« previous next »
Pages: [1]

Author Topic: Possible Situation  (Read 405 times)

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
Possible Situation
« on: February 26, 2007, 11:15:49 AM »
When I run AVG this pops up in window as a threat. C:\windows\system32\shell32.dll

However, after scan is complete it says no threats found.

Also, sometimes when I visit websites mostly that I know but also newly visited I do not get the entire website. Parts of it, like links in tiny boxes are just white with an X that was there to tick on the link. This only happens so often.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:41 AM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.eightballclan.com
O15 - Trusted Zone: *.tpgleague.org
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
Possible Situation
« Reply #1 on: March 01, 2007, 04:38:05 PM »
Bump
Logged

Offline ch1k3nb0t

  • Hero Member
  • *****
  • Posts: 787
  • Karma: +0/-0
    • View Profile
    • http://
Possible Situation
« Reply #2 on: March 01, 2007, 04:54:25 PM »
i have no clue wtf that is and wut ur prob is lol srry explain it to me plz
Logged
100 posts (done)

200 posts (done)

300 posts (done)

400 posts (done)

500 posts (done)

600 posts (done)

700 posts (done)

800 posts (done)




                       


[color=\"#00FF00\"]transactions[/color]

1. bought a lvl 74 pure from 1_1337_k for 5m [color=\"#FF0000\"](scammed)[/color] he recoverd he is a scammer!!!!

2. bought a lvl 90 main from dantheman for 5m ([color=\"#00FF00\"]sucsessfu[/color]l)

3. bought a runescape privet server from oleg ([color=\"#00FF00\"]sucsessful[/color]) we did half

4. bought a runescape private server from coty ([color=\"#00FF00\"]sucessful[/color]) he went first

5. bought a lvl 82 from dantheman ([color=\"#FF0000\"]scammed[/color]) he recoverd                                                

6. did tutorial island for ruin000 ([color=\"#00FF00\"]succesful[/color]) i did for free!

7. sold a lvl 85 to xxsin0405xx for 4m ([color=\"#00FF00\"]sucessful[/color]) i went first

8. tradeaded my lvl 52 pure to hunter532 ([color=\"#00FF00\"]sucesfull[/color]) went smothly

9. jblee/jason made me free sig ([color=\"#00FF00\"]sucesfull[/color]) recomended for sigs.

10. stop reading my name made me a free sig ([color=\"#00FF00\"]sucesfull[/color]) also recomended for sigs

11. reazee made me another free ([color=\"#00FF00\"]sucesfull[/color]) obviously lol also recomended








[center
]

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
Possible Situation
« Reply #3 on: March 02, 2007, 01:33:16 AM »
Ok, The little boxes with the X in them are normal, that just means that your computer may think its a temporary threat so it disables your viewing of it, or your computer didn't thoroughly load the page.

shell32.dll is not a threat. From what i've heard, it's an icon on your computer.
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
Possible Situation
« Reply #4 on: March 02, 2007, 06:54:33 AM »
Where is Questolo?
Logged

Offline Everlasting Death

  • Hero Member
  • *****
  • Posts: 981
  • Karma: +0/-0
    • View Profile
    • http://www.jaswin.net
Possible Situation
« Reply #5 on: March 05, 2007, 07:34:19 PM »
well my only guess is that there may be some kind of a virus or spyware or something hidding in that file because as law said shell32.dll holds the icons for your computer
Logged
The cake is a lie....

Bummer Dude

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
Possible Situation
« Reply #6 on: March 10, 2007, 08:29:37 AM »
You guess? Who are you with your guesses.

Questolo doesn't guess. He had answers. This forum is going down the tubes is my guess. How's that?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Possible Situation
« Reply #7 on: March 10, 2007, 09:41:12 AM »
Hi again Mr.Bell, very sorry for the delay

Can you take a look at this link please, should explain it
http://forum.grisoft.cz/freeforum/read.php...3,backpage=,sv=
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
Possible Situation
« Reply #8 on: March 17, 2007, 07:52:11 AM »
It explained it perfectly. Thanks. I don't know why people post on other people's issues. But when I hear them start off with "I guess" then I guess that there guess isn't worth the time to even read what they have to say. LOL

Your the best so forget the rest.

Randy
Logged
Pages: [1]
« previous next »