• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
piperh

PiperH's Log File

11 posts in this topic

Logfile of HijackThis v1.97.3

Scan saved at 2:14:33 AM, on 6/20/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE

C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\PROGRA~1\WinZip\winzip32.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/MIZ075.p...&city=Ann+Arbor

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE"

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 2:20:47 AM, on 6/20/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE

C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\WINNT\notepad.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/MIZ075.p...&city=Ann+Arbor

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE"

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Share this post


Link to post
Share on other sites

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 400000 253952 C:\WINNT\Explorer.EXE 5.00.3700.6690 Windows Explorer

ntdll.dll 77f80000 512000 C:\WINNT\system32\ntdll.dll 5.00.2195.6899 NT Layer DLL

ADVAPI32.DLL 7c2d0000 401408 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.6876 Advanced Windows 32 Base API

KERNEL32.DLL 7c570000 753664 C:\WINNT\system32\KERNEL32.DLL 5.00.2195.6897 Windows NT BASE API Client DLL

RPCRT4.DLL 77d30000 462848 C:\WINNT\system32\RPCRT4.DLL 5.00.2195.6904 Remote Procedure Call Runtime

GDI32.DLL 77f40000 253952 C:\WINNT\system32\GDI32.DLL 5.00.2195.6898 GDI Client DLL

USER32.DLL 77e10000 413696 C:\WINNT\system32\USER32.DLL 5.00.2195.6897 Windows 2000 USER API Client DLL

SHLWAPI.DLL 70a70000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library

msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft ® C Runtime Library

COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library

shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.6717 Shim Engine DLL

AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.6717 Windows 2000 Shim Accessory DLL

WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL 5.00.2195.6601 Windows Socket 2.0 32-Bit DLL

WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT

OLE32.DLL 77a50000 978944 C:\WINNT\system32\OLE32.DLL 5.00.2195.6906 Microsoft OLE for Windows

SHELL32.dll 782f0000 2392064 C:\WINNT\system32\SHELL32.dll 5.00.3700.6705 Windows Shell Common Dll

tabhook.dll 10000000 53248 C:\WINNT\System32\tabhook.dll 4.56-6 TabHook

CLBCATQ.DLL 775a0000 589824 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3511.0

OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522

cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI

CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent

SHDOCVW.DLL fa0000 1347584 C:\WINNT\system32\SHDOCVW.DLL 6.00.2800.1400 Shell Doc Object and Control Library

browseui.dll 71500000 1036288 C:\WINNT\system32\browseui.dll 6.00.2800.1400 Shell Browser UI Library

USERENV.DLL 7c0f0000 397312 C:\WINNT\system32\USERENV.DLL 5.00.2195.6794 Userenv

ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing

ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)

NETAPI32.DLL 75170000 323584 C:\WINNT\system32\NETAPI32.DLL 5.00.2195.6897 Net Win32 API DLL

SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL 5.00.2195.6695 Security Support Provider Interface

NETRAP.DLL 751c0000 24576 C:\WINNT\system32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL

SAMLIB.DLL 75150000 61440 C:\WINNT\system32\SAMLIB.DLL 5.00.2195.6897 SAM Library DLL

WLDAP32.DLL 77950000 172032 C:\WINNT\system32\WLDAP32.DLL 5.00.2195.6666 Win32 LDAP API DLL

DNSAPI.DLL 77980000 147456 C:\WINNT\system32\DNSAPI.DLL 5.00.2195.6824 DNS Client API DLL

WSOCK32.DLL 75050000 32768 C:\WINNT\system32\WSOCK32.DLL 5.00.2195.6603 Windows Socket 32-Bit DLL

MPR.DLL 76620000 65536 C:\WINNT\system32\MPR.DLL 5.00.2195.6824 Multiple Provider Router DLL

nwprovau.dll 699d0000 151552 C:\WINNT\System32\nwprovau.dll 5.00.2195.6610 Client Service for NetWare Provider and Authentication Package DLL

ntlanman.dll 75160000 49152 C:\WINNT\System32\ntlanman.dll 5.00.2195.6601 Microsoft® Lan Manager

NETUI0.DLL 75210000 86016 C:\WINNT\System32\NETUI0.DLL 5.00.2195.6601 NT LM UI Common Code - GUI Classes

NETUI1.DLL 751d0000 229376 C:\WINNT\System32\NETUI1.DLL 5.00.2134.1 NT LM UI Common Code - Networking classes

NETSHELL.dll 76f20000 487424 C:\WINNT\system32\NETSHELL.dll 5.00.2195.6604 Network Connections Shell

MSI.DLL 1660000 2113536 C:\WINNT\system32\MSI.DLL 2.0.2600.1183 Windows Installer

webcheck.dll 70340000 266240 C:\WINNT\system32\webcheck.dll 6.00.2800.1106 Web Site Monitor

stobject.dll 766d0000 98304 C:\WINNT\system32\stobject.dll 5.00.2195.6601 Systray shell service object

BATMETER.DLL 76740000 32768 C:\WINNT\system32\BATMETER.DLL 5.00.3502.6601 Battery Meter Helper DLL

SETUPAPI.DLL 77880000 581632 C:\WINNT\system32\SETUPAPI.DLL 5.00.2195.6622 Windows Setup API

POWRPROF.DLL 766f0000 28672 C:\WINNT\system32\POWRPROF.DLL 5.00.3502.6601 Power Profile Helper DLL

WINMM.DLL 77570000 196608 C:\WINNT\system32\WINMM.DLL 5.00.2161.1 MCI API DLL

RASAPI32.dll 774e0000 208896 C:\WINNT\system32\RASAPI32.dll 5.00.2195.6625 Remote Access API

RASMAN.DLL 774c0000 69632 C:\WINNT\system32\RASMAN.DLL 5.00.2195.6738 Remote Access Connection Manager

TAPI32.DLL 77530000 139264 C:\WINNT\system32\TAPI32.DLL 5.00.2195.6664 Microsoft® Windows Telephony API Client DLL

RTUTILS.DLL 77830000 57344 C:\WINNT\system32\RTUTILS.DLL 5.00.2168.1 Routing Utilities

wininet.dll 63000000 614400 C:\WINNT\system32\wininet.dll 6.00.2800.1405 Internet Extensions for Win32

CRYPT32.dll 7c740000 552960 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6824 Crypto API32

MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2195.6905 ASN.1 Runtime APIs

wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv 5.00.2195.6673 WDM Audio driver mapper

msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper

MSACM32.dll 77410000 77824 C:\WINNT\system32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter

ctagent.dll 29a0000 65536 C:\WINNT\system32\ctagent.dll 1, 0, 0, 3 ctagent

shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library

CfgMgr32.dll 770b0000 28672 C:\WINNT\system32\CfgMgr32.dll 5.00.2134.1 Configuration Manager Forwarder DLL

LINKINFO.DLL 76710000 36864 C:\WINNT\system32\LINKINFO.DLL 5.00.2134.1 Windows Volume Tracking

docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2

MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2195.6612 Microsoft Video for Windows DLL

AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2195.6612 Microsoft AVI File support library

faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider

WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WinZip\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL

VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries

LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL

urlmon.dll 1a400000 499712 C:\WINNT\system32\urlmon.dll 6.00.2800.1400 OLE32 Extensions for Win32

mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3502.6601 My Documents Folder UI

PSICON.DLL 44e0000 114688 C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL 6.0 Icons for Adobe Photoshop

Module information for 'explorer.exe'

MODULE BASE SIZE PATH

explorer.exe 400000 253952 C:\WINNT\explorer.exe 5.00.3700.6690 Windows Explorer

ntdll.dll 77f80000 512000 C:\WINNT\system32\ntdll.dll 5.00.2195.6899 NT Layer DLL

ADVAPI32.DLL 7c2d0000 401408 C:\WINNT\system32\ADVAPI32.DLL 5.00.2195.6876 Advanced Windows 32 Base API

KERNEL32.DLL 7c570000 753664 C:\WINNT\system32\KERNEL32.DLL 5.00.2195.6897 Windows NT BASE API Client DLL

RPCRT4.DLL 77d30000 462848 C:\WINNT\system32\RPCRT4.DLL 5.00.2195.6904 Remote Procedure Call Runtime

GDI32.DLL 77f40000 253952 C:\WINNT\system32\GDI32.DLL 5.00.2195.6898 GDI Client DLL

USER32.DLL 77e10000 413696 C:\WINNT\system32\USER32.DLL 5.00.2195.6897 Windows 2000 USER API Client DLL

SHLWAPI.DLL 70a70000 413696 C:\WINNT\system32\SHLWAPI.DLL 6.00.2800.1400 Shell Light-weight Utility Library

msvcrt.dll 78000000 282624 C:\WINNT\system32\msvcrt.dll 6.10.9844.0 Microsoft ® C Runtime Library

COMCTL32.DLL 71710000 540672 C:\WINNT\system32\COMCTL32.DLL 5.81 Common Controls Library

shim.dll 732e0000 151552 C:\WINNT\system32\shim.dll 5.00.2195.6717 Shim Engine DLL

AcLayers.DLL 23000000 352256 C:\WINNT\AppPatch\AcLayers.DLL 5.00.2195.6717 Windows 2000 Shim Accessory DLL

WS2_32.DLL 75030000 81920 C:\WINNT\system32\WS2_32.DLL 5.00.2195.6601 Windows Socket 2.0 32-Bit DLL

WS2HELP.DLL 75020000 32768 C:\WINNT\system32\WS2HELP.DLL 5.00.2134.1 Windows Socket 2.0 Helper for Windows NT

OLE32.DLL 77a50000 978944 C:\WINNT\system32\OLE32.DLL 5.00.2195.6906 Microsoft OLE for Windows

BROWSEUI.DLL 71500000 1036288 C:\WINNT\system32\BROWSEUI.DLL 6.00.2800.1400 Shell Browser UI Library

SHELL32.dll 782f0000 2392064 C:\WINNT\system32\SHELL32.dll 5.00.3700.6705 Windows Shell Common Dll

tabhook.dll 10000000 53248 C:\WINNT\System32\tabhook.dll 4.56-6 TabHook

SHDOCVW.dll 990000 1347584 C:\WINNT\system32\SHDOCVW.dll 6.00.2800.1400 Shell Doc Object and Control Library

CLBCATQ.DLL 775a0000 589824 C:\WINNT\system32\CLBCATQ.DLL 2000.2.3511.0

OLEAUT32.dll 779b0000 634880 C:\WINNT\system32\OLEAUT32.dll 2.40.4522

cscui.dll 77840000 253952 C:\WINNT\system32\cscui.dll 5.00.2195.6705 Client Side Caching UI

CSCDLL.DLL 770c0000 143360 C:\WINNT\system32\CSCDLL.DLL 5.00.2195.6713 Offline Network Agent

browselc.dll 71960000 73728 C:\WINNT\system32\browselc.dll 6.00.2800.1106 Shell Browser UI Library

WININET.dll 63000000 614400 C:\WINNT\system32\WININET.dll 6.00.2800.1405 Internet Extensions for Win32

CRYPT32.dll 7c740000 552960 C:\WINNT\system32\CRYPT32.dll 5.131.2195.6824 Crypto API32

MSASN1.DLL 77430000 65536 C:\WINNT\system32\MSASN1.DLL 5.00.2195.6905 ASN.1 Runtime APIs

urlmon.dll 1a400000 499712 C:\WINNT\system32\urlmon.dll 6.00.2800.1400 OLE32 Extensions for Win32

VERSION.dll 77820000 28672 C:\WINNT\system32\VERSION.dll 5.00.2195.6623 Version Checking and File Installation Libraries

LZ32.DLL 759b0000 24576 C:\WINNT\system32\LZ32.DLL 5.00.2195.6611 LZ Expand/Compress API DLL

mlang.dll 70440000 585728 C:\WINNT\system32\mlang.dll 6.00.2800.1106 Multi Language Support DLL

mshtml.dll 63580000 2818048 C:\WINNT\system32\mshtml.dll 6.00.2800.1400 Microsoft ® HTML Viewer

ctagent.dll 1e40000 65536 C:\WINNT\system32\ctagent.dll 1, 0, 0, 3 ctagent

shdoclc.dll 718c0000 540672 C:\WINNT\system32\shdoclc.dll 6.00.2800.1106 Shell Doc Object and Control Library

