« previous next »
Pages: [1]

Author Topic: Please help, HJT file included.  (Read 329 times)

Offline zeroFaTe

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Please help, HJT file included.
« on: March 14, 2008, 06:53:39 PM »
So, My computer is having trouble booting.  Every time I go to turn it on, it goes through the normal process then gets to the black screen with the loading bar, that says Windows XP on it.  It then just sits there, never loading.  Sometimes it does load, but it's completely random when it does.  I've tried booting from CD but it hasn't really helped much, it'll go into a blue screen that says System is loading Windows, and just sits there.  Im at a loss about what to do, and I'm really hoping I can get this fixed because i have a lot on here that I dont want to lose.  I've been leaving it on, so that I dont have to go through the boot process, which i know is actually very bad.  I like to leave my computer off for at least 8 hours out of the day (usually at night).  Following is my HJT log I just now created, somebody please help!


Logfile of HijackThis v1.99.1
Scan saved at 12:04:17 AM, on 7/11/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\zerofate.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2BF7DA-CBD9-4774-B2E7-88B78B07F06E}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD7EB040-75A2-4C67-82C7-3EB91AEDE65A}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS3\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help, HJT file included.
« Reply #1 on: March 14, 2008, 08:25:59 PM »
Hi zerofate, I don't have much time tonight, but I don't want to leave you hanging with this problem
Can you uninstall your version of Hijackthis from Add and Remove Programs
Let's update to the latest version
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a "System scan only" with Hijackthis and put a check next to these entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2BF7DA-CBD9-4774-B2E7-88B78B07F06E}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD7EB040-75A2-4C67-82C7-3EB91AEDE65A}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158
O17 - HKLM\System\CS3\Services\Tcpip\..\{02FD96FB-C3E2-4A1E-849C-D4D6F3BFEC29}: NameServer = 85.255.115.42,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.158


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Can you do the following please
download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Double click on Fixwareout.exe on desktop
 Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.  You will be asked to reboot your computer; please do so.  Your system may take longer than usual to load; this is normal.

Afterwards
Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
At the 'END USER SOFTWARE LICENSE AGREEMENT' select 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program if one is installed, then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

Also Post the report from Fixwareout>>report.txt in the C:\Fixwareout folder

In addition post a fresh hijackthis log

RECAP:
Post back all the following:
1. Post the report from BitDefender
2. Post the report from FixWareout
3. Run a fresh scan>save logfile with hijackthis post it's log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline zeroFaTe

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Please help, HJT file included.
« Reply #2 on: March 19, 2008, 12:42:18 AM »
HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:24 AM, on 7/12/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7186 bytes





BitDefender Online Scanner
   

 
   

 

Scan report generated at: Sat, Jul 12, 2003 - 05:04:24

 
   

 
   

 

Scan path: A:\;C:\;D:\;
   

 
   

 

 
   

 
   

 

Statistics

Time
   

01:15:21

Files
   

246792

Folders
   

5323

Boot Sectors
   

2

Archives
   

1106

Packed Files
   

9600
   

 
   

 

Results

Identified Viruses
   

7

Infected Files
   

9

Suspect Files
   

0

Warnings
   

0

Disinfected
   

0

Deleted Files
   

9
   

 
   

 

Engines Info

Virus Definitions
   

1010922

Engine build
   

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
   

16

Archive plugins
   

41

Unpack plugins
   

7

E-mail plugins
   

6

System plugins
   

5
   

 
   

 

Scan Settings

First Action
   

Disinfect

Second Action
   

Delete

Heuristics
   

Yes

Enable Warnings
   

Yes

Scanned Extensions
   

*;

Exclude Extensions
   

 

Scan Emails
   

Yes

Scan Archives
   

Yes

Scan Packed
   

Yes

Scan Files
   

Yes

Scan Boot
   

Yes
   

 
   

 
 

Scanned File
   

 Status

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0004
   

Detected with: Adware.Zango.AU

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0004
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0011
   

Detected with: Adware.Zango.AN

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0011
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0013
   

Detected with: Application.Generic.7161

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0013
   

Disinfection failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0013
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0015
   

Detected with: Adware.Zango.SB

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0015
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0016
   

Detected with: Adware.Zango.AV

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0016
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0017=>(NSIS o)=>lzma_solid_nsis0004
   

Detected with: Adware.Zango.AU

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0017=>(NSIS o)=>lzma_solid_nsis0004
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0017=>(NSIS o)
   

Update failed

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0020
   

Detected with: Adware.Zango.SC

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)=>lzma_solid_nsis0020
   

Deleted

C:\Documents and Settings\Nick\Local Settings\Temp\sai522.tmp=>(NSIS o)
   

Update failed

C:\System Volume Information\_restore{2DC4DA99-685B-42A9-88DA-B0E18FA16B76}\RP434\A0080576.exe
   

Infected with: Trojan.Ransom.C

C:\System Volume Information\_restore{2DC4DA99-685B-42A9-88DA-B0E18FA16B76}\RP434\A0080576.exe
   

Deleted

C:\System Volume Information\_restore{2DC4DA99-685B-42A9-88DA-B0E18FA16B76}\RP434\A0080693.exe
   

Infected with: Trojan.Ransom.C

C:\System Volume Information\_restore{2DC4DA99-685B-42A9-88DA-B0E18FA16B76}\RP434\A0080693.exe
   

Deleted
   


Fixwareout

Username "Nick" - 07/12/2003  3:21:44 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6C2BF7DA-CBD9-4774-B2E7-88B78B07F06E}
"DhcpNameServer"="85.255.115.42,85.255.112.158" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{90C662B0-EA58-435F-98D9-65FE1196BF71}
"DhcpNameServer"="85.255.115.42,85.255.112.158" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"D-Link Air Utility"="C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"
"ANIWZCSService"="C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\PROGRA~1\\Symantec\\osCheck.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help, HJT file included.
« Reply #3 on: March 19, 2008, 07:40:47 AM »
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program.
Enter your task manager (Right click the bottom task bar and select Task Manager)
open the Processes tab
End Process on the following entry>>ViewpointService.exe
 Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

    • Viewpoint
    • Viewpoint Manager
    • Viewpoint Media Player[/b]
    Then open HijackThis, and select Do a system scan only.

    Place a checkmark next to the following entries:
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Then, close all other open windows, leaving only HijackThis open, and select Fix checked.


    Delete the following folder (if present):
    C:\Program Files\Viewpoint\
    ===================================================
    Download [color=\"#FF0000\"]ATF-Cleaner[/color]     by Atribune.
    Save it to your desktop
    Double-click ATF-Cleaner.exe to run the program.
          Under Main choose: Select All
          Click the Empty Selected button.

    If you use Firefox browser
          Click Firefox at the top and choose: Select All
          Click the Empty Selected button.
          NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

          Click Opera at the top and choose: Select All
          Click the Empty Selected button.
          NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    ========================================

    Restart your computer afterwards.

    Back in Windows, Post one last fresh hijackthis log and let me know how things are running please
    Logged

    Do you want to post your own logs from FRST?

    Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

    Offline guestolo

    • Site Donator
    • Administrator
    • Hero Member
    • *****
    • Posts: 16034
    • Karma: +1/-0
      • View Profile
      • http://
    Please help, HJT file included.
    « Reply #4 on: April 26, 2008, 05:06:36 PM »
    Locking this topic as there has been no reply
    Logged

    Do you want to post your own logs from FRST?

    Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

    Pages: [1]
    « previous next »