|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-24-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry hijack logGo to the Tech-Forums Discussion Home PagePosted by: mager this is my first log...... comps been going kinda slow .... please check this ...... thanks Logfile of HijackThis v1.99.1 Scan saved at 1:42:51 PM, on 5/1/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\CACHEM~1\CachemanXP.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Norton AntiVirus\navapsvc.exe E:\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Spybot - Search & Destroy\TeaTimer.exe E:\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe E:\Firefox\firefox.exe C:\WINDOWS\system32\LVComsX.exe E:\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Steve.STEVECOMP\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://gunbound.net/[/url] O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AIM] E:\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - E:\CACHEM~1\CachemanXP.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Posted by: Lobos Hi mager I don't see alot wrong with your log escept your do for your patches for your OS and IE. without them you are very vulnerable. and you never know it might speed things up When we're done cleaning off your system, i'd [b]recommend[/b] that you install all the [color=#ff0000][b][i]critical windows updates[/i][/b][/color] available from [b]Microsoft[/b], upto [i]service pack 1[/i]. This will help to make your system more secure and prevent many '[i]problems[/i]' from reoccuring in the future. =============== Download, unzip to your desktop [url=http://www.intermute.com/spysubtract/cwshredder_download.html]CWShredder[/url] and run it, then: 1. Click "[b][i]Check For Update[/i][/b]" make sure your version is 2.14 ([i]If an update isn't available, skip to step #4.[/i]) 2. Click "[b][i]Click here to Download the upate[/i][/b]". 3. When the new version has been downloaded, click "[b][i]Save[/i][/b]". 4. Click "[b][i]Fix ->[/i][/b]" =============== Go to [b]Add/Remove programs[/b] and remove(uninstall) the following, if present: [b][color=#ff0000]Web Related[/color][/b] The above could appear anywhere within the entry. Be careful not to remove any [i]personal[/i] or [i]system[/i] software. =============== Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm [/b][/color] [color=#9933cc][b] O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm [/b][/color] Now, with all windows closed except [b]HiJackThis[/b], click "[b][i]Fix checked[/i][/b]". =============== Post back a new log, and let me know how everything goes. - Lobos. Posted by: Warez Monster Remove entries at your own risk Thats the only I see, possibility O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\AIM\\DeadAIM.ocm",ExportedCheckODLs Unknown application. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |