Euphoric 0 Report post Posted March 8, 2007 (edited) My sis's computer is having pop up issues. (even in firefox)I dealt with this problem myself a while back but forget exactly how I fixed it. I ran hijack this. could someone take a look at my log file pls. Logfile of HijackThis v1.99.1Scan saved at 11:23:20 PM, on 07/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\TWljaGFlbCBNb2dh\command.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\System32\RegSrvc.exeC:\WINDOWS\System32\RoamMgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Intel\Switching\User\RoamSvc.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEC:\Program Files\Apoint\Apntex.exeC:\Program Files\Dell AIO Printer A920\dlbkbmon.exeC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\Mozilla Firefox\winstall.exeC:\Program Files\Ipwindows\ipwins.exeC:\Program Files\Common Files\{64FE8439-063A-1033-0307-030211070002}\Update.exeC:\Program Files\I8kfanGUI\I8kfanGUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\S?mantec\n?tepad.exeC:\DOCUME~1\MICHAE~1\MYDOCU~1\YSTEM~1\chkdsk.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis(2).zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/de-de/?redirfallthru=http%3a%2f%2fwww.dellnet.com%2f%3fR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=sslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/en-ca/?ocid=iehpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bing.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-ca/?ocid=iehpR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - Default URLSearchHook is missingO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO2 - BHO: (no name) - {9F4C7762-BD8B-B952-F1DA-B4DECCB10AB5} - C:\WINDOWS\system32\wxkwgx.dllO2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dllO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exeO4 - HKLM\..\Run: [explorer] C:\Program Files\Mozilla Firefox\winstall.exeO4 - HKLM\..\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exeO4 - HKLM\..\Run: [{64FE8439-063A-1033-0307-030211070002}] "C:\Program Files\Common Files\{64FE8439-063A-1033-0307-030211070002}\Update.exe" mc-110-12-0001411O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostartO4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Dxsf] C:\Program Files\Common Files\S?mantec\n?tepad.exeO4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\MICHAE~1\MYDOCU~1\YSTEM~1\chkdsk.exe" -vt ndrvO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: VPN Client.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - re http://forums.xisto.com/O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://forums.xisto.com/no_longer_exists/O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://forums.xisto.com/no_longer_exists/O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://forums.xisto.com/no_longer_exists/O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://forums.xisto.com/no_longer_exists/O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://forums.xisto.com/no_longer_exists/O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://forums.xisto.com/no_longer_exists/O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbCBNb2dh\command.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)O23 - Service: Intel NCS NetService (NetSvc) - IntelŽ Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exeO23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe this computer is bogged down with some garbage for sure. I ran spybot and it cleared a few things but nothing crazy.gonna run a virus scan shortly.thanks for the help. Notice from BuffaloHELP: Place all copied entries under the QUOTE bbcode. Edited March 8, 2007 by BuffaloHELP (see edit history) Share this post Link to post Share on other sites
Matt2 0 Report post Posted March 8, 2007 Hey Euphoric,Welcome to the Xisto community. First you need to help us to help you. I need you to run a few programs for us, to assist you better. Please run your antivirus software, Spy Bot Search and Destroy and Ad-aware. If you don't have those programs just ask and someone will provide you with the link to them. After that come back and post a fresh log and someone might beable to help you (I'm sorry but I'm only learning HJT at the moment, otherwise I would help you).There is a site I would reccomend you to go to if you are having no luck here. It is called Geeks to Go and it is a computer help site. I am a member there. They are a friendly bunch of experts that would he happy to help you with your problem. You will need to sign up for an account there before you can post your log, and you will have to run a few programs for them. Don't worry about it right now though as the guide on their site will help you through that. I would post the information here but right now their site and board is closed for upgrades.When their site is up there is a bar near the top of that page. It says something like:" Has some sleazy software taken over your computer? Spyware, Adware, Virus, Trojan? Please Start Here. Your system clean? Malware Protection Advice. "Click on Start here and then the guide will be shown on what steps you will need to take.I hope you continue to enjoy the Xisto community, I highly reccomend their free webhosting - I personally think its the best out there, just ask if you need any help getting set up with it. Good luck with your Crapware fighting quest.I hope I have been of assistance, please let us know how you get on. Share this post Link to post Share on other sites
BuffaloHelp 24 Report post Posted March 8, 2007 There are other forums which supports hijackthis log files. Xisto does not provide this support.Please visit http://www.theeldergeek.com/forum/index.php?showtopic=13415 and follow their instruction on how to request for hijackthis log support.In our forum, you MUST place proper bbcodes for all copied entries, such as QUOTE.This topic is closed. Share this post Link to post Share on other sites
