[Michelle]

Does it give you an option to update?

Edited by bananafanafo, 18 May 2005 - 02:08 AM.

[Advertisements]

CWShredder does have an update button on it...









Thanks so much

Edited by retrac, 18 May 2005 - 02:12 AM.

[retrac]

CWShredder does have an update button on it...









Thanks so much

Edited by retrac, 18 May 2005 - 02:12 AM.

[Michelle]

Then update it, boot into Safe Mode, run CWShredder (no need to do about:buster and cleanup again), and finish the rest of my instructions.

Edited by bananafanafo, 18 May 2005 - 02:12 AM.

[Michelle]

I need to go to bed shortly...hopefully you'll post the next log before then. If you followed all of my instructions then the computer will definitely be usable for in the morning as there will only be minor clean up left to do. Can you get on in the morning before it's needed at 10 am?

[retrac]

SO in Adaware when Your in the Scanning section "select drivers & folders to scan" should i select both hard drives ??

Sorry bout all the questions(after that last incident im a lil nervous )

[Michelle]

No! Just C: We are NOT touching that other hard-drive LOL

You're supposed to be disconnected from the Internet in SAFE MODE! What are you doing still on here?

[retrac]

im on friends lap top... the other comp is not plugged in at all to internet

sometimes i edit my post instead of starting a new one... hehe I mentioned that a minute ago on an edit.... hehe

Well Back to work


You guys SO ROCK !!!!!

Edited by retrac, 18 May 2005 - 02:35 AM.

[Michelle]

Ah, I see! Good way to do it...

[Michelle]

I don't know if you saw this or not?

I need to go to bed shortly...hopefully you'll post the next log before then.  If you followed all of my instructions then the computer will definitely be usable for in the morning as there will only be minor clean up left to do.  Can you get on in the morning before it's needed at 10 am?

[retrac]

well .. i am prolly gonna be doing all this into the wee hours of tonight , and i got to get a lil sleep so.. iml just guessin here but ill be headin home after ive finished everything on this list( might be 6 or 7 am Central so i will prolly sleep till i have to be back up here which is at 2pm but if im here real early in the morning im sure they will let me go get some sleep and come in later like 5 pm

Im at your mercy ill do whatever you want

Just finished ADAware scan

Edited by retrac, 18 May 2005 - 02:45 AM.

[Michelle]

Ok, the was the part I was worried about taking forever! The next part won't take long so I'll wait for you to post the logs before heading out!

[retrac]

just about there thanks so much

[retrac]

here we go About:blank is still hanging around



Logfile of HijackThis v1.99.1
Scan saved at 4:13:11 AM, on 5/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\svchost.exe
C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINNT\winfv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [winfv.exe] C:\WINNT\winfv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - Startup: CTI Tray Icon.lnk = C:\Program Files\WinFax\Ctitrayi.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BD254E2-8B0C-4C01-BE11-A86733D1EC5E}: NameServer = 206.222.97.82,206.222.97.50
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CtlSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Ctlsvr.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EdcSvr - Aloha Technologies - C:\AlohaDrive\Aloha\bin\Edcsvr.EXE
O23 - Service: Fastech Security Server (FSSecurityServer) - Ibertech, Inc. - C:\ALOHAD~1\ALOHA\BACKOF~1\LICENSE\FSSECS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Scanned at: 2:22:43 AM on: 5/18/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

[Michelle]

Well that's a much prettier log! I need to go to bed now, but the computer is definitely usable for in the morning! Here are the next steps:

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {3C10C0AA-0C44-95D1-E182-AF24B1C2ED83} - C:\WINNT\system32\appan.dll

Close HiJackThis.

Then whenever you get a chance I need you to do this (but don't do anything with HiJackThis until I review it again!):

Download ewido security suite

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:

• Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log.

[retrac]

but you do want me to run HJT right now???? AND check the ones you specified ??
But the one down at the very bottom of your message you want me to wait on doing?




CAN I RESET MY HOMEPAGE ?

Edited by retrac, 18 May 2005 - 03:23 AM.