Edited by bananafanafo, 18 May 2005 - 02:08 AM.
My HJT log [RESOLVED]
#61
Posted 18 May 2005 - 02:06 AM
#62
Posted 18 May 2005 - 02:09 AM
Thanks so much
Edited by retrac, 18 May 2005 - 02:12 AM.
#63
Posted 18 May 2005 - 02:11 AM
Edited by bananafanafo, 18 May 2005 - 02:12 AM.
#64
Posted 18 May 2005 - 02:19 AM
#65
Posted 18 May 2005 - 02:22 AM
Sorry bout all the questions(after that last incident im a lil nervous )
#66
Posted 18 May 2005 - 02:25 AM
You're supposed to be disconnected from the Internet in SAFE MODE! What are you doing still on here?
#67
Posted 18 May 2005 - 02:28 AM
sometimes i edit my post instead of starting a new one... hehe I mentioned that a minute ago on an edit.... hehe
Well Back to work
You guys SO ROCK !!!!!
Edited by retrac, 18 May 2005 - 02:35 AM.
#68
Posted 18 May 2005 - 02:30 AM
#69
Posted 18 May 2005 - 02:37 AM
I need to go to bed shortly...hopefully you'll post the next log before then. If you followed all of my instructions then the computer will definitely be usable for in the morning as there will only be minor clean up left to do. Can you get on in the morning before it's needed at 10 am?
#70
Posted 18 May 2005 - 02:45 AM
Im at your mercy ill do whatever you want
Just finished ADAware scan
Edited by retrac, 18 May 2005 - 02:45 AM.
#71
Posted 18 May 2005 - 02:47 AM
#72
Posted 18 May 2005 - 03:06 AM
#73
Posted 18 May 2005 - 03:13 AM
Logfile of HijackThis v1.99.1
Scan saved at 4:13:11 AM, on 5/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINNT\winfv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [winfv.exe] C:\WINNT\winfv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Startup: CTI Tray Icon.lnk = C:\Program Files\WinFax\Ctitrayi.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Scanned at: 2:22:43 AM on: 5/18/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26
ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!
#74
Posted 18 May 2005 - 03:18 AM
Run HiJackThis. Place a check next to the following items and click FIX CHECKED:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll
Close HiJackThis.
Then whenever you get a chance I need you to do this (but don't do anything with HiJackThis until I review it again!):
Download ewido security suite
- Install ewido security suite
- Launch ewido, there should be a big E icon on your desktop, double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
- On the left hand side of the main screen click update
- Click on Start
Once the updates are installed do the following:
- Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
- Click on scanner
- Make sure the following boxes are checked before scanning:
- Binder
- Crypter
- Archives
- Click on Start Scan
- Let the program scan the machine
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report
- Save the report to your desktop
Then, please run this online virus scan:
ActiveScan
Save the results from ActiveScan.
I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log.
#75
Posted 18 May 2005 - 03:22 AM
But the one down at the very bottom of your message you want me to wait on doing?
CAN I RESET MY HOMEPAGE ?
Edited by retrac, 18 May 2005 - 03:23 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users