Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HJT log [RESOLVED]


  • This topic is locked This topic is locked

#61
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Does it give you an option to update?

Edited by bananafanafo, 18 May 2005 - 02:08 AM.

  • 0

Advertisements


#62
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
CWShredder does have an update button on it...







:tazz:

Thanks so much ;)

Edited by retrac, 18 May 2005 - 02:12 AM.

  • 0

#63
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Then update it, boot into Safe Mode, run CWShredder (no need to do about:buster and cleanup again), and finish the rest of my instructions.

Edited by bananafanafo, 18 May 2005 - 02:12 AM.

  • 0

#64
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need to go to bed shortly...hopefully you'll post the next log before then. If you followed all of my instructions then the computer will definitely be usable for in the morning as there will only be minor clean up left to do. Can you get on in the morning before it's needed at 10 am?
  • 0

#65
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
SO in Adaware when Your in the Scanning section "select drivers & folders to scan" should i select both hard drives ??

Sorry bout all the questions(after that last incident im a lil nervous :tazz: )
  • 0

#66
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
No! Just C: We are NOT touching that other hard-drive LOL

You're supposed to be disconnected from the Internet in SAFE MODE! What are you doing still on here? :tazz:
  • 0

#67
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
im on friends lap top... the other comp is not plugged in at all to internet

sometimes i edit my post instead of starting a new one... hehe I mentioned that a minute ago on an edit.... hehe

Well Back to work :tazz:


You guys SO ROCK !!!!!

Edited by retrac, 18 May 2005 - 02:35 AM.

  • 0

#68
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ah, I see! Good way to do it... :tazz:
  • 0

#69
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I don't know if you saw this or not?

I need to go to bed shortly...hopefully you'll post the next log before then.  If you followed all of my instructions then the computer will definitely be usable for in the morning as there will only be minor clean up left to do.  Can you get on in the morning before it's needed at 10 am?

View Post


  • 0

#70
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
well .. i am prolly gonna be doing all this into the wee hours of tonight , and i got to get a lil sleep so.. iml just guessin here but ill be headin home after ive finished everything on this list( might be 6 or 7 am Central so i will prolly sleep till i have to be back up here which is at 2pm but if im here real early in the morning im sure they will let me go get some sleep and come in later like 5 pm

Im at your mercy ill do whatever you want :tazz:

Just finished ADAware scan

Edited by retrac, 18 May 2005 - 02:45 AM.

  • 0

Advertisements


#71
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, the was the part I was worried about taking forever! The next part won't take long so I'll wait for you to post the logs before heading out!
  • 0

#72
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
just about there thanks so much
  • 0

#73
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
here we go About:blank is still hanging around



Logfile of HijackThis v1.99.1
Scan saved at 4:13:11 AM, on 5/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINNT\winfv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [winfv.exe] C:\WINNT\winfv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Startup: CTI Tray Icon.lnk = C:\Program Files\WinFax\Ctitrayi.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Scanned at: 2:22:43 AM on: 5/18/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!
  • 0

#74
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well that's a much prettier log! I need to go to bed now, but the computer is definitely usable for in the morning! Here are the next steps:

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll


Close HiJackThis.

Then whenever you get a chance I need you to do this (but don't do anything with HiJackThis until I review it again!):

Download ewido security suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log.
  • 0

#75
retrac

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
but you do want me to run HJT right now???? AND check the ones you specified ??
But the one down at the very bottom of your message you want me to wait on doing?




CAN I RESET MY HOMEPAGE ?

Edited by retrac, 18 May 2005 - 03:23 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP