Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can anyone help me with my HJT log? [RESOLVED]


  • This topic is locked This topic is locked

#16
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
oooooooooops for the log....

File/Folder C:\WINDOWS\system32\ztvunrar36.dll not found.
File/Folder C:\WINDOWS\system32\ztvunace26.dll not found.
File/Folder C:\WINDOWS\system32\ztvcabinet.dll not found.
File/Folder C:\WINDOWS\system32\unacev2.dll not found.
File/Folder C:\WINDOWS\system32\unrar3.dll not found.
C:\WINDOWS\system32\d3d8caps.dat moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
C:\Program Files\Enigma Software Group\SpyHunter\Rollback moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Download moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter moved successfully.
C:\Program Files\Enigma Software Group moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04062008_102138
  • 0

Advertisements


#17
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I'm not real you need this, but in case you do, here is my new HJT log.....

File/Folder C:\WINDOWS\system32\ztvunrar36.dll not found.
File/Folder C:\WINDOWS\system32\ztvunace26.dll not found.
File/Folder C:\WINDOWS\system32\ztvcabinet.dll not found.
File/Folder C:\WINDOWS\system32\unacev2.dll not found.
File/Folder C:\WINDOWS\system32\unrar3.dll not found.
C:\WINDOWS\system32\d3d8caps.dat moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
C:\Program Files\Enigma Software Group\SpyHunter\Rollback moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Download moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter moved successfully.
C:\Program Files\Enigma Software Group moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04062008_102138
  • 0

#18
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Let's try a different, deeper scan to see what remains:

Please download the following & save to your Desktop:
OTScanIt.exe


Install OTScanIt:
  • Double-click on OTScanIt.exe to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Make sure that the Non Microsoft option is clicked in the Processes, Services, Drivers & Registry boxes.
  • Click Yes under Rootkit scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning large amounts of data so depending on your system it could take a while to complete.
  • When the scan is done Notepad will open with the report file loaded in it.
  • Save the file in the new OTScanIt folder as Scan1.txt
If the log is too large to post, use the Reply button, scroll down to the Attachments section and attach the Notepad file here.
  • 0

#19
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I am leaving for work soon, but will do this as soon as I return and will post the results for you...
lee
  • 0

#20
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the OT ScanIt report that you requested............

Attached Files


  • 0

#21
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Run the Fix:
  • Open the OTScanIT folder on the Desktop
  • Run OTScanIt.exe.
  • Copy all the text in the Code box below, and Paste it into the pane under the GREEN bar, titled Paste fix here and then click the green Run Fix button.


    [Unregister Dlls]
    [Win32 Services - Non-Microsoft Only]
    NY -> (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> 
    NY -> (setup_7.0.0.180_04.04.2008_21-34[1]) setup_7.0.0.180_04.04.2008_21-34[1] [Win32_Own | Disabled | Stopped] -> %AllUsersProfile%\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe
    [Driver Services - Non-Microsoft Only]
    YY -> (klif) klif [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys
    [Registry - Non-Microsoft Only]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> SpeedStartup -> %ProgramFiles%\Speed Startup\speedstartup.exe [C:\Program Files\Speed Startup\speedstartup.exe bootup]
    < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> 
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
    [Files/Folders - Created Within 30 days]
    NY -> fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat
    NY -> fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx
    NY -> klif.sys -> %SystemRoot%\System32\drivers\klif.sys
    [Files/Folders - Modified Within 30 days]
    NY -> fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat
    NY -> fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx
    NY -> perfc009.dat -> %SystemRoot%\System32\perfc009.dat
    NY -> perfh009.dat -> %SystemRoot%\System32\perfh009.dat
    NY -> 5 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp
    NY -> sofhehqxAAE9D92.dll -> C:\Documents and Settings\User\Local Settings\Temp\sofhehqxAAE9D92.dll
    NY -> 5 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp
    NY -> 5 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp
    NY -> Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat
    NY -> Perflib_Perfdata_1ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1ec.dat
    NY -> Perflib_Perfdata_20c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_20c.dat
    NY -> Perflib_Perfdata_260.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_260.dat
    NY -> Perflib_Perfdata_578.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_578.dat
    NY -> Perflib_Perfdata_668.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
    NY -> Perflib_Perfdata_7a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat
    NY -> Perflib_Perfdata_7a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
    NY -> 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp

  • The fix should only take a very short time.
  • When the fix is done, click the OK button in the message box.
  • Notepad will open with a log of actions taken during the fix.
  • I need you to Post the text from that file back here.
I will review the information when it comes back in.

This file is saved in the Moved Files folder and is named in date_time format (mmddyyyy_hhmmss.log format, so e.g. 04012008_082852.log)

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#22
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
here is the log....
[Win32 Services - Non-Microsoft Only]
Service idsvc stopped successfully.
Unable to delete service idsvc .
File not found.
Service setup_7.0.0.180_04.04.2008_21-34[1] stopped successfully.
Service setup_7.0.0.180_04.04.2008_21-34[1] deleted successfully.
File move failed. C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe scheduled to be moved on reboot.
[Driver Services - Non-Microsoft Only]
Unable to stop service klif .
Service klif deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpeedStartup deleted successfully.
C:\Program Files\Speed Startup\speedstartup.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll not found.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\fidbox.idx scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\klif.sys scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\fidbox.idx scheduled to be moved on reboot.
C:\WINDOWS\System32\perfc009.dat moved successfully.
C:\WINDOWS\System32\perfh009.dat moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\TCD84.tmp folder deleted successfully.
File delete failed. C:\Documents and Settings\User\Local Settings\Temp\~DF238.tmp scheduled to be deleted on reboot.
File C:\Documents and Settings\User\Local Settings\Temp\sofhehqxAAE9D92.dll not found!
File delete failed. C:\Documents and Settings\User\Local Settings\Temp\~DF238.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Temp\~DF238.tmp scheduled to be deleted on reboot.
C:\WINDOWS\Temp\Perflib_Perfdata_154.dat moved successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_1ec.dat moved successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_20c.dat moved successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_260.dat moved successfully.
File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_578.dat scheduled to be moved on reboot.
C:\WINDOWS\Temp\Perflib_Perfdata_668.dat moved successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat moved successfully.
C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat moved successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.9.0 fix logfile created on 04072008_185207
  • 0

#23
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I was wondering...could you please explain what you had me do and for the purpose of it....I read the log, and for the most part its all GREEK to me.....
thanks,
lee
  • 0

#24
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
The last bit was just a tidy up of some left over drivers, files & registry lines etc.
These get left behind during install/uninstall operations and can be an issue for the PC.
There can be sections of the Registry still looking for files that are no longer present, or worse, still looking for files that should not be present, but still are.
I hope that explanation helps you.

Cheers,

sage5
  • 0

#25
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Sage 5,
Thanks ever so much for helping me fix my computer, you have been a Godsend. It is running beautifully and my boot up time is non existent, you have my deepest thanks.

I have only one question, if you don't mind....

I currently use the firewall that comes with my operating system, is it enough, or should I be using an additional one?

Thanks,
lee

god bless
  • 0

Advertisements


#26
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Lee,

The native Windows Firewall is notoriously poor at stopping/analysing outbound traffic, especially the types generated by
a) Trojans trying to download other malware.
b) Keyloggers calling "home" with potentially dangerous information from your PC (credit card/bank account details)
c) Malware reporting surfing habits.
It does a passable job at blocking inbound hacking, but not as good at "stealthing" (hiding) ports as many others, like Comodo, Sygate etc.

Hardware firewalls, such as may be in your Router/Modem are very good at stopping hackers & other inbound traffic that you don't initiate.
However they can fail in the following circumstances:
a) You browse through a "doubtful" site, some of these are loaded with malware code. A hardware firewall cannot discriminate between the good & bad code, so, because you initiate the process, it lets it all code through.
b) A trojan calling out to download other malware, appears to a hardware firewall, to be a legitimate request, so let's the outbound request & inbound answer through.


You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1


I use Comodo myself.
Many find it a bit daunting, especially with the Defense+ module running, as it generates a high number of popup requests.
This is during the "learning" phase that most firewalls go through, while it adjusts its behaviour to suit your setup.
I now disable the Defense+ module, because I don't require that level of protection, but it is up to you.

Cheers,

sage5

Edited by sage5, 07 April 2008 - 06:55 PM.

  • 0

#27
funnyface

funnyface

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you Sage 5....I went with the Comodo, figured since you used it....
before I forget, what should I do with all the program"s you asked to me download, delete or keep? and for that matter what about the logs?'
lee
  • 0

#28
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Lee,

Let's get the final clean up done:

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTMoveIt:
This removes all the applications, logs etc that you have made during this fix.
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.


To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

Simon aka sage5

Edited by sage5, 07 April 2008 - 08:09 PM.

  • 0

#29
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP