|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 My log(Click here to view the original thread with full colors/images)Posted by: TheMajor [color=darkred]Logfile of HijackThis v1.97.7 Scan saved at 18:40:56, on 3-3-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Applications\Avast\aswUpdSv.exe C:\Applications\Avast\ashServ.exe C:\WINDOWS\System32\oodag.exe C:\Applications\Avast\ashMaiSv.exe C:\Applications\Avast\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\APPLIC~1\Avast\ashDisp.exe C:\Applications\JAVA\bin\jusched.exe D:\PROGRA~1\3DCALE~1\3DCal32.exe D:\Programma's\Second Copy 2000\SecCopy.exe C:\Applications\Winamp\winamp.exe C:\WINDOWS\System32\svchost.exe C:\Applications\PocoMail3\Poco.exe C:\Applications\Opera7.54\opera.exe C:\Documents and Settings\TheMajor\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Mijn%20documenten/Websites/TheMajor's-Links/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///D:/Mijn%20documenten/Websites/TheMajor's-Links/index.html"); (C:\Documents and Settings\TheMajor\Application Data\Mozilla\Profiles\default\m15i02dw.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// c%3A%5CApplications%5CNetscape%5Csearchplugins%5CS BWeb_01.src"); (C:\Documents and Settings\TheMajor\Application Data\Mozilla\Profiles\default\m15i02dw.slt\prefs.js) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\APPLIC~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Applications\JAVA\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [3DCal32@3DCAL32.INI] D:\PROGRA~1\3DCALE~1\3DCal32.exe /M D:\PROGRA~1\3DCALE~1\3DCAL32.INI O4 - HKCU\..\Run: [Second Copy 2000] "D:\Programma's\Second Copy 2000\SecCopy.exe" /InitialWait=20 O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\TheMajor\LOCALS~1\Temp\djtopr1150.exe" O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Onderzoek (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107803143651[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA2E8D9-E7C0-44F8-A0D2-5ECE1A6BDBB4}: NameServer = 212.142.28.66,212.142.28.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC252C0-232A-4900-8D87-8E6927A1B680}: NameServer = 212.142.28.66,212.142.28.67 [/color] Posted by: southernlady Need to update it, TheMajor...we are on version 1.99.1 now, look in my signature. Liz Posted by: TheMajor [color=darkred] I got some unexpected errors, but clicked OK and completed the scan. Logfile of HijackThis v1.99.1 Scan saved at 18:53:37, on 3-3-2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Applications\Avast\aswUpdSv.exe C:\Applications\Avast\ashServ.exe C:\WINDOWS\System32\oodag.exe C:\Applications\Avast\ashMaiSv.exe C:\Applications\Avast\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\APPLIC~1\Avast\ashDisp.exe C:\Applications\JAVA\bin\jusched.exe D:\PROGRA~1\3DCALE~1\3DCal32.exe D:\Programma's\Second Copy 2000\SecCopy.exe C:\WINDOWS\System32\svchost.exe C:\Applications\PocoMail3\Poco.exe C:\Applications\Opera7.54\opera.exe D:\Programma's\Trillian\trillian.exe C:\Documents and Settings\TheMajor\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Mijn%20documenten/Websites/TheMajor's-Links/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///D:/Mijn%20documenten/Websites/TheMajor's-Links/index.html"); (C:\Documents and Settings\TheMajor\Application Data\Mozilla\Profiles\default\m15i02dw.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// c%3A%5CApplications%5CNetscape%5Csearchplugins%5CS BWeb_01.src"); (C:\Documents and Settings\TheMajor\Application Data\Mozilla\Profiles\default\m15i02dw.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\APPLIC~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Applications\JAVA\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\TheMajor\LOCALS~1\Temp\djtopr1150.exe" O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll" O4 - HKCU\..\Run: [3DCal32@3DCAL32.INI] D:\PROGRA~1\3DCALE~1\3DCal32.exe /M D:\PROGRA~1\3DCALE~1\3DCAL32.INI O4 - HKCU\..\Run: [Second Copy 2000] "D:\Programma's\Second Copy 2000\SecCopy.exe" /InitialWait=20 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Applications\JAVA\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Applications\JAVA\bin\npjpi150_01.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLIC~1\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107803143651[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA2E8D9-E7C0-44F8-A0D2-5ECE1A6BDBB4}: NameServer = 212.142.28.66,212.142.28.67 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC252C0-232A-4900-8D87-8E6927A1B680}: NameServer = 212.142.28.66,212.142.28.67 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Applications\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Applications\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Applications\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Applications\Avast\ashWebSv.exe" /service (file missing) O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: V2i Protector - PowerQuest Corporation - C:\Applications\V2i Protector2.0\Agent\PQV2iSvc.exe [/color] Posted by: rstones12 Hi Major, First off your Windows OS is seriously out of date, I dont see any service packs applied to your Windows XP. I would run the items listed below first, then update your OS, at least to SP1. We can get you cleaned up and then get SP2 on your system. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] [b][2.][/b] Please run at least one of these online scans, allow it to delete anything it finds: You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time. If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough. [list][url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [url=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/url] [url=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. Please make a note of anything that wasn't or couldn't be fixed. [b][3.][/b] You [b]may have[/b] run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Empty Your Recycle Bin. [b][7.][/b] Reboot normally and post a new HJT log by using [b]Post Reply[/b]: Thanks, rstones12 Posted by: TheMajor [color=darkred]I didn't run Ad-aware or Spybot, because I am too busy at the moment. I did CWShredder and no CWS or other variants were found. I am doing a virus scan with Avast antivirus at the moment. My PC runs fine without any noticable problems. Running processes are fine, services and startup items checked and cleaned. Thanks for you time!!! [/color] Posted by: rstones12 I can only suggest that you run those two anti-spyware programs. Ad-Aware SE Spybot S&D Then update your Windows OS, [b]"NOW"[/b] That's what most people think. I am not saying that you have malware on your machine, but what is the harm of just checking. Many of these malware nasties run in the background so you wouldn't even really notice any changes. "A wolf in sheeps clothing is still a wolf" Just my thoughts. rstones12 Posted by: TheMajor [color=darkred]True. I can't install service packs, though. Might have to change my activation key, but that's illegal.[/color] Posted by: TheMajor [color=darkred]No virus found.[/color] Posted by: greg0r I find many times that SB S & D, Adaware, avast, AVG, Pc-cillin, and multiple other free virus scans, miss many things that Webroot Spy Sweeper, gets... So I really recommend downloading the trial here (30 days only, but it will from my expereince get just about anything) [URL=http://www.webroot.com/downloads/?WRSID=b2323706823d50df139b71f51b678f1b]http://www.webroot.com/downloads/?WRSID=b2323706823d50df139b71f51b678f1b[/URL] I really think this does a better job then even SB S & D, and Adaware, combined w/ an antivirus like TrendMicro PC-cillin... Hope it helps! -greg0r Posted by: southernlady [quote]I can't install service packs, though. Might have to change my activation key, but that's illegal.[/quote] TheMajor, you can go in and download the HotFixes with Opera from [url]http://tinyurl.com/6oxg[/url] and save them into a folder and then run the hotfixes. NOT the service packs, just the Hotfixes. Liz Posted by: TheMajor [color=darkred]I agree. Spysweeper is much better, I used to use it when I was still using IE. Now I don't need it anymore though. My XP already has all hotfixes installed. [/color] Posted by: southernlady Now, go install a firewall and an antivirus because spyware is going to exploit Opera soon enough and even tho you don't want to admit it, IE is still residing in your system and can be exploited in spite of your use of Opera. Liz Posted by: TheMajor [color=darkred]I already have Avast. I will install SyGate again, but I doubt it will keep anything from installing, cause it never did when i used IE. It will also make my system a bit slower :([/color] Posted by: southernlady [quote]I will install SyGate again, but I doubt it will keep anything from installing, cause it never did when i used IE.[/quote] Then try ZA Free! If you don't like SyGate. Liz Posted by: TheMajor [color=darkred]I don't like ZA. I love SyGate.[/color] Posted by: southernlady [quote]I love SyGate.[/quote] But refuse to run it??? Now that doesn't make a LICK of sense. Liz Posted by: TheMajor [color=darkred]I installed it.[/color] [quote]I will install SyGate again[/quote] Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |