008-05-11 11:21:20 0 d-------- C:\Documents and Settings\mike\Application Data\Viewpoint
2008-05-11 00:23:22 0 d-------- C:\Program Files\Full Tilt Poker
2008-05-06 00:18:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 21:58:52 0 d-------- C:\Program Files\Absolute Poker
2008-05-05 21:45:56 0 d-------- C:\Program Files\_uninstallation_info
2008-04-13 11:29:15 0 d-------- C:\Program Files\Panda Security
2008-04-13 01:27:18 0 d-------- C:\Documents and Settings\mike\Application Data\Comodo
2008-04-13 01:27:12 0 d-------- C:\Program Files\COMODO
2008-04-12 11:40:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [06/02/2000 07:07 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [11/01/2006 09:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 04:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/30/2008 10:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 09:13 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 11:45 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll




-- End of Deckard's System Scanner: finished at 2008-06-07 14:42:52 ------------
  • 0

#36
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That is looking pretty good, however, we need to get the anti-virus re- enabled & run a full system scan with it.
Do you still have Antivir installed, or did you remove it completely?
If it is still installed:
1. Right click on the tray icon & re-enable the Antivir Guard.
2. Right click on the tray icon & click Start Antivir.
3. Run the updater to make sure that the definitions are the latest.
4. Run a full system scan.
5. When the scan ends, click the Report Button & copy & paste the text from that file to here as your next Reply.

If it is not installed re-install it and follow the instructions above to perform a full system scan.

Cheers,

sage5
  • 0

#37
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP