Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log [RESOLVED]


  • This topic is locked This topic is locked

#1
sweft

sweft

    Member

  • Member
  • PipPipPip
  • 123 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:12:15 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ODMFS9YR\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = host-207-248-240-118.block.alestra.net.mx:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=072005 serial=WS12WTX-9999998-UYR lang=EN
O4 - HKCU\..\Run: [RAMSaverPro] c:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120376135535
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


I am having trouble connecting to some sites. And I have no clue what the problem is:
Yahoo log in I get error 999
and when I log onto gmail.. well, before the page even opens i get
"The request was rejected because the port it was connecting to
is not configured to receive the protocol being sent.
Please contact your network administrator."
And I cannot do nothing..
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notebook onto your post
Excal

Edited by Excal, 11 July 2005 - 09:03 PM.

  • 0

#3
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
avast! Antivirus
Creative DVD Audio Plugin for Audigy Series
Dell ResourceCD
Gaim (remove only)
Google Earth Plus
GTK+ Runtime 2.6.7 rev a (remove only)
HijackThis 1.99.1
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD 7
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_03
Media Library Management Wizard
Mozilla Firefox (1.0.4)
MSXML 4.0 SP2 Parser and SDK
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
RAM Saver Pro
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
SmartFTP Client
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
StyleXP (remove only)
Trellian Dictionary v1.0
Trellian LiveUpgrade v2.0
TSW WebCoder 5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Web Design Group CSS Reference
Web Design Group HTML Reference
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol
WinRAR archiver
WordPerfect Office 12
ZoneAlarm
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

DOWNLOAD PROGRAMS


Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please download ISTFIX Here
Please do not run yet



THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = host-207-248-240-118.block.alestra.net.mx:80
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)


7. click the Fix Checked box

8. Please run IstFix.

9. Run the program CleanUp!

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#5
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:49:09 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=072005 serial=WS12WTX-9999998-UYR lang=EN
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [RAMSaverPro] c:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe

And you wanna know something else? It worked. I have no clue what diff it made but I am able to sign onto gmail. I havent tryed anything else yet.. but I will keep you informed.
Thank You sO much. I owe you one.. mr. *Remainder of post edited by an Administrator. While I'm sure you meant no offense with the name you chose to use toward Excal, please do not post any form of curse words on the forums. This is a family friendly site, and you should always treat those who take the time to help you for FREE with respect and courtesy! :tazz:

Edited by ~Kat~, 12 July 2005 - 06:47 PM.

  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#7
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Hey!

"Ensure you rehide your “hidden files and folders” back to the way they were."

How? I noticed the folder was added so I just put the whole folder in my doc. I am downloading a new firewall. Is it safe to run two?

Thank You again.. wow, I cannot believe I got all this help for free. LoL.
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Go to My Computer >Tools >Folder Options >View tab and make sure that Show Do not show hidden files and folders is checked. check the Hide extensions for known file types and Hide protected operating system files option.

Only run one Firewall.



Excal
  • 0

#9
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
..hmm, I wonder what's up now? Okay, I was like, Im going to delete IE and just use firefox, right? So before I did I was like, I need to see if it worked.
So I got the same error for firefox: "The request was rejected because the port it was connecting to
is not configured to receive the protocol being sent.
Please contact your network administrator."
but in IE it works. What's up with this?
  • 0

#10
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Okay here is my Active Scan report:

Incident Status Location

Adware:Adware/CWS No disinfected
C:\Documents and Settings\Owner\Favorites\Fun & Games
Adware:Adware/SideFind No disinfected
C:\ProgramFiles\SideFind
Adware:Adware/WUpd No disinfected
C:\ProgramFiles\MediaAccess
Spyware:Spyware/YourSiteBar No disinfected
C:\ProgramFiles\YourSiteBar
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaAccX.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaAccX.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
Adware:Adware/Transponder No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HMJ4HI3\tcv[1].p
Adware:Adware/WUpd No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0HMJ4HI3\thisone[1].p
Adware:Adware/WUpd No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHMJKTA3\bridge-c18[1].cab[MediaAccX.dll]
Adware:Adware/nCase No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2NGTY3\thisone2[1].p
Adware:Adware/WUpd No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2NGTY3\thisone[1].p
Adware:Adware/WUpd No disinfected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDQVG9UR\bridge-c18[1].cab[MediaAccX.dll]
-------------------------------------------------------------------------------------------

Symantec Adware.Istbar Removal Tool 1.0.7


C:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.
(btw I did download this and ran it again on safemode and it say's it not been found on my pc?)
--------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:15:10 AM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=072005 serial=WS12WTX-9999998-UYR lang=EN
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [RAMSaverPro] c:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120376135535
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------

Yes, I am running active scan again and already it found four. This is gay I just pluged it in and my virus and firewall was pluged in! How come this is happing to me? Ill edit this again with a freah copy of activescan report. And how come it dont do nothing when I run Symantec Adware.Istbar Removal Tool 1.0.7 when I sit here for 20 minute and watch it scan all my files? I even redownloaded this.

Well, when I get the new scan I will post edited here_edited 1:14am_**

IE let's me do everything now but firefox will not. Get the same problem like I was before but now I can use one and not the other. I mean, I wouldnt trip normally but this is my computer that I saved and spent money on. You know how that is: LoL.
BBL,

Regards,
Sweft

Edited by sweft, 12 July 2005 - 02:15 AM.

  • 0

#11
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Just a few random bad files and folders to clean up.

Please remove the following folders using Windows Explorer (if present):

C:\Documents and Settings\Owner\Favorites\Fun & Games
C:\ProgramFiles\SideFind
C:\ProgramFiles\MediaAccess
C:\ProgramFiles\YourSiteBar
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".

    Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaAccX.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaAccX.dll
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll


Run CleanUp! one more time, you still have bad temp files.

Your log is clean. I am not sure why it would be doing that with FireFox.



Excal

Edited by Excal, 12 July 2005 - 10:10 AM.

  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I would not get rid of IE regardless, you still need to update windows.



Excal
  • 0

#13
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

  *Remainder of post edited by an Administrator. While I'm sure you meant no offense with the name you chose to use toward Excal, please do not post any form of curse words on the forums. This is a family friendly site, and you should always treat those who take the time to help you for FREE with respect and courtesy! :tazz:

View Post


Hey Excel I am sorry I used the a curse word. I actually wasnt meaning any offense to you or anyone reading it. I am sorry. But I figured I'd stick with IE because When I downloaded the new verson 1.0.5 it still dont work with Firefox.
But at least I have it to do what I want it to do and it's all thankx to you!

I ran them tools you directed me in and I think it's just fine.

So what updates should I do to Windows? Any suggestions like, must have's?

Thank You Again,

God Bless You,
Regards,
Sweft
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I would go to the windows update site and update any security updates there are. (only with IE)

www.windowsupdate.com

:tazz:

Excal
  • 0

#15
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP