CTRL, ALT and WINKEY - Page 4 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 07-11-2004, 11:02 PM   #31 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

here you go heres the link for hijackthis so you dont have to search for it



First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups

example

C:/HJT/hijackthis.exe
C:/hijackthis/hijackthis.exe

next

Click here to download Hijack This. Save it to the folder you have just created

Close all open windows and open HIJACK THIS. Click “Scan”[/b] . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post

Lobos
__________________

__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 07-11-2004, 11:07 PM   #32 (permalink)
Newb Techie
 
Join Date: Jul 2004
Posts: 21
Default

Logfile of HijackThis v1.98.0
Scan saved at 10:05:49 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\My Documents\My eBooks\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/2484/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/2484/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/2484/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/2484/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Admin\Application Data\Mozilla\Profiles\default\6keckcdc.slt\prefs.j s)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F308E776-D7EB-4C66-8CDF-B71FF7D38DFA} - C:\WINDOWS\System32\essent97.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-admin.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-admin.html (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D6CEF6E-E26C-42A8-849B-F87E3A33E4B8}: NameServer = 205.171.3.65 205.171.2.65
__________________

cheano is offline  
Old 07-11-2004, 11:28 PM   #33 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

Hi cheano


Click here to down load CWShredder by Merijn Bellekom, the creator of Hijack This
If you have it already then make sure it is v1.59.1

Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")

--------------------------------------------------------------------------


Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/2484/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/2484/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/2484/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/2484/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/2484/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F308E776-D7EB-4C66-8CDF-B71FF7D38DFA} - C:\WINDOWS\System32\essent97.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-admin.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-admin.html (HKCU)



-----------------------------------------------------------------------------------------------------------------------------------

Restart your computer
empty your recyle bin

Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R327 5.07.2004
by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files


Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.


and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them
Restart your computer


come back Post another log and tell me how you computers running

Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 07-12-2004, 12:28 PM   #34 (permalink)
Newb Techie
 
Join Date: Jul 2004
Posts: 21
Default

Hi
It's stil runing the same way like before exept when I start my computer I have to chouse user but I am only user it wasn't there before do you know haw to disable that?
cheano is offline  
Old 07-14-2004, 07:03 PM   #35 (permalink)
Junior Techie
 
Join Date: Jul 2004
Posts: 55
Default

Go to User Acount and delete other users if you don't want them.
Sashoon is offline  
Old 07-14-2004, 11:22 PM   #36 (permalink)
Ultra Techie
 
Join Date: Nov 2003
Posts: 558
Default

If your Norton's isn't working, you can do a couple of free online scans that will hopefully find any viruses that you have on your computer. They both ask for your email address, but I always give them a fake one out of habit. If you're on a dialup, they'll take a while to load, because they both have to download a small program to your computer.

Trend Micro
http://housecall.trendmicro.com/hous...start_corp.asp

Panda Antivirus
http://www.pandasoftware.com/actives..._principal.htm
__________________
<img src=\"http://gfx.statgfx.com/old/folding.cgi?&username=hilowe&teamid=12864&trans=ye s&template=fah_original&.jpg\" alt=\"www.Statgfx.com\" />
hilowe is offline  
Old 07-15-2004, 07:47 PM   #37 (permalink)
Ultra Techie
 
Join Date: Mar 2004
Posts: 807
Default

cheano, try reading this article.

Ugh... nevermind... doesn't appy to your problemo. sorry.
Lone Wolf is offline  
Old 07-15-2004, 08:03 PM   #38 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

http://support.microsoft.com/default...n-us%3Bq313853

this isn't EXACTLY your problem, but never hurts to check. Oh, and one thing. Be CAREFUL in the registry. ONLY do what it tell you, if you dont know if something should be there or not, dont remove or change it, ask someone here.
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 07-15-2004, 08:06 PM   #39 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

hmm... have you ever flashed the bios or rpl'd the HDD/MBD
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 07-15-2004, 08:09 PM   #40 (permalink)
Junior Techie
 
Join Date: Jul 2004
Posts: 55
Default

What that?
__________________

Sashoon is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:20 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.