Jump to content


Photo

trying to follow directions


  • Please log in to reply
26 replies to this topic

#1 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 20 July 2004 - 06:47 PM

i received a window stating "access denied" when I scanned using hijackthis.
I then tried opening the file which was generated using Notepad and again received the window "access denied"
What am I doing wrong?

#2 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 21 July 2004 - 09:39 PM

bump
I'm getting a window that says "access denied" when I'm trying to open the log file from Highjackthis in Notepad.
I'd like to be able to post the results so someone could help me with my highjacked start page. Please.
I'm seeing many entries that aren't listed in "Pacman's List".
I don't want to mess something up by "fixing" them with Highjackthis.

#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 July 2004 - 10:47 PM

No idea - better just start all over.

Please do this.
Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 22 July 2004 - 06:23 PM

bump
You state "Press that, save the log, Ctrl-A to Select All, and copy its contents here". Do you mean to open the log in notepad and then select all of it's contents? I pressed "save log" and the ctrl-a and nothing happened. There was nothing to paste. I did delete my previous download of Highjackthis, opened a new folder and re-downloaded from the link you gave me.

When I try to open the highjacklog.log file a window pops up saying "Access Denied"
Could something be blocking .log files to prevent scrutiny?

#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 22 July 2004 - 08:06 PM

Normally when you ""Press that, save the log," it is automatically opened in Notepad.

I can only guess that HijackThis is unable to open notepad. Where are you running HijackThis from? Is it in C:\HJT\?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#6 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 23 July 2004 - 05:10 PM

I created the folder C/ProgramFiles/HJT
Also, I can open any other .log file just not the highjackthis.log
Should I paste the log into an e-mail for you to review?

#7 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 26 July 2004 - 09:05 PM

bump
Hope you had a nice weekend.
I figured I wouldn't bug you.
Any ideas on why the highjack this .log fie won't give me access?

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 July 2004 - 10:28 PM

Rename the log to something.log, see if notepad can open it then.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 27 July 2004 - 06:23 PM

bump
That didn't work either.
I tried notepad and wordpad.
Still getting message "access is denied"

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 July 2004 - 07:05 PM

When did all this start? Had you just installed something?

Have you rebooted?

If you like you can try emailing me the log as an attachment, send it to This Address If that succeeds then I will post it for you.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 July 2004 - 10:40 PM

It appears that your notepad.exe may be corrupt - you can get a replacement here:
http://www.spywarein...n/winfiles.html

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 28 July 2004 - 06:06 PM

bump
Replaced notepad.exe
Still getting message "access is denied"
As stated previously, I can open any other .log file except the highjackthis.log

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 28 July 2004 - 07:06 PM

Delete everything in your hijackThis folder.
Download it again.
http://www.spywarein.../HijackThis.exe

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 July 2004 - 06:59 PM

I will try that.
I'm leaving on vacation tomorrow.
We'll have to pick this up when I get back.
Thanks for trying to help so far

#15 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 30 July 2004 - 06:57 PM

I deleted all of the highjackthis data.
re-downloaded highjackthis again.
ran the scan.
saved the log.

STILL GETTING WINDOW STATING "ACCESS IS DENIED"

Leaving on vacation. Talk to you in a week.
Hope you can help.

#16 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 09 August 2004 - 08:30 PM

I'm back.
Come up with anything?

#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 August 2004 - 08:49 PM

guyllaura has sent me this email:

I just read where you asked me to send you the log file.
somehow I missed that reply.
anyway, here it is.
You also asked if I had just downloaded something.
Here's what I think happened.
I just bought a new PC.
I had to set up my e-mail with the my service provider.
For their server to recognize my PC I had to disable my firewall.
I forgot to enable it afterwards.
When I turned it back on it asked if I wanted to accept interaction with a few different programs.
I thought they were relatetd to my internet provider or my PC company's update and support web site and didn't pay much attention to what I was doing.
Obviously I got whacked.

