Jump to content


Photo

NEED MAJOR HELP ASAP PLEASE READ!


  • Please log in to reply
16 replies to this topic

#1 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 05:45 PM

hey guys im very computer illiterate and i need help. i think i have some virus or spyware problems or something bc anytime i try to log onto the internet it shuts me down immediately. so what i did was did a norton update which i was able to do before it shut me down but this virus RUNDLL message keeps coming up and i have this all about searching toolbar crap and i cant get it off. i dont know how long the comp will let me type before shutting off again.

can someone PLEASE HELP ME.

#2 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 06:06 PM

hey guys im very computer illiterate and i need help. i think i have some virus or spyware problems or something bc anytime i try to log onto the internet it shuts me down immediately. so what i did was did a norton update which i was able to do before it shut me down but this virus RUNDLL message keeps coming up and i have this all about searching toolbar crap and i cant get it off. i dont know how long the comp will let me type before shutting off again.

can someone PLEASE HELP ME.

#3 tennisjump

tennisjump

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 25 May 2004 - 07:10 PM

download adaware and spybot first off and that should get rid of some of your stuff

#4 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 07:26 PM

hi can u link me? i dont know where to download that stuff.

#5 Colossus

Colossus

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 May 2004 - 07:30 PM

Hey, here's a link to a good spyware killer site. Just copy and paste

http://www.siena.edu.../hijackthis.htm

Hope it helps.

#6 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 25 May 2004 - 07:43 PM

can anyone help me on what to delete with this log?

Logfile of HijackThis v1.97.7
Scan saved at 8:42:26 PM, on 05/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\windows\system32\pcs\pcsvc.exe
C:\HP Scanjet 3300c\hpupdate.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\windows\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\AXWFC068\hjtlog[1].exe
c:\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: Less Defy Fork - {6AD5FCD8-437C-2CAB-A9A7-FC0117D25F6D} - C:\PROGRA~1\GRAMAI~1\Dogcash.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7813.9611921296
O16 - DPF: {A587DAFF-DE03-4721-90CD-44BA8F047A03} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

#7 ghost2003

ghost2003

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 25 May 2004 - 08:46 PM

Try booting in safe mode (hold F8 when you start your computer untill you see a menu) if you are using XP choose safemode with networking. There you should not be bothered with the virus and can do what you want( or should be able to) if you are using XP go run housecall at housecall.trendmicro.com and remove all it finds. Get spybot at www.safer-networking.org and adaware www.lavasoftusa.com and update then, then run them and remove all they find. After also run CWShredder just to be safe from www.spywareinfo.com/~merijn and if you still have problems post a hijackthis log, get it at the same place as CWShredder.

Edited by ghost2003, 25 May 2004 - 08:46 PM.


#8 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 May 2004 - 12:26 PM

bump can someone help me with this log?

#9 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 May 2004 - 03:44 PM

Logfile of HijackThis v1.97.7
Scan saved at 8:42:26 PM, on 05/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\windows\system32\pcs\pcsvc.exe
C:\HP Scanjet 3300c\hpupdate.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\windows\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\AXWFC068\hjtlog[1].exe
c:\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: Less Defy Fork - {6AD5FCD8-437C-2CAB-A9A7-FC0117D25F6D} - C:\PROGRA~1\GRAMAI~1\Dogcash.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7813.9611921296
O16 - DPF: {A587DAFF-DE03-4721-90CD-44BA8F047A03} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

#10 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 July 2004 - 12:01 PM

i can't get these toolbars off my PC and im not sure how to do it with that hijack this stuff. can anyone here please help me?

#11 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 26 July 2004 - 12:12 PM

Logfile of HijackThis v1.98.0
Scan saved at 1:10:43 PM, on 07/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\windows\system32\pcs\pcsvc.exe
C:\HP Scanjet 3300c\hpupdate.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\ntvdm.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\8HMRCXIJ\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {84E1134F-517B-084B-9374-E37153BC7635} - C:\PROGRA~1\GRAMAI~1\LONG BLEH.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [UploadMagsBlueVga] C:\Documents and Settings\All Users\Application Data\Army idol upload mags\Store Bind.exe
O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat.soapoper...va/cfs31235.cab
O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O20 - AppInit_DLLs: APITRAP.DLL

#12 picard_uk

picard_uk

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,654 posts

Posted 27 July 2004 - 08:13 AM

Hi Louisa77,

Welcome to the forums. I'm taking a look at your log. I'll post a reply ASAP.

picard.
Every day's a school day....

