Announcement

Collapse
No announcement yet.

Please HELP...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Please HELP...

    Hi guys, just registered so forgive me if I make mistakes. I'm VERY NEW to computers and have come up against some problems. I have read some of the forum relating to hijacking and have been informed by the software to save the log and let experienced people give advice when deleting 'stuff'.

    I'm running WINXP PRO - IE v6.0 - 128mB Laptop

    I have recently lost my taskbar and start button, managed to get them back after rebooting but, it they have gone again.
    Norton antivirus will not work and SpyDoctor causes the system to close after giving error message.

    Also ran cwshredder.zip from forum article.

    Please accept my apology if I have posted this in the wrong area of the site.

    Many thanks


    here are the two log files:

    Logfile of HijackThis v1.98.2 (1st log)
    Scan saved at 22:05:11, on 17/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\atievxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Ya.com
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
    O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
    O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
    O4 - Startup: ST6UNST Uninstaller.LNK = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab


    Logfile of