[Log Help Please] -
Log Help Please
Discuss Log Help Please
Posted by: trez8289
[QUOTE][i]Originally posted by trez8289 [/i]
[B]Hello...
I was using Internet Explorer. And im guessing i got some spyware.
I now have programs that block it and clean my comp.
I also used Mozilla, but i want to fix the IE problem.
I read and did some of the suggested things from here:
[url]http://www.tech-forums.net/showthread.php?s=&threadid=16781[/url]
I used the CWShredder which works, but only temperelory.
Here is the file report:
[code]
**** Run Keys ****
RUN: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [Steam]
**** Browser Helper Objects ****
BHO: [CNavExtBho Class] C:\Program Files\Norton AntiVirus\NavShExt.dll
**** IE Toolbars ****
TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll
**** IE Extensions ****
IEExt: [AIM] C:\Program Files\AIM\aim.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
Default Page: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]
Default Search: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: about:NavigationFailure
Search Page: about:NavigationFailure
**** IE Context Menu (Right click) ****
IEContext: [&AIM Search] res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9FC73D5-BC2A-4DD1-A3E7-625146E3F908}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9FC73D5-BC2A-4DD1-A3E7-625146E3F908}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B88EB4-2B64-4363-8BA9-A57BACEF7F2A}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B88EB4-2B64-4363-8BA9-A57BACEF7F2A}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7BF8C8F-7131-4347-AA4D-F8D8BB62AC10}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7BF8C8F-7131-4347-AA4D-F8D8BB62AC10}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC59549C-102E-46D8-A50B-ACD48CA728A0}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC59549C-102E-46D8-A50B-ACD48CA728A0}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70B7DC6D-ECF4-40F3-B6AB-4308203E68ED}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70B7DC6D-ECF4-40F3-B6AB-4308203E68ED}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [[url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]] C:\WINDOWS\System32\wuweb.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} [[url]http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab[/url]]
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} [[url]http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab[/url]]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [[url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]]
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:NavigationFailure
SEARCH: [CustomizeSearch] [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [SearchAssistant] about:NavigationFailure
[/code]
I made a copey of the "Hijack This" file.
Here it is:
[code]
Logfile of HijackThis v1.97.7
Scan saved at 10:09:16 AM, on 12/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {66298D1C-FF20-40EB-BF1C-67E8BFCC2AA4} - C:\WINDOWS\system32\aof.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
[/code]
I'm good at computers but I dont know how to do that MSDOS Safe Mode stuff that, that one guy was saying.
Help is greatly apreciated. Thank You. :) [/B][/QUOTE]
Thank You.
Posted by: intercodes
trez8289,
Your Hijackthis software version is old. Can you get the new one and repost the log.And i assume you have spybot S & D and ad-aware se personal installed and scanned with..
-IC
Posted by: trez8289
[QUOTE][i]Originally posted by intercodes [/i]
[B]trez8289,
Your Hijackthis software version is old. Can you get the new one and repost the log.And i assume you have spybot S & D and ad-aware se personal installed and scanned with..
-IC [/B][/QUOTE]
Sure.
Here is the new log.
[code]Logfile of HijackThis v1.99.0
Scan saved at 2:08:29 PM, on 12/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {930B5B71-ED2B-4879-92EB-D0822E19314B} - C:\WINDOWS\system32\nag.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]
O18 - Filter: text/html - {DB731E46-1CE6-4945-BBE3-3E4651F3E4EE} - C:\WINDOWS\system32\nag.dll
O18 - Filter: text/plain - {DB731E46-1CE6-4945-BBE3-3E4651F3E4EE} - C:\WINDOWS\system32\nag.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[/code]
and yes, I do use Ad aware. What is S & D?
Posted by: trez8289
btw... do you suggest using Mozilla Firefox anyway?
I would like to fix this problem because I dont want spyware and crap in my computer. Also when I login in on AIM, Popups come up when i login.
Thanks man. :-D
Posted by: intercodes
[QUOTE]What is S & D?[/QUOTE]
Spybot search and destroy
[QUOTE]btw... do you suggest using Mozilla Firefox anyway?[/QUOTE]
****, yes!!!!!
Okay, here we go...
* Download spybot search and destroy and cwshredder.[ dont try them yet ]
* Turn of system restore [url]http://www.pchell.com/virus/systemrestore.shtml[/url]
* Close all windows , except HJT and select and fix the following entries.
-------------------------
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm [B][If you dont need this, fix this][/B]
---------------------------
* Next, run cwchredder and spybot S&D
*reboot your system and post a new log.
Posted by: trez8289
[e]
I just installed S & D, and Im about to turn off System Restore.
Thanks so much for you help man. :D
Posted by: trez8289
btw.. do you also have any type of IM program like AIM, MSN Messenger, or mIRC. I would like to talk to you about Firewalls and stuff. This is not my only computer. I have three which are all important to me, so I want to make sure theyr safe. Thanks
[e]
also,
can you maybe tell me how i would be able to uninstall IE since i dont need it? do you suggest i do that? or just not use it?
thx:cool:
Posted by: trez8289
hey.
i just did what you told me to do.
as for now it works great.
When I used S&D, only this came up:
[img]http://www.fasl.haxtheplanet.net/venom/other/problem.gif[/img]
I fixed it. And then I scaned again, and it showed up as a problem again. I dont think its a big problem. What do you think?
Posted by: trez8289
****!!!
After doing what you said.. It eventuly goes back. :-/
This sucks.
Posted by: intercodes
[QUOTE]do you also have any type of IM program like AIM, MSN Messenger, or mIRC[/QUOTE]
only Yahoo: intercodes
[QUOTE] ****!!![/QUOTE]
Calm down.. ;) . I want you to repost your log.
Posted by: trez8289
[code]
Logfile of HijackThis v1.99.0
Scan saved at 3:29:26 AM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {4F02B364-97F7-4DAE-8DE4-2C4B47C3BCCB} - C:\WINDOWS\system32\eamm.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]
O18 - Filter: text/html - {A8B820CE-2A7F-419B-B5D1-8CA49C80BD07} - C:\WINDOWS\system32\eamm.dll
O18 - Filter: text/plain - {A8B820CE-2A7F-419B-B5D1-8CA49C80BD07} - C:\WINDOWS\system32\eamm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[/code]
Posted by: southernlady
trez8289, I'm Liz and I just got back from vacation.
I just read your log and what I want you to do is run CWShredder and HiJack This but this time you are going to do it in [URL=http://www.spyware911.net/safemode.htm]Safe Mode[/URL]
So what you need to do is put both files in a folder called something like MalwareTools and put it right on your C Drive so it will look like this C:\Malwaretools\CWShreddeer and C:\Malwaretools\HiJackThis ok? Make sure they are unzipped.
Then make sure you have all your files and folders unhidden: [URL=http://www.spyware911.net/forum/index.php?showtopic=27]Show hidden files & folders [/URL]
Copy all this down on notepad cause once you boot into safe mode, you won't be able to access the internet to find out what you need to know. Then boot into safe mode.
Run CWShredder.
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click [B]"Fix checked"[/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank[/B]
[B]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Frank\LOCALS~1\Temp\sp.dll/sp.html[/B]
[B]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank[/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank[/B]
[B]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank[/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank[/B]
[B]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank[/B]
[B]O2 - BHO: (no name) - {4F02B364-97F7-4DAE-8DE4-2C4B47C3BCCB} - C:\WINDOWS\system32\eamm.dll[/B]
[B]O18 - Filter: text/html - {A8B820CE-2A7F-419B-B5D1-8CA49C80BD07} - C:\WINDOWS\system32\eamm.dll[/B]
[B]O18 - Filter: text/plain - {A8B820CE-2A7F-419B-B5D1-8CA49C80BD07} - C:\WINDOWS\system32\eamm.dll [/B]
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Go to Start > Run and type [B]%temp%[/B] in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Reboot
Empty the Recycle Bin
Then post another log. Liz
Posted by: southernlady
Closing thread due to inactivity. Liz