I offer my services in these forums as a volunteer.
You can help support these forums.



ASAP member since 2005 Alliance of Security Analysis Professionals

#13 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 July 2004 - 06:53 PM

please ty bc im desperate here.these toolbars r slowing down my pc.

#14 picard_uk

picard_uk

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,654 posts

Posted 28 July 2004 - 01:36 AM

Hello Louisa77,

You might want to print this page, it will act as a checklist and as a reference for when you close browser windows.

First I'd like you to download all critical patches for your operating system and Internet Explorer. An unpatched system will always be vulnerable to attack.
http://v4.windowsupd.../en/default.asp.

Next, I'd recommend getting at least a couple of online scans. Let them fix whatever they find.

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
http://www.bitdefend...can/licence.php

Now, I'd like you to download a couple of free programs that will help to clean your system up.

Download and Install Spybot S&D, accepting the Default Settings
(Please ensure you have version 1.3 final.)
Home - The home of Spybot-S&D!: http://www.safer-networking.org/
Here is a nice Tutorial http://www.safer-net...p?page=tutorial

Go to Start > Programs >Spybot - Search & Destroy and choose Spybot S&D
Close ALL windows except Spybot S&D
Click the button to ‘Search for Updates’ and download and install the Updates.
Next click the button ‘Check for Problems’

When Spybot is complete, it will be showing 'RED' entries ‘BLACK’ entries and ‘GREEN’ entries in the window
Ensure there is a check mark beside the RED entries ONLY.
Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

REBOOT.


Ad-Aware:(standard version is free)
(please ensure you have version 6 build 6. 181)
Downloads - Support - Lavasoft#free:http://www.lavasoftu...pport/download/
Ad-Aware tutorial http://www.lavahelp....scan/index.html

The following explains how to set Ad-aware settings to perform a "Full Scan."
And some settings that should be made prior to using the first time.
Click on the World icon, select Connect and let Ad-Aware get the latest reference file.

Click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning

In Cleaning Engine:
Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot

UNCHECK Automatically try to unregister objects prior to deletion

Click Proceed to save these settings.
Now press "check for updates Now" Always check before scanning.
Click start [x] choose use default scanning options
click next and let it fix anything it finds

Reboot.

Lastly, please move HiJackThis to a permanent folder. I use C:\HiJackThis, but feel free to use any folder name you choose. Run HiJackThis and post a fresh log file.

picard.
Every day's a school day....

I offer my services in these forums as a volunteer.
You can help support these forums.



ASAP member since 2005 Alliance of Security Analysis Professionals

#15 Louisa77

Louisa77

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 July 2004 - 12:59 PM

i tried to do what u asked and this is my log. i hope you can help me.

Logfile of HijackThis v1.98.0
Scan saved at 1:56:20 PM, on 07/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\windows\system32\pcs\pcsvc.exe
C:\HP Scanjet 3300c\hpupdate.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AIM95\aim.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThisNEW..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com.../www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dilzmwlbgzvse...ylCGjkxbj/1.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll (file missing)
O2 - BHO: (no name) - {84E1134F-517B-084B-9374-E37153BC7635} - C:\PROGRA~1\GRAMAI~1\MANAGERDUPE.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe
O4 - HKLM\..\Run: [UploadMagsBlueVga] C:\Documents and Settings\All Users\Application Data\Army idol upload mags\Programford.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat.soapoper...va/cfs31235.cab
O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O20 - AppInit_DLLs: APITRAP.DLL

#16 picard_uk

picard_uk

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,654 posts

Posted 29 July 2004 - 01:12 PM

Hi Louisa77,

I'll get back with a reply ASAP.

picard.
Every day's a school day....

I offer my services in these forums as a volunteer.
You can help support these forums.



ASAP member since 2005 Alliance of Security Analysis Professionals

#17 picard_uk

picard_uk

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,654 posts

Posted 04 August 2004 - 02:21 PM

Hi Louisa77,

Just to let you know, I'm not ignoring you. But as you can see, the forums are really busy.
As a trainee, I have to wait for approval from a moderator before I post and they are even busier than the rest of the forum.

picard.

*Edit for content

Edited by picard_uk, 04 August 2004 - 04:57 PM.

Every day's a school day....

I offer my services in these forums as a volunteer.
You can help support these forums.



ASAP member since 2005 Alliance of Security Analysis Professionals




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button