|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-08-2005, 04:20 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
Oinadserver problems
Whatever this thing is keeps screwing up my computer. I saw a similar thread and thought i'd ask you guys to help me to. I keep getting server busy errors. I downloaded Ad Aware SE and Hijack This and Spybot. Please help me.
Logfile of HijackThis v1.99.1 Scan saved at 5:44:20 PM, on 4/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\LTMSG.exe C:\Program Files\TizzleTalk\TizzleTalk.exe C:\Program Files\Pbdm\Cvbdff.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Steff\Application Data\anod.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\SYSTEM32\r?gsvr32.exe \Steffroom\c\Program Files\AIM\aim.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Steff\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: CCEZTracksPlugin Object - {3023AF97-870E-476A-B30E-3923DF2B84BD} - C:\Program Files\EZTRACKS\eztracks_ieplug.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {A49B5C70-99C4-993F-BAFA-E49B1AA43BE5} - C:\WINDOWS\system32\lftgaue.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\disks.dll O2 - BHO: (no name) - {E29D3E07-A2BA-A81F-9D28-D9C81F852AB4} - C:\WINDOWS\system32\xtenedz.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [TizzleTalk] C:\Program Files\TizzleTalk\TizzleTalk.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [Aqawm] C:\Program Files\Pbdm\Cvbdff.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe O4 - HKCU\..\Run: [Lias] C:\Documents and Settings\Steff\Application Data\anod.exe O4 - HKCU\..\Run: [Pnmhn] C:\WINDOWS\system32\rgsvr32.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Steff\Local Settings\Temp\{BE9C3510-7769-41A8-8E04-21B64D243953}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Steffroom\c\Program Files\AIM\aim.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {06498E68-F0CD-4912-A992-B0EB2BBDB0A8} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: ComcastHSI - {0EDE75DA-8380-4DD8-AE11-750CBFDD7556} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {4B4582D0-5385-41D0-95C5-6B939994727E} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do.../bridge-c6.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.ez-tracks.com/downloader/...cial/eztdl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - (no file) O20 - Winlogon Notify: disks - C:\WINDOWS\Config\disks.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-08-2005, 08:13 PM
|
#2 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
Hello, and welcome to TSF!
Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds. Download, unzip to your desktop CWShredder and run it, then: 1. Click "Check For Update" (If an update isn't available, skip to step #4.) 2. Click "Click here to Download the upate". 3. When the new version has been downloaded, click "Save". 4. Click "Fix ->" Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Let's look for, and delete, any program segments(prefetches) that might be present, and are associated with the 'problems' we're trying to remove from this system. To do this, let's: 1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders: r?gsvr32.exe* HijackThis.exe* 2) Then if any are found in the 'prefetch' folder, delete them. Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it. Go to Add/Remove programs and remove(uninstall) the following, if present: WinTools The above could appear anywhere within the entry. Be careful not to remove any personal or system software. Run HiJackThis then: 1. Click "Config..." 2. Click "Misc Tools" 3. Click "Open Process manager" - Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following: C:\Program Files\Pbdm\Cvbdff.exe C:\Documents and Settings\Steff\Application Data\anod.exe C:\WINDOWS\SYSTEM32\r?gsvr32.exe C:\DOCUME~1\Steff\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain. Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following: regsvr32 /u eztracks_ieplug.dll regsvr32 /u disks.dll regsvr32 /u xtenedz.dll It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing. Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later. Also move the "Backups" folder, for HiJackThis, if present. =============== Run HiJackThis and click "Scan", then check(tick) the following, if present: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: CCEZTracksPlugin Object - {3023AF97-870E-476A-B30E-3923DF2B84BD} - C:\Program Files\EZTRACKS\eztracks_ieplug.dll O2 - BHO: (no name) - {A49B5C70-99C4-993F-BAFA-E49B1AA43BE5} - C:\WINDOWS\system32\lftgaue.dll (file missing) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\disks.dll O2 - BHO: (no name) - {E29D3E07-A2BA-A81F-9D28-D9C81F852AB4} - C:\WINDOWS\system32\xtenedz.dll O4 - HKLM\..\Run: [Aqawm] C:\Program Files\Pbdm\Cvbdff.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe O4 - HKCU\..\Run: [Lias] C:\Documents and Settings\Steff\Application Data\anod.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c6.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.ez-tracks.com/downloader...ecial/eztdl.cab O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - (no file) O20 - Winlogon Notify: disks - C:\WINDOWS\Config\disks.dll O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) Now, with all windows closed except HiJackThis, click "Fix checked". Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders... C:\Program Files\Pbdm C:\Program Files\EZTRACKS C:\WINDOWS\Config C:\PROGRA~1\COMMON~1\WinTools files... C:\Documents and Settings\Steff\Application Data\anod.exe C:\DOCUME~1\Steff\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe C:\WINDOWS\system32\xtenedz.dll C:\WINDOWS\SpecialOffers.exe - Note that some of these file(s) may or may not be present. [/b]Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. |
|
|
|
|
04-08-2005, 08:14 PM
|
#3 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1 Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/ Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Files highlighted in BLACK will need to be removed from your hard drive. Folders that have been highlighted RED will need to be uninstalled. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager Media Access InstantFinder WinTools Pbdm ----------------------------------------------------------------- Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each one if they are still listed. C:\Program Files\Pbdm\Cvbdff.exe C:\WINDOWS\SpecialOffers.exe C:\Documents and Settings\Steff\Application Data\anod.exe C:\WINDOWS\system32\rgsvr32.exe C:\WINDOWS\SYSTEM32\r?gsvr32.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O2 - BHO: (no name) - {A49B5C70-99C4-993F-BAFA-E49B1AA43BE5} - C:\WINDOWS\system32\lftgaue.dll (file missing) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Config\disks.dll O2 - BHO: (no name) - {E29D3E07-A2BA-A81F-9D28-D9C81F852AB4} - C:\WINDOWS\system32\xtenedz.dll O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [Aqawm] C:\Program Files\Pbdm\Cvbdff.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe O4 - HKCU\..\Run: [Lias] C:\Documents and Settings\Steff\Application Data\anod.exe O4 - HKCU\..\Run: [Pnmhn] C:\WINDOWS\system32\rgsvr32.exe O4 - Startup: PowerReg Scheduler V3.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c6.cab O20 - Winlogon Notify: disks - C:\WINDOWS\Config\disks.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed). C:\Program Files\Media Access C:\Program Files\Pbdm\Cvbdff.exe C:\WINDOWS\SpecialOffers.exe C:\Documents and Settings\Steff\Application Data\anod.exe C:\WINDOWS\system32\rgsvr32.exe C:\WINDOWS\SYSTEM32\r?gsvr32.exe C:\WINDOWS\Config\disks.dll C:\WINDOWS\system32\req.dat C:\PROGRA~1\COMMON~1\WinTools C:\PROGRA~1\INSTANTFINDER ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log......
__________________
Eddy |
|
|
|
|
04-16-2005, 01:45 PM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
Hello
First of all, thanks very much!!! The oinadserve went away. But now i seem to have a new problem. When i'm browsing the web, sometimes i can't click on links. It happens a lot and on things i could previously access. WHen i click on a link, the cursor turns to the hour glass for awhile (and i have high speed) then the screen goes blank and eventually it comes up with the same page i was already on. I've been cleaning with Adaware se and cw shredder. I also have Trojan Hunter enabled. When you guys help me, i would appreciate it if you sent me Urls to download stuff instead of putting links ;)Here is my hijack log: Logfile of HijackThis v1.99.1 Scan saved at 3:37:49 PM, on 4/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\LTMSG.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Support - {06498E68-F0CD-4912-A992-B0EB2BBDB0A8} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: ComcastHSI - {0EDE75DA-8380-4DD8-AE11-750CBFDD7556} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {4B4582D0-5385-41D0-95C5-6B939994727E} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) |
|
|
|
|
04-16-2005, 06:51 PM
|
#5 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Run HJT and fix these items...Delete the hightlighted files and the (red) folder if still there.You have three Internet Explorers running.Close two down.
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
__________________
Eddy |
|
|
|
|
04-16-2005, 11:28 PM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
Thanks for getting back to me so soon. I followed your instructions but the problem remains. I found out that when i fix stuff in Hj, it just comes back. I even deleted my back ups, my temp folder, my temporary internet files and that other folder you access by going to run: %temp%. I don't know how to fully get rid of them and i still can't open links
|
|
|
|
|
04-16-2005, 11:46 PM
|
#7 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
here's my hj log:
Logfile of HijackThis v1.99.1 Scan saved at 1:45:33 AM, on 4/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\LTMSG.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\WINDOWS\System32\alg.exe \Steffroom\c\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Steffroom\c\Program Files\AIM\aim.exe (file missing) O9 - Extra button: Support - {06498E68-F0CD-4912-A992-B0EB2BBDB0A8} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: ComcastHSI - {0EDE75DA-8380-4DD8-AE11-750CBFDD7556} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {4B4582D0-5385-41D0-95C5-6B939994727E} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) |
|
|
|
|
04-17-2005, 01:19 AM
|
#8 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Download KillBox (v2.0.0.76) . Paste the full file path in the box and click on "Delete on Reboot". Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "No" When all files have been entered (one by one) then click "Yes"and post a new log when you have rebooted.
C:\WINDOWS\system32\req.dat C:\WINDOWS\Registration\acun.dll
__________________
Eddy |
|
|
|
|
04-17-2005, 03:39 PM
|
#9 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
Logfile of HijackThis v1.99.1
Scan saved at 5:39:06 PM, on 4/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\LTMSG.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Support - {06498E68-F0CD-4912-A992-B0EB2BBDB0A8} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: ComcastHSI - {0EDE75DA-8380-4DD8-AE11-750CBFDD7556} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {4B4582D0-5385-41D0-95C5-6B939994727E} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) |
|
|
|
|
04-17-2005, 06:05 PM
|
#10 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Run HJT and fix these items and check that the ucun.dll file is deleted.
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat (file missing) O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
__________________
Eddy |
|
|
|
|
04-17-2005, 08:12 PM
|
#11 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 10
OS: Win XP
|
The acun.dll file still won't delete. When i followed your instructions for pocket killbox when i type in C:\WINDOWS\Registration\acun.dll i get a box saying "PendingFileRenameOperations Regristry Data has been removed by External Process."
New log file: Logfile of HijackThis v1.99.1 Scan saved at 10:11:45 PM, on 4/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\LTMSG.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\Program Files\LimeWire\LimeWire.exe \Steffroom\c\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Registration\acun.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Steffroom\c\Program Files\AIM\aim.exe (file missing) O9 - Extra button: Support - {06498E68-F0CD-4912-A992-B0EB2BBDB0A8} - http://www.comcastsupport.com (file missing) (HKCU) O9 - Extra button: ComcastHSI - {0EDE75DA-8380-4DD8-AE11-750CBFDD7556} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {4B4582D0-5385-41D0-95C5-6B939994727E} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O20 - Winlogon Notify: acun - C:\WINDOWS\Registration\acun.dll O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing) |
|
|
|
|
04-17-2005, 08:26 PM
|
#12 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Download rkfiles
Unzip the files to a folder of its own. It needs to be run in safe mode for it to work correctly. REBOOT INTO SAFE MODE...--> How to reboot to Safe Mode -->(reboot and tap F8 immediately after BIOS screen ( the Bios screen is the first black and white screen you see)....choose Safe Mode from menu) Reboot into safe mode......Open the folder and run the RKFILES.BAT It will take 10 minutes or so.....when the the text opens, with the results, save and copy the log. The output will be displayed and saved in c:\log.txt. Run HijackThis in Safe mode and make a new HT log, too please. Reboot computer back to a normal mode and post the C:\Log.txt please and the hijackthis log made in safe mode.
__________________
Eddy |
|
|
|
| Thread Tools | |
|
|
