My HJT log [RESOLVED]
#31
Posted 17 May 2005 - 02:53 PM
#32
Posted 17 May 2005 - 03:17 PM
the aloha touch screens are out in the restaurant but they use this (normal Computer) to operate, its all networked and stuff
Im waiting for the aloha guy to call back and let me know if its safe to run all the AdAware programs. This Aloha system Also access's the internet to process credit cards .
I prolly need to becareful cause ther are prolly lots of programs associated with it.
Yea the touch screens are out in the restaurant, we dont actually have any kind of touch screen on this normal computer in the office. but if this computer goes down so does every toch screen in the restaurant
This is kinda scary......
#33
Posted 17 May 2005 - 03:27 PM
This is kinda scary......
Yeah, you can say that again lol
#34
Posted 17 May 2005 - 03:48 PM
Cause if something got messed up it could cripple our business for a night or i dont know how long....(There will be no more Internet exploring up here again once this gets fixed...thats fo sure )
Im gonna stay up here after work tonight and uninstall Mcafee(out of date ) and install AVG, maybe a few others.. you be around tonight??
If dude doesnt call me back ,im prolly still gonna try and get rid of anything we know is bad... but definetly leave things alone that i am not sure about..
#35
Posted 17 May 2005 - 04:01 PM
#36
Posted 17 May 2005 - 04:05 PM
Oh and howdy nieghboor, Im in Arkansas
I use to live in Arlington(right outside Dallas) but had to move back to AR..
Once again Thank you so much !!!!!
Would you happen to know how to get into MSCONFIG on Windows 2000 ??
Edited by retrac, 17 May 2005 - 04:21 PM.
#37
Posted 17 May 2005 - 09:40 PM
i also just uninstalled all unneccesary programs from Add/Remove
what would be your first recommendation to get this started ??
im bout to go delete all temp files too.
i currently have AdAwareSE and MS AntiSpy thats it as far as protection and scanning capabilities go. Ive also got McAfee but it is prolly 4 months out of date.....So i think im gonna go get AVG for this computer ??
Any Suggestions
P.S. be back in 15 minutes
well i ran MS antiSpy and it killed about blank (i think Although it keeps trying to set itself as my homepage but MS AntiSpy is keeping it from doing that. )
i hate these Badies
Edited by retrac, 17 May 2005 - 10:21 PM.
#38
Posted 17 May 2005 - 10:36 PM
Edited by bananafanafo, 17 May 2005 - 10:37 PM.
#39
Posted 17 May 2005 - 10:55 PM
After runnin MS antispy it removed a browser high jacker and my home page worked again and i watched MS AS block it over & over ANd seem to be doin the job until i uninstalled our out of date Mcafee and installed AVG ,which during the Updating it found a trojanD/L and Horse
All the things i unchecked were ligit im pretty sure i looked them all up and they were software we use to use cept for 1 it was totally blank
So you want me to turn them all back on??? it takes a lil while to reboot this computer
It has 2 hard drives 1 is connected and soley for our Aloha system
Oh and about :Blank is back
Edited by retrac, 17 May 2005 - 10:58 PM.
#40
Posted 17 May 2005 - 11:00 PM
We will also have to disable MS Anti-Spyware otherwise it will interfere with cleaning.
#41
Posted 17 May 2005 - 11:19 PM
Scan saved at 12:21:02 AM, on 5/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINNT\winfv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xgmyl.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xgmyl.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {395A0AC4-5AF4-4565-FA3D-6597CE5C75E8} - C:\WINNT\netqw.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [winfv.exe] C:\WINNT\winfv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Startup: CTI Tray Icon.lnk = C:\Program Files\WinFax\Ctitrayi.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\crmy.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
OMG ! AVG is finding tons of trojans ( i Just keep closing the box where it asks me what to do with the file)
im getting scared im afraid something might break and my boss will come into a completly unfunctional Computer system(our entire restaurant thrives on this machine running, Waiters cant ring anything up & the kitchen wont get any print-outs , and our credit card system all work through this computer) I swear if you help me get this fixed i will never let anyone D/L another thing on this computer. And the boss said he would get a laptop for all Internet use!
BLESS YOU!!!!!
you wont be able to keep me from PayPal this time
Edited by retrac, 17 May 2005 - 11:31 PM.
#42
Posted 17 May 2005 - 11:54 PM
We will deal with about:blank first. Make sure to follow ALL directions exactly I have them below. You will definitely want to print these out (umm if you can lol), if you can't print them, save the instructions in Notepad!
Go to Start > Control Panel > Add/Remove programs and remove the following, if found:
Security iGuard
Party Poker
Exit Add/Remove programs.
Please download the programs listed below, but do not run them yet:
1) About:Buster:
*Download it and extract it to C:/aboutbuster.
*Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
*Click "OK" at the prompt with instructions.
*Click "Update" and then "Check For Update" to begin the update process.
*If any updates exist please download them by clicking "Download Update".
*You should not run the program yet so click "Exit".
2) CleanUp! - Download it and install it.
3) CWShredder - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run a scan. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Set your system to SHOW HIDDEN FILES
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Network Security Service (or 11Fßä#·ºÄÖ`I)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.
Run HiJackThis. Click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):
11Fßä#·ºÄÖ`I
*NOTE* Make sure there IS a SPACE before the first "1" otherwise it won't work.
Click OK.
It should pull up information about the service, if it ask an "are you sure?" question click YES, when it asks want to reboot now click NO.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continuously tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK
Run AboutBuster and save the logs
*Browse to where you saved AboutBuster and run AboutBuster.exe.
*Click "OK" at the directions Read: Important! prompt.
*Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
*Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
*Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
*When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
Click "Exit" and "Exit" again to exit AboutBuster.
Run CleanUp!
-Make sure it is on Standard Mode
-Click the "CleanUp!" button
Run Ad-Aware
Reconfigure Ad-Aware for Full Scan as per the following instructions:
In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)
Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file
Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only
Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring
Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)
Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom left side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects.
While still in Safe Mode, Run HiJackThis, place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xgmyl.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xgmyl.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xgmyl.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {395A0AC4-5AF4-4565-FA3D-6597CE5C75E8} - C:\WINNT\netqw.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\crmy.exe
Close HiJack This. (Still in Safe Mode!)
Using Windows Explorer delete these files (in bold), if found:
C:\WINNT\system32\crmy.exe
C:\Program Files\Security iGuard
C:\WINNT\netqw.dll
C:\WINNT\xgmyl.dll
C:\Program Files\PartyPoker
Reboot your computer in normal mode and post your AboutBuster log and a new HiJackThis log. We'll clean up what's left!
Edited by bananafanafo, 18 May 2005 - 01:08 AM.
#43
Posted 17 May 2005 - 11:56 PM
Never Mind Ill just take it off
DO these scans check both Hard drives ??? The Aloha guy told me ,once someone got it all off but it was just on the other hard drive so it came back. I think its even possible that the 3 touchscreens might have small hard drives on them..
Edited by retrac, 18 May 2005 - 12:09 AM.
#44
Posted 18 May 2005 - 12:17 AM
#45
Posted 18 May 2005 - 12:31 AM
Um Securityiguard was already deleted before you told me too( i had just done it) but maybe i checked 1 of the boxes of MSconfig that made you see it. Its not available for uninstall.
Also this computer has to be available for use around 10 am. Is that gonna be a problem ???
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users