Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NTFS,Page filing,and using spybot and adaware OPEN


  • This topic is locked This topic is locked

#1
LogansRun

LogansRun

    Member

  • Member
  • PipPip
  • 13 posts
Hey guys, I have multiple issues. I have done all the steps to clean my system and I believe Ive cleaned a great deal of crap up but I still cant update ewido addaware or spybot, avg updates fine though. I also can :tazz: t check my disk for errors because of something to do with NTFS, I cant start up unless I hit control alt delete on my login page - I get a message about my paging file being to low and when I turned it up all the way it still said the same thing. My exploror is acting wierd it wont load up certain pages and I cant update microsoft.java script:emoticon(':help:')
smilie - heres my log

Logfile of HijackThis v1.99.1
Scan saved at 9:13:17 AM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Logan A. Ostroski\My Documents\programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sccoast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philhendrieshow.com
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.wnd.com/"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WorksFUD] Ati2mdxx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {44B33957-091D-45DA-9E91-CD5224B6BA17} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sccoast.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

I dont know why aol is still here either - man am I glad I found u guys - Logan
  • 0

Advertisements


#2
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
http://www.geekstogo...ndpost&p=241161
  • 0

#3
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please follow tampa's instructions and post a new hijack this log in this thread, so he can help you. I will close your five-day and no reply topic. :tazz:
  • 0

#5
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi,
We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.

View Post


Tampa, this is my first time doing this, I must be doing something wrong because all I recieved from you is this:

We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.



I think u gave me instuctions but I dont see them.

sorry to bother u

Logan 7/28
  • 0

#6
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
incase u do need a fresh Log

Logfile of HijackThis v1.99.1
Scan saved at 12:02:27 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Logan A. Ostroski\My Documents\programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sccoast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philhendrieshow.com
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.wnd.com/"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {44B33957-091D-45DA-9E91-CD5224B6BA17} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sccoast.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7EE7F82-9B3D-4A15-9B45-65316790F182}: NameServer = 66.153.128.98 66.153.162.98
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

thanx Logan
  • 0

#7
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Logan,

I needed to have a look at the fresh HJT log before I can decide on the future course of action. Thanx for posting it.


Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

Silent Runners

You have Ewido installed. Try and Update the definitions to the newest files. Do NOT run a scan yet. In case it doesnt update, then proceed with the rest of the fix.

2. Remove Infections

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Run Hijack This and post a fresh HJT log along with Ewido scan report also along with the Silent Runners' log.
  • 0

#8
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Tampa,
I havnt been ignoring you Ive just had to work.
Ive almost got everything done, I just need to use silent runners and Ill have the logs for you in the morning.
I appreciate your help, sorry it took me so long

Logan
  • 0

#9
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Logan,

No problem. Post it when you have completed the fix. I will have a look at it.
  • 0

#10
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok Here is Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:41:37 PM, 7/30/2005
+ Report-Checksum: 1C86E743

+ Scan result:

:mozilla.19:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Firefox\Profiles\default.5he\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

Here is Silent runners

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CPQEASYACC" = "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" ["Compaq Computer Corporation"]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"srmclean" = "C:\Cpqs\Scom\srmclean.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
{44BBA851-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Web Publishing Wizard 1.52"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,PerUserRemove" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "c:\windows\system32\deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" [file not found]
"{336B02CE-F88A-4aea-8731-79EF94D3723A}" = "Get $$$ - Refer a friend!.url"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\aod\aodshext.dll" [null data]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tds3shl.dll" [empty string]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tds3shl.dll" [empty string]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Program Files\WallMaster\WallMaster Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ORGANI~1.SCR" (Organic Art, MS Edition.scr) ["Computer Artworks Ltd."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{44B33957-091D-45DA-9E91-CD5224B6BA17}\
"ButtonText" = "Support"
"Exec" = "C:\Program Files\Internet Explorer\SIGNUP\Presario.htm" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.sccoast.net

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
SAP Agent, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
Virtual NIC Service, PackethSvc, "C:\WINDOWS\System32\PackethSvc.exe" ["America Online, Inc."]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 416 seconds, including 18 seconds for message boxes)


Here is Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 11:42:50 AM, on 7/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Logan A. Ostroski\My Documents\programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sccoast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philhendrieshow.com
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.wnd.com/"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Logan A. Ostroski\Application Data\Mozilla\Profiles\default\v3kxqgo4.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {44B33957-091D-45DA-9E91-CD5224B6BA17} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sccoast.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

Thanx for your patience Tampa

Logan
  • 0

Advertisements


#11
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Logan,

Your logs look fine. That means that there is no infection on your PC which could be interfering with the smooth operation of your PC.


Lets see if some of the system files are corrupted.

Please insert the Windows XP CD in your CD drive.

Click on Start ---> Run. Type in -

sfc /scannow

This will check all your core system files and replace them if they are corrupted or missing.

Let me know how it goes.
  • 0

#12
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ahboy,

Now Im in trouble Tampa,
X-fiance broke the Xp cd that came with my labtop.

What I can tell you is that when I start up,
It beeps and I get a message saying my page filing is to small. Then it tells me to go to system settings, advanced and change it. I set it to its max and I still either get the same message next time I start up or it dosnt load up untill I hit control alt delete.

Logan
  • 0

#13
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Logan,

can you get a Windows XP CD from somebody else for a short period of time??? We dont need the Windows Key, Just the Windows CD.

In any case, if the CD came with the laptop, then chances are that it was the installation CD and not Windows CD. Any chance of Warranty on the laptop being still available ???
  • 0

#14
LogansRun

LogansRun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey Tampa,
Ill check in to it and at worse case just borrow a cd, and Ill get back to ya in a couple of days. I do think I still have a few months of warrenty left.

Logan
  • 0

#15
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
In case you can take it back for "repairs" under warranty or get the Windows CD, then I suggest you do the following -

1. Do a repair Install of Windows XP on your PC. Please read more about how to do repair install here - http://www.windowsreinstall.com/. Go to the bottom of the page and choose your Operating system. It will give you options - choose Repair Install and read up on it.


2. Repair Install will leave all your installed programs and data files intact on your PC. However it will amount to uninstalling the service packs and patches installed. Immediately after the Repair Install please visit Windows security and critical updates . Choose Custom install and install Service Pack 1a.

Let me know how it goes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP