Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ShowWnd/HJT errors [RESOLVED]

Started by retrac , Aug 17 2005 02:19 PM

  • This topic is locked This topic is locked

#1
retrac
Posted 17 August 2005 - 02:19 PM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
THANKS first off :)

Well i just updated & ran a Spybot S&D scan and it found ShowWnd...I read this is a Trojan or was put here by a trojan???not sure. So i fixed it in Spybot And then rebooted with Normal Startup selected in Msconfig. I then opened HJT and started the scan and then got like 3 or 4 HJT errors before it could finish scan, then finally it finished .It says it posted the errors to my "clipboard" but i dont see a clipboard in my HJT folder. Is this clipboard somewhere else??


Logfile of HijackThis v1.99.1
Scan saved at 3:13:46 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Sanitized by JEFF :tazz:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I went to Safe Mode and did an Ewido scan also

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:24:46 PM, 8/17/2005
+ Report-Checksum: 72AC512C

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup


::Report End


Something wierd ive noticed I only have eight 04's on my HJT log and Ive got nine in my Msconfig ....Here is a picture

Edited by retrac, 17 August 2005 - 04:32 PM.

  • 0

Advertisements

#2
Michelle
Posted 19 August 2005 - 12:16 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

I then opened HJT and started the scan and then got like 3 or 4 HJT errors before it could finish scan, then finally it finished .It says it posted the errors to my "clipboard" but i dont see a clipboard in my HJT folder. Is this clipboard somewhere else??

When you Right-click and copy something, where does it go? The clipboard! :) All you have to do is paste it somewhere :tazz:

Your log looks fine. In that screenshot, can you tell me exactly what that says on the right of the file that isn't showing in hjt? (the very bottom one) it says "HKCU\Microsoft\Windows\CurrentVer...." what is the full path?
  • 0

#3
retrac
Posted 19 August 2005 - 12:24 AM

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
hehe thanks :tazz: it is \currentversion\run

i went to HKey Current Users\...\....\currentversion\run and there were two files there 1 was default and the other was ATILaunchpad . i have an ati graphics card

Thanks so much Michelle

Edited by retrac, 19 August 2005 - 12:25 AM.

  • 0

#4
Michelle
Posted 19 August 2005 - 12:50 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Then you're good to go :tazz:
  • 0

#5
retrac
Posted 19 August 2005 - 12:52 AM

retrac

    Visiting Staff

  • Topic Starter
  • Member
  • PipPipPip
  • 578 posts
Cool thanks !!!

Im about to go try and take my first test.....Im extremely Paranoid about it :tazz: hehe

See ya soon :)
  • 0

#6
Michelle
Posted 19 August 2005 - 12:55 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz:

Good luck :)
  • 0

#7
Michelle
Posted 19 August 2005 - 01:03 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP