Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help with hijack log[RESOLVED]


  • This topic is locked This topic is locked

#16
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
ok i'm still having problems i typed in msconfig and i saw the file C:\Program Files\Common Files\Real\Updates in my statrup but i can't seem to locate this file i did everything you told me about showing all hidden files here are some examples of what i have done i have widows xp i opened up control panel and clicked on the add/remove program the only thing i found there was desktop icons and a bunch of icons that say windows xp hotfix so after reseaching removing files i typed uni in the search box and again a bunch of desktop kept coming up after that i typed the file name in the search box and it told me it couldn't find this file please help thanx

Edited by polling, 18 May 2005 - 09:07 AM.

  • 0

Advertisements


#17
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
ok i did something different i searched uni and i then typed in the word realschedexe. and the program came up but im unsure on how to delete i went into the search window and typed in uni realschedexe the files are in front of me but i cant right click on it i can right click on all the other items on the list but i cant click on this file okay i'm sorry i was able to delete that file :tazz: i will post a new hijackthis log soon also i'm not sure how to save a log on panda the last time i used panda i opened up my old internet explorer and i saved something but i'm not sure if i'm doing that exactly right

Edited by polling, 18 May 2005 - 09:14 AM.

  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi polling

C:\Program Files\Common Files\Real\Updates this program has been removed for your system in mscongfig just remove the referance to the file.

Kc :tazz:
  • 0

#19
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
here is my hijack log from todayLogfile of HijackThis v1.99.1
Scan saved at 12:16:49 PM, on 5/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

here is todays panda scan and active scan said this was in the window registryIncident Status Location

Adware:Adware/ExactSearch No disinfected Windows Registry
also NvCpl is in my startup command location RUNDLL32.exe C:\Wi......is it safe to have and im still have to wait about 25-35 seconds before i'm connected to the net

Edited by polling, 18 May 2005 - 11:00 AM.

  • 0

#20
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi polling

System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)

Download and install EasyCleaner:
http://personal.inet...rts/ecleane.htm

After installing it check under Settings > Registry tab if the backup
option is checked and if the directory it points to exists.
This should be true by default, but check anyway.

Then click OK and click Registry
Then click Search. When it is done select all the items per color,
(most, if not all should be green) and click Remove.
Green is safe to remove

Reboot when you are done and let us know how it goes.

Run one more panda scan post SCAN.log if any items are found and a HJT.log
What NVIDIA card have you got

Kc :tazz:
  • 0

#21
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
hi everytime i try to download easy cleaner i get this message Server Error
This server has encountered an internal error which prevents it from fulfilling your request. The most likely cause is a misconfiguration. Please ask the administrator to look for messages in the server's error log. i'm not sure if this is the sites error or my computers if its the site error i'll just wait until it comes back up nevermind i got the download but i cant find Settings>Registry tab is this on the easycleaner interface if not is it in windows thanx in advance and the only info i could gather about my nvidia was that its n force nevermind i finally got it i was able to locate the settings tab and the registry tab i will post my new panda and hijack logs shortly thanx for everything :tazz: ;) ;)

Edited by polling, 18 May 2005 - 12:43 PM.

  • 0

#22
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi polling

Ok :tazz:
  • 0

#23
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
here is my panda scan Incident Status Location

Adware:Adware/ExactSearch No disinfected Windows Registry
here is my hijack logLogfile of HijackThis v1.99.1
Scan saved at 3:01:46 PM, on 5/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

also is this safe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
  • 0

#24
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
also when i ran easycleaner i went into the section add remove list of the easycleaner program and i saw VCAMCEN and i also saw VPRINTOL as well let me know if this is safe to have also i posted my hijack and panda scan in the earlier post
  • 0

#25
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
i ran spyware doctor and found thisScans (basic information only):
Scan Results:
scan start: 5/19/2005 12:32:23 AM
scan stop: 5/19/2005 12:46:52 AM
scanned items: 56847
found items: 3
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner

Infection Name Location Risk
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1 Elevated
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll Elevated
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.inf Elevated


Other Sections: i also ran registry mechanic and found that tkbellexe was in my custom controls but it wouldn't remove it for unless i purchased their product are these products rouge or are they any good thanx in advance sorry but my computer was doing good at first but now it's loading pages slow i cleaned with spybot and ad adware se and noton's antivirus and spy sweeper and found nothing please help
  • 0

Advertisements


#26
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
i ran spyware doctor and found thisScans (basic information only):
Scan Results:
scan start: 5/19/2005 12:32:23 AM
scan stop: 5/19/2005 12:46:52 AM
scanned items: 56847
found items: 3
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner

Infection Name Location Risk
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1 Elevated
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll Elevated
Xupiter C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.inf Elevated


Other Sections: i also ran registry mechanic and found that tkbellexe was in my custom controls but it wouldn't remove it for unless i purchased their product are these products rouge or are they any good thanx in advance sorry but my computer was doing good at first but now it's loading pages slow i cleaned with spybot and ad adware se and noton's antivirus and spy sweeper and found nothing please help
  • 0

#27
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
i went into easy cleaner and saw the icon for unnecessary files i have a list of these files i know this might sound stupid but i wanted to know if it's safe to delete these files C:\Documents and Settings\danyelle willis\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/15/2005 2:04:32 AM A
C:\Documents and Settings\frank\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/16/2005 5:20:06 AM A
C:\WINDOWS\security\logs\scecomp.old 326 OLD File 5/7/2005 10:58:14 AM A
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\danyelle willis\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\frank\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Program Files\Mozilla Firefox\softokn3.chk 476 Recovered File Fragments 5/11/2005 1:28:00 PM A
C:\WINDOWS\system32\oobe\images\oemlogo.gif.bk 3799 BK File 10/28/2000 1:16:00 PM A
C:\WINDOWS\imsins.BAK 4566 BAK File 5/18/2005 10:19:08 AM A
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK 4660 BAK File 5/19/2005 1:16:22 AM A
C:\WINDOWS\REGLOCS.OLD 8192 OLD File 5/1/2004 3:06:30 PM A
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 Recovered File Fragments 5/18/2005 11:39:58 PM A
C:\WINDOWS\system32\CatRoot2\edb.chk 8192 Recovered File Fragments 5/19/2005 1:59:36 AM A
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat.bak 8530 BAK File 5/18/2005 2:17:06 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS16.bak 26560 BAK File 10/13/2004 10:34:56 AM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.html.sbsd.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Program Files\Sygate\SPF\StdState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Program Files\Sygate\SPF\TState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.html.sbsd.bak 70245 BAK File 5/16/2005 5:59:46 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.bak 74620 BAK File 5/19/2005 1:19:16 AM A
C:\Program Files\Sygate\SPF\Default.dat.bak 129120 BAK File 5/18/2005 5:26:46 PM A
C:\Program Files\Sygate\SPF\Stddef.dat.bak 129120 BAK File 5/18/2005 3:06:34 PM A
C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 344723 OLD File 9/17/2004 6:01:48 AM A
C:\WINDOWS\setupapi.log.0.old 1739182 OLD File 1/11/2005 5:09:58 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS9.bak 1774222 BAK File 10/14/2004 5:14:04 PM A
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak 2366623 BAK File 5/15/2005 2:31:38 PM A
C:\Program Files\Webroot\Spy Sweeper\Temp\temp.tmp 2399461 TMP File 5/18/2005 8:42:24 PM A
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak 3857996 BAK File 5/18/2005 5:24:34 PM A
  • 0

#28
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi polling

It is safe to delete all the file's in your post#27
C:\Documents and Settings\danyelle willis\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/15/2005 2:04:32 AM A
C:\Documents and Settings\frank\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/16/2005 5:20:06 AM A
C:\WINDOWS\security\logs\scecomp.old 326 OLD File 5/7/2005 10:58:14 AM A
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\danyelle willis\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\frank\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Program Files\Mozilla Firefox\softokn3.chk 476 Recovered File Fragments 5/11/2005 1:28:00 PM A
C:\WINDOWS\system32\oobe\images\oemlogo.gif.bk 3799 BK File 10/28/2000 1:16:00 PM A
C:\WINDOWS\imsins.BAK 4566 BAK File 5/18/2005 10:19:08 AM A
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK 4660 BAK File 5/19/2005 1:16:22 AM A
C:\WINDOWS\REGLOCS.OLD 8192 OLD File 5/1/2004 3:06:30 PM A
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 Recovered File Fragments 5/18/2005 11:39:58 PM A
C:\WINDOWS\system32\CatRoot2\edb.chk 8192 Recovered File Fragments 5/19/2005 1:59:36 AM A
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat.bak 8530 BAK File 5/18/2005 2:17:06 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS16.bak 26560 BAK File 10/13/2004 10:34:56 AM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.html.sbsd.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Program Files\Sygate\SPF\StdState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Program Files\Sygate\SPF\TState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.html.sbsd.bak 70245 BAK File 5/16/2005 5:59:46 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.bak 74620 BAK File 5/19/2005 1:19:16 AM A
C:\Program Files\Sygate\SPF\Default.dat.bak 129120 BAK File 5/18/2005 5:26:46 PM A
C:\Program Files\Sygate\SPF\Stddef.dat.bak 129120 BAK File 5/18/2005 3:06:34 PM A
C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 344723 OLD File 9/17/2004 6:01:48 AM A
C:\WINDOWS\setupapi.log.0.old 1739182 OLD File 1/11/2005 5:09:58 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS9.bak 1774222 BAK File 10/14/2004 5:14:04 PM A
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak 2366623 BAK File 5/15/2005 2:31:38 PM A
C:\Program Files\Webroot\Spy Sweeper\Temp\temp.tmp 2399461 TMP File 5/18/2005 8:42:24 PM A
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak 3857996 BAK File 5/18/2005 5:24:34 PM A

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.inf

Reboot as normal
Post a new hjt.log

Kc :tazz:
  • 0

#29
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
i'm a little confused when you saycopy and paste them one at a time are you talking about the unneccessary files in easy cleaner or are you talking about C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.inf
i'm really not sure
  • 0

#30
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi polling

Use killbox on these file's
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.inf


Use easyclean on these file's
i went into easy cleaner and saw the icon for unnecessary files i have a list of these files i know this might sound stupid but i wanted to know if it's safe to delete these files C:\Documents and Settings\danyelle willis\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/15/2005 2:04:32 AM A
C:\Documents and Settings\frank\Local Settings\Temp\DFC5A2B2.TMP 90 TMP File 5/16/2005 5:20:06 AM A
C:\WINDOWS\security\logs\scecomp.old 326 OLD File 5/7/2005 10:58:14 AM A
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\danyelle willis\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Documents and Settings\frank\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak 384 BAK File 5/1/2004 1:54:36 PM A
C:\Program Files\Mozilla Firefox\softokn3.chk 476 Recovered File Fragments 5/11/2005 1:28:00 PM A
C:\WINDOWS\system32\oobe\images\oemlogo.gif.bk 3799 BK File 10/28/2000 1:16:00 PM A
C:\WINDOWS\imsins.BAK 4566 BAK File 5/18/2005 10:19:08 AM A
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK 4660 BAK File 5/19/2005 1:16:22 AM A
C:\WINDOWS\REGLOCS.OLD 8192 OLD File 5/1/2004 3:06:30 PM A
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 Recovered File Fragments 5/18/2005 11:39:58 PM A
C:\WINDOWS\system32\CatRoot2\edb.chk 8192 Recovered File Fragments 5/19/2005 1:59:36 AM A
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat.bak 8530 BAK File 5/18/2005 2:17:06 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS16.bak 26560 BAK File 10/13/2004 10:34:56 AM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\bookmarks.html.sbsd.bak 27698 BAK File 5/16/2005 3:37:44 PM A
C:\Program Files\Sygate\SPF\StdState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Program Files\Sygate\SPF\TState.dat.bak 28752 BAK File 5/18/2005 5:26:54 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.html.sbsd.bak 70245 BAK File 5/16/2005 5:59:46 PM A
C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\bookmarks.bak 74620 BAK File 5/19/2005 1:19:16 AM A
C:\Program Files\Sygate\SPF\Default.dat.bak 129120 BAK File 5/18/2005 5:26:46 PM A
C:\Program Files\Sygate\SPF\Stddef.dat.bak 129120 BAK File 5/18/2005 3:06:34 PM A
C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old 344723 OLD File 9/17/2004 6:01:48 AM A
C:\WINDOWS\setupapi.log.0.old 1739182 OLD File 1/11/2005 5:09:58 PM A
C:\Program Files\TDS3\xDynamic\TDS.fps\DCSFPS9.bak 1774222 BAK File 10/14/2004 5:14:04 PM A
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak 2366623 BAK File 5/15/2005 2:31:38 PM A
C:\Program Files\Webroot\Spy Sweeper\Temp\temp.tmp 2399461 TMP File 5/18/2005 8:42:24 PM A
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak 3857996 BAK File 5/18/2005 5:24:34 PM A


Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP