Computers| Computers |
|
12-09-2004, 10:32 AM
| #1 (permalink) |
| True Techie Join Date: Mar 2004
Posts: 192
|  Need someone to check this log file I can see there's a ton of unneeded programs running. This is my boss' laptop and it's got every piece of Dell software made running on it, but lately he's been having some popup trouble. Nothing major, just a video poker ad every hour or so.....something like that anyway. ================================= Logfile of HijackThis v1.97.7 Scan saved at 6:53:00 AM, on 12/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\QuickSet.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Apoint\Apntex.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\xpsp2fw.exe C:\WINDOWS\system32\3dTRTER.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLHOS~1.EXE C:\WINDOWS\system32\wuclient.exe C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLServiceHos t.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\America Online 9.0b\waol.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sySP32PE] C:\WINDOWS\sySP32PE.exe O4 - HKLM\..\Run: [symsnt] C:\WINDOWS\symsnt.exe O4 - HKLM\..\Run: [PE64oror] C:\WINDOWS\PE64oror.exe O4 - HKLM\..\Run: [64hh64nt] C:\WINDOWS\64hh64nt.exe O4 - HKLM\..\Run: [SPntor] C:\WINDOWS\system32\SPntor.exe O4 - HKLM\..\Run: [orms64] C:\WINDOWS\system32\orms64.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100800294\EE\AOLHostManager.exe O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe O4 - HKLM\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe O4 - HKLM\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe O4 - HKCU\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe O4 - HKCU\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AOL Toolbar (HKLM) O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM) O9 - Extra button: Research (HKLM) O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/198e21ff...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102094944623 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...020.3904166667 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab =================================== |
|
|
12-09-2004, 03:36 PM
| #2 (permalink) |
| Monster Techie Join Date: Nov 2004
Posts: 1,346
  | First, you have an outdated HiJack This log. You need to go to http://www.majorgeeks.com/download.php?det=3155 and download the newest version,1.98.2, please. Next, you are running Hijack This out of a temporary directory on your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract Hijack This into the folder you have created and run it from there. The reason for this is that Hijack This backup files may be deleted if it is being run from a temporary folder. You need to turn off System Restore: http://www.spyware911.net/forum/index.php?showtopic=16 Need to run a trojan scan,click here: http://www.windowsecurity.com/trojanscan/ and then download and scan using this: http://www.emsisoft.com/en/software/free/ Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aflashcounter.com/?a=2 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aflashcounter.com/?a=2 R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [sySP32PE] C:\WINDOWS\sySP32PE.exe O4 - HKLM\..\Run: [symsnt] C:\WINDOWS\symsnt.exe O4 - HKLM\..\Run: [PE64oror] C:\WINDOWS\PE64oror.exe O4 - HKLM\..\Run: [64hh64nt] C:\WINDOWS\64hh64nt.exe O4 - HKLM\..\Run: [orms64] C:\WINDOWS\system32\orms64.exe O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe (trojan) O4 - HKLM\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe O4 - HKLM\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe O4 - HKLM\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe O4 - HKCU\..\Run: [BF203D6B] C:\WINDOWS\system32\3dTRTER.exe O4 - HKCU\..\Run: [EF1A6D5E] C:\WINDOWS\system32\ADAPI3PPM.exe O4 - HKCU\..\Run: [BBE27966] C:\WINDOWS\system32\EDSVIDL.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/198e21f...ip/RdxIE601.cab Restart to safe mode. http://tinyurl.com/3px9 Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK" http://www.spyware911.net/forum/index.php?showtopic=27 Now find and delete these files: C:\WINDOWS\system32\xpsp2fw.exe C:\WINDOWS\system32\3dTRTER.exe Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Reboot Empty the Recycle Bin Then post another log. Liz
__________________ Priority Computers | AdAware SE | SpyBot-Search & Destroy | SpywareBlaster | SpywareGuard | HijackThis | Stealing is illegal Powered by Emily!  |
|
|
|
01-24-2005, 02:53 PM
| #3 (permalink) |
| Monster Techie Join Date: Nov 2004
Posts: 1,346
| Closing thread due to lack of activity. Liz
__________________ Priority Computers | AdAware SE | SpyBot-Search & Destroy | SpywareBlaster | SpywareGuard | HijackThis | Stealing is illegal Powered by Emily! |
|
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
