• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Nagstaku

HJT log plz help

8 posts in this topic

I just installed XP and I went surfing for about 2 hours before i got to installing AV and performing the updates, and somehow ive gotten infected. Please check over my log and tell me what should and shouldn't be there. Im going to a lan tommorrow at 7 (PDXLAN w00t) so id be grateful if this could get resolved before then. Thanks for helping out, you guys do a good thing.

 

Nagstaku

Share this post


Link to post
Share on other sites

Hi,Nagstaku

 

You could post a HJT Logfile here so they may have a.

look at it for you but please do not remove any items

 

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Some info

 

Download then save the file/install to a new folder called HijackThis or something similar, not your Desktop or the Temp folder, and double click on the "HijackThis" icon.

and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log somewhere, then post it here in a reply

 

Gday

Share this post


Link to post
Share on other sites

haha, i cant believe i forgot to post the log. hehe, didn't think anybody would reply this fast either. maybe i can get a reply at 3 am lol.

 

Logfile of HijackThis v1.98.0

Scan saved at 2:46:36 AM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Nagistakee\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

 

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

O4 - HKLM\..\Run: [system Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

 

umm.... goodluck!

Share this post


Link to post
Share on other sites

Hi,Nagstaku

 

Try running HJT again your Logfile looks odd make sure

you have no Explorer windows open just run HJT

 

Gday :bounce:

Share this post


Link to post
Share on other sites

is this any better?

 

Logfile of HijackThis v1.98.0

Scan saved at 3:03:17 AM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\Nagistakee\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

 

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

O4 - HKLM\..\Run: [system Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Share this post


Link to post
Share on other sites

Hi,Nagstaku

 

Here is what i see but please hold tell someone gives you the ok

not sure if they would like me telling you what to remove

 

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll

 

O4 - HKLM\..\Run: [system Service] C:\WINDOWS\System32\msrexe.exe<--maybe a Virus

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

& i would also do this here

 

Symantec

TrendMicro

A2 Trojan Scan

 

Gday :bounce:

Share this post


Link to post
Share on other sites

Alright, i guess ill have to wait. If i cant get a reply before the lan i might try it anyways, cause i always have the option of reinstall if i dont get it working. Hope i get a reply soon, thx pplz.

Share this post


Link to post
Share on other sites

Im actually gonna make a new topic for the log since you weren't sure about it and i dont want anyone skipping over it because they see the reply's. Im not sure if this good for the forums.. :unsure: but i doubt its a problem.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0