Tech Support Forum - View Single Post - Numerous problems including slow system and ATI driver not working

Ried · 11-27-2006, 10:16 AM

Hello Lee,

Your version of HijackThis is terribly outdated and there very likely is additional malware present that this version is not revealing. We'll begin with what I do see.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please make sure you have an ACTIVE internet connection as the tool will need to download additional files and a program.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it.
Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin: Please follow the prompts.
You will be asked to reboot your compute: Please do so.
Your system may take longer than usual to load and this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

--------------------------------

Run HijackThis. Click "Do a System Scan Only" , and place a check next to the following items:

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...9_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01C54F6B-93AD-471F-AB71-FAC17F943933}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C88406B-B7D0-4BA9-8AF4-DDA71CECCE60}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{A54FDE89-183A-49F7-BF8D-7D8B26E3BE38}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DA1C3A-A0EF-4ACA-973B-900E1C145BB0}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3495A3A-F8F7-4DFC-BC85-503216D8073A}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC277122-21D6-4838-A675-6CE71BA26A85}: NameServer = 85.255.114.94,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132

Click FIX CHECKED. Close HijackThis.

--------------------------------

You are using an outdated version of HijackThis. The newest version has features that will be more helpful in revealing any malware that may be present as well as cleaning up your system.

Please delete your current version and download HijackThis 1.99.1. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.

Please include the following in your next reply:

c:\fixwareout\report.txt
New HijackThis log

11-27-2006, 10:16 AM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,938 OS: WinXP and Vista	Hello Lee, Your version of HijackThis is terribly outdated and there very likely is additional malware present that this version is not revealing. We'll begin with what I do see. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please make sure you have an ACTIVE internet connection as the tool will need to download additional files and a program. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click *"Next",* then Install, make sure *"Run fixit"* is checked and click Finish. The fix will begin: Please follow the prompts. You will be asked to reboot your compute: Please do so. Your system may take longer than usual to load and this is normal. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again. -------------------------------- Run HijackThis. Click "Do a System Scan Only" , and place a check next to the following items: O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓÆµ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...9_20060727.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{01C54F6B-93AD-471F-AB71-FAC17F943933}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{8C88406B-B7D0-4BA9-8AF4-DDA71CECCE60}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{A54FDE89-183A-49F7-BF8D-7D8B26E3BE38}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DA1C3A-A0EF-4ACA-973B-900E1C145BB0}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3495A3A-F8F7-4DFC-BC85-503216D8073A}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC277122-21D6-4838-A675-6CE71BA26A85}: NameServer = 85.255.114.94,85.255.112.132 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132 Click FIX CHECKED. Close HijackThis. -------------------------------- You are using an outdated version of HijackThis. The newest version has features that will be more helpful in revealing any malware that may be present as well as cleaning up your system. Please delete your current version and download HijackThis 1.99.1. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\ Double click on HijackThis.exe** to run the program. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. Please include the following in your next reply: c:\fixwareout\report.txt New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."