with this log attached

Logfile of HijackThis v1.98.0
Scan saved at 6:48:13 PM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\atlrk32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\atlmj32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Documents and Settings\guy\Application Data\ttuh.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cqfcs.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cqfcs.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cqfcs.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cqfcs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cqfcs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cqfcs.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\guy\Application Data\Mozilla\Profiles\default\9fuosbog.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\guy\Application Data\Mozilla\Profiles\default\9fuosbog.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (disabled by BHODemon)
O2 - BHO: (no name) - {B649FD4B-BDCD-72D4-5CE4-D490DFA46F99} - C:\WINDOWS\system32\crxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [atlmj32.exe] C:\WINDOWS\system32\atlmj32.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ipfk32.exe] C:\WINDOWS\system32\ipfk32.exe
O4 - HKLM\..\Run: [javaef32.exe] C:\WINDOWS\system32\javaef32.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [crxy.exe] C:\WINDOWS\system32\crxy.exe
O4 - HKLM\..\RunOnce: [apiao.exe] C:\WINDOWS\system32\apiao.exe
O4 - HKLM\..\RunOnce: [apigs32.exe] C:\WINDOWS\system32\apigs32.exe
O4 - HKLM\..\RunOnce: [appfk32.exe] C:\WINDOWS\system32\appfk32.exe
O4 - HKLM\..\RunOnce: [appfn32.exe] C:\WINDOWS\system32\appfn32.exe
O4 - HKLM\..\RunOnce: [apppu.exe] C:\WINDOWS\apppu.exe
O4 - HKLM\..\RunOnce: [atlme32.exe] C:\WINDOWS\system32\atlme32.exe
O4 - HKLM\..\RunOnce: [atlxb32.exe] C:\WINDOWS\system32\atlxb32.exe
O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\d3ad.exe
O4 - HKLM\..\RunOnce: [d3lu.exe] C:\WINDOWS\system32\d3lu.exe
O4 - HKLM\..\RunOnce: [ieat32.exe] C:\WINDOWS\ieat32.exe
O4 - HKLM\..\RunOnce: [iecv.exe] C:\WINDOWS\system32\iecv.exe
O4 - HKLM\..\RunOnce: [iegg32.exe] C:\WINDOWS\iegg32.exe
O4 - HKLM\..\RunOnce: [ierx.exe] C:\WINDOWS\ierx.exe
O4 - HKLM\..\RunOnce: [ipfq32.exe] C:\WINDOWS\ipfq32.exe
O4 - HKLM\..\RunOnce: [ipla.exe] C:\WINDOWS\ipla.exe
O4 - HKLM\..\RunOnce: [iplk.exe] C:\WINDOWS\system32\iplk.exe
O4 - HKLM\..\RunOnce: [javanl.exe] C:\WINDOWS\javanl.exe
O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\system32\javato.exe
O4 - HKLM\..\RunOnce: [mfcge.exe] C:\WINDOWS\mfcge.exe
O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\mfcpb32.exe
O4 - HKLM\..\RunOnce: [mfcot.exe] C:\WINDOWS\mfcot.exe
O4 - HKLM\..\RunOnce: [netog.exe] C:\WINDOWS\netog.exe
O4 - HKLM\..\RunOnce: [ntay32.exe] C:\WINDOWS\system32\ntay32.exe
O4 - HKLM\..\RunOnce: [ntpz.exe] C:\WINDOWS\system32\ntpz.exe
O4 - HKLM\..\RunOnce: [sdkdm32.exe] C:\WINDOWS\system32\sdkdm32.exe
O4 - HKLM\..\RunOnce: [sdkgz32.exe] C:\WINDOWS\system32\sdkgz32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [sdkoj.exe] C:\WINDOWS\sdkoj.exe
O4 - HKLM\..\RunOnce: [sdkxe.exe] C:\WINDOWS\sdkxe.exe
O4 - HKLM\..\RunOnce: [sysae32.exe] C:\WINDOWS\sysae32.exe
O4 - HKLM\..\RunOnce: [syscj32.exe] C:\WINDOWS\syscj32.exe
O4 - HKLM\..\RunOnce: [syscy32.exe] C:\WINDOWS\syscy32.exe
O4 - HKLM\..\RunOnce: [sysoh.exe] C:\WINDOWS\system32\sysoh.exe
O4 - HKLM\..\RunOnce: [wincg.exe] C:\WINDOWS\wincg.exe
O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\winip32.exe
O4 - HKLM\..\RunOnce: [winmr.exe] C:\WINDOWS\winmr.exe
O4 - HKLM\..\RunOnce: [winnx.exe] C:\WINDOWS\system32\winnx.exe
O4 - HKLM\..\RunOnce: [winor32.exe] C:\WINDOWS\winor32.exe
O4 - HKLM\..\RunOnce: [winuz32.exe] C:\WINDOWS\winuz32.exe
O4 - HKLM\..\RunOnce: [winzb.exe] C:\WINDOWS\system32\winzb.exe
O4 - HKLM\..\RunOnce: [d3hl.exe] C:\WINDOWS\d3hl.exe
O4 - HKLM\..\RunOnce: [apivh.exe] C:\WINDOWS\apivh.exe
O4 - HKLM\..\RunOnce: [d3bs32.exe] C:\WINDOWS\system32\d3bs32.exe
O4 - HKLM\..\RunOnce: [mfcbm.exe] C:\WINDOWS\system32\mfcbm.exe
O4 - HKLM\..\RunOnce: [atllq.exe] C:\WINDOWS\system32\atllq.exe
O4 - HKLM\..\RunOnce: [mfcqe.exe] C:\WINDOWS\system32\mfcqe.exe
O4 - HKLM\..\RunOnce: [addpj32.exe] C:\WINDOWS\system32\addpj32.exe
O4 - HKLM\..\RunOnce: [ielm.exe] C:\WINDOWS\ielm.exe
O4 - HKLM\..\RunOnce: [atlmy32.exe] C:\WINDOWS\system32\atlmy32.exe
O4 - HKLM\..\RunOnce: [appxg32.exe] C:\WINDOWS\system32\appxg32.exe
O4 - HKLM\..\RunOnce: [iejr32.exe] C:\WINDOWS\system32\iejr32.exe
O4 - HKLM\..\RunOnce: [netdd32.exe] C:\WINDOWS\netdd32.exe
O4 - HKLM\..\RunOnce: [sdkhn32.exe] C:\WINDOWS\sdkhn32.exe
O4 - HKLM\..\RunOnce: [iprf32.exe] C:\WINDOWS\iprf32.exe
O4 - HKLM\..\RunOnce: [syszh.exe] C:\WINDOWS\system32\syszh.exe
O4 - HKLM\..\RunOnce: [msoe.exe] C:\WINDOWS\system32\msoe.exe
O4 - HKLM\..\RunOnce: [atlrk32.exe] C:\WINDOWS\system32\atlrk32.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\guy\Application Data\ttuh.exe
O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} (FBViewerCtrl.FBViewer) - https://ohow.netfile...BViewerCtrl.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rdgjetef.exe
O16 - DPF: {11010101-1001-1111-1000-110164567732} - ms-its:mhtml:file://C:MAIN.MHT!http://www.008i.com/...hm::/f10213.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://cl55.biz/tracker/eu_cax.cab
O16 - DPF: {693F0F29-1D1F-4EDF-B5A8-E8852FF195DE} (SEAGULL J Walk Printer Client) - http://gsp5250.ascen...erclient_ie.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 09 August 2004 - 08:55 PM

HOOORRRAAAY!!!
You were able to open it!
Real mess huh?

#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 August 2004 - 09:58 PM

Some knowledgeable people are looking at it now. Help is on the way.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 Psykel

Psykel

    Member

  • Retired Staff
  • Pip
  • 38 posts

Posted 09 August 2004 - 10:08 PM

mmkay step one my friend... I need you to run a little tool, the fix is still new, so I want to make sure it catches everything...

unzip the file and run the GetADS file.. it will create a text file and pop it up... I need you to copy and paste the info into here...

http://tools.zerosrealm.com/GetADS.zip

#21 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 August 2004 - 05:42 PM

This is what I got when I clicked on the getads.bat file.

LADS - Freeware version 4.00
© Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!

Scanning directory C:\WINDOWS\

size ADS in file
---------- ---------------------------------
88 C:\WINDOWS\SchedLgU.Txt:SummaryInformation
0 C:\WINDOWS\SchedLgU.Txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

88 bytes in 2 ADS listed

There was also a lads.exe file with it.
Should I have run that also?
I've become wary of .exe files

#22 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 11 August 2004 - 05:35 PM

I noticed in the previous reply that there was added some anti-virus, firewall and misc. spyware downloads.
I currently have California Associates Firewall and Anti-Virus.
I also have Spybot.
Do I need these programs you listed?

#23 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 18 August 2004 - 05:05 PM

have you given up on me?

#24 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 27 August 2004 - 05:35 PM

Hello??
Anybody there???
Did I do something wrong?

#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 August 2004 - 06:47 PM

Nothing wrong - I'll remind Psykel (he's a very busy person)...

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#26 guylaura

guylaura

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 15 September 2004 - 02:20 PM

Is there anything I can do in the mean time?

#27 Psykel

Psykel

    Member

  • Retired Staff
  • Pip
  • 38 posts

Posted 23 September 2004 - 03:44 PM

Ok, thanks cnm from the reminder, I am a really busy person...

here is what we need to do

first I need you to download two tools

http://www.richardth...iles/adsspy.zip

and

http://tools.zerosre...AboutBuster.zip

unzip them both but don't use them yet.

Next we need to clean up the hjt log,

But I need a new one, there may have been some changes, so if you could do a new scan and post the new log... I have added this thread to my track list so I will know as soon as you post back

Thanks for your patience




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button