MSLS31.DLL 75ac0000 163840 C:\WINNT\system32\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file

IMM32.DLL 75e60000 106496 C:\WINNT\system32\IMM32.DLL 5.00.2195.6655 Windows 2000 IMM32 API Client DLL

webvw.dll 658f0000 1130496 C:\WINNT\System32\webvw.dll 5.00.2920.0000 Shell WebView Content & Control Library

docprop2.dll 71f00000 315392 C:\WINNT\System32\docprop2.dll 5.00.2178.1 DocProp2

WINMM.DLL 77570000 196608 C:\WINNT\System32\WINMM.DLL 5.00.2161.1 MCI API DLL

MSVFW32.DLL 6a8f0000 131072 C:\WINNT\System32\MSVFW32.DLL 5.00.2195.6612 Microsoft Video for Windows DLL

AVIFIL32.DLL 74870000 90112 C:\WINNT\System32\AVIFIL32.DLL 5.00.2195.6612 Microsoft AVI File support library

MSACM32.dll 77410000 77824 C:\WINNT\System32\MSACM32.dll 5.00.2134.1 Microsoft ACM Audio Filter

faxshell.dll 70020000 20480 C:\WINNT\system32\faxshell.dll 5.00.2134.1 Fax Tiff Data Column Provider

mydocs.dll 76df0000 69632 C:\WINNT\system32\mydocs.dll 5.00.3502.6601 My Documents Folder UI

imgutil.dll 70510000 40960 C:\WINNT\system32\imgutil.dll 6.00.2800.1106 IE plugin image decoder support DLL

ntshrui.dll 76fa0000 61440 C:\WINNT\system32\ntshrui.dll 5.00.2134.1 Shell extensions for sharing

ATL.DLL 773e0000 86016 C:\WINNT\system32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)

NETAPI32.DLL 75170000 323584 C:\WINNT\system32\NETAPI32.DLL 5.00.2195.6897 Net Win32 API DLL

SECUR32.DLL 7c340000 61440 C:\WINNT\system32\SECUR32.DLL 5.00.2195.6695 Security Support Provider Interface

NETRAP.DLL 751c0000 24576 C:\WINNT\system32\NETRAP.DLL 5.00.2134.1 Net Remote Admin Protocol DLL

SAMLIB.DLL 75150000 61440 C:\WINNT\system32\SAMLIB.DLL 5.00.2195.6897 SAM Library DLL

WLDAP32.DLL 77950000 172032 C:\WINNT\system32\WLDAP32.DLL 5.00.2195.6666 Win32 LDAP API DLL

DNSAPI.DLL 77980000 147456 C:\WINNT\system32\DNSAPI.DLL 5.00.2195.6824 DNS Client API DLL

WSOCK32.DLL 75050000 32768 C:\WINNT\system32\WSOCK32.DLL 5.00.2195.6603 Windows Socket 32-Bit DLL

USP10.DLL 66650000 344064 C:\WINNT\system32\USP10.DLL 1.0325.2195.6692 Uniscribe Unicode script processor

wdmaud.drv 77560000 32768 C:\WINNT\system32\wdmaud.drv 5.00.2195.6673 WDM Audio driver mapper

msacm32.drv 77400000 32768 C:\WINNT\system32\msacm32.drv 5.00.2134.1 Microsoft Sound Mapper

msadp32.acm 75d40000 24576 C:\WINNT\system32\msadp32.acm 5.00.2134.1 Microsoft ADPCM CODEC for MSACM

MSI.DLL 2bc0000 2113536 C:\WINNT\system32\MSI.DLL 2.0.2600.1183 Windows Installer

RASAPI32.dll 774e0000 208896 C:\WINNT\system32\RASAPI32.dll 5.00.2195.6625 Remote Access API

RASMAN.DLL 774c0000 69632 C:\WINNT\system32\RASMAN.DLL 5.00.2195.6738 Remote Access Connection Manager

TAPI32.DLL 77530000 139264 C:\WINNT\system32\TAPI32.DLL 5.00.2195.6664 Microsoft® Windows Telephony API Client DLL

RTUTILS.DLL 77830000 57344 C:\WINNT\system32\RTUTILS.DLL 5.00.2168.1 Routing Utilities

Share this post


Link to post
Share on other sites

This problem is still with me. I am being directed to an ewizards homepage and search page when I leave my computer running for so many hours. So I'm thinking it's one of those sneeky dll sort of problems, but I've downloaded the new versions of everything and they keep cleaning suff up when I run them, but then hours later I have problems again. Zero was looking at this and advising me at one point last night, but couldn't figure it out, so suggested asking for additional help. Here is my newest Log File from HijackThis..

 

thanks

 

Piper

 

Logfile of HijackThis v1.97.7

Scan saved at 3:43:32 AM, on 6/21/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE

C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/MIZ075.p...&city=Ann+Arbor

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE"

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8158.9963657407

Share this post


Link to post
Share on other sites

Here's a new log after running all updated versions of Adware and Spybot and CSWShredder or whatever they're called properly. For a while my homepage will be ok, but that will change in time and I'm still always jacked on the search page.. (as in when you can't find a webpage that doesn't exist) It's strange..

 

E

 

Logfile of HijackThis v1.97.7

Scan saved at 1:49:03 AM, on 6/24/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE

C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRUN.EXE"

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8158.9963657407

Share this post


Link to post
Share on other sites

Here's todays log

 

Logfile of HijackThis v1.97.7

Scan saved at 10:04:48 PM, on 6/24/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE

C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/MIZ075.p...&city=Ann+Arbor

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8158.9963657407

Share this post


Link to post
Share on other sites

Hi there PiperH,

 

Please run HijackThis again and place a check beside each of the following items. Once done please close all others windows and click fix checked.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - Startup: PowerReg Scheduler.exe

 

 

Reboot and delete this folder

 

C:\Program Files\Viewpoint <---folder

 

 

Also I notice you have multiple Antivirus programs running. Please pick one and uninstall the others.

 

Now reboot and post a fresh HijackThis log.

Share this post


Link to post
Share on other sites

Done Atribune but I'm still having that dll file problem..

 

 

Here's my new log

 

Logfile of HijackThis v1.97.7

Scan saved at 11:47:38 PM, on 6/24/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\Tablet.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\ANVshell.EXE

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\DeltTray.exe

C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\hahne\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/MIZ075.p...&city=Ann+Arbor

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [ANVSHELL] ANVshell.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8158.9963657407

 

This is what I know so far about my virus file problem

 

I get is a popup AVG Resident Shield saying Virus Detected while opening file: c:\WINNT\system32\dlppmdp.dll Trojan Horse BackDoor. Agent.BA

 

when I click any of the buttons it says there is no further information about this infection or requested action is not available for this object... No name is given for this Virus..

 

Back 4 scans ago it had found

 

C:\RECYCLER\S-1-5-21-117609710-1682526488-725345543-1000\Dc85.exe

and

C:\RECYCLER\S-1-5-21-117609710-1682526488-725345543-1000\Dc85.exe

 

But those have been Wiped at this time.

 

The current popup AVG Resident Shield warning pops up whenever I open an application.

 

 

Anybody?

Share this post


Link to post
Share on other sites

please download About:Buster from one of the following locations:

 

http://www.atribune.org/downloads/AboutBuster.zip

 

or

http://www.zerosrealm.com/downloads/AboutBuster.zip

 

Copy this down and close all windows

 

(If you are unsure what needs to be fixed Please get expert advise)

 

Unzip AboutBuster.zip and doubleclick the exe.

 

Next click ok and allow the program to run. (it may take a few minutes)

 

Make a copy of the log it creates for posting later.

 

Then run the About:Buster a second time just to be sure it got everything.

 

Make a copy of the log it creates again.

 

Reboot and post the 2 about buster logs and a fresh HijackThis log.

Share this post


Link to post
Share on other sites

I ran the About Buster, but it didn't find anything. I think the only thing I've got going on now is this dll file that nothing seems to be able to access but it is activated everytime I open something on my computer.

 

Any help with that?

Share this post


Link to post
Share on other sites

Email a copy of the dll too submissions @ atribune.org (note: no spaces in the addy i put them in to deter bots) Please zip the dll first.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0