Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help


  • Please log in to reply

#16
StevenSch02

StevenSch02

    New Member

  • Member
  • Pip
  • 3 posts
Hey, I did not want to start a new thread, but I have the same problem, and I followed all the instructions you have David, but still the problem persists. It does not occur when I log in as the admin, but only when another user logs in. (the "visual c++ runtime... C:\WINNT\explorer.exe") Also, I don't know if I should be doing this fixes as the admin, or the "infected user".
I run AdAware everyday, and CWShredder, and SpyBot.

Here is the HJT log from the "infected user".

(when I run HijackThis as the "infected user" i get an error when I scan, but not as the admin... the error is:
"for some reason your system denied write access to the Host file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If this happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad "C:\WINNT\System32\drivers\etc\hosts"

and press Enter. Find the line(s) HijackThis reports and delete them. Save the "file as "hosts." (with quotes), and reboot. "



Anyway, this is the log under the "infected user"

Logfile of HijackThis v1.98.2
Scan saved at 6:07:31 PM, on 12/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Transparent Icon Names\TransparentW.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.komotv.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Startup: Shortcut to TransparentW.lnk = D:\Transparent Icon Names\TransparentW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
  • 0

Advertisements


#17
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Sorry, it's too confusing to help two users in the same thread. Please start a new topic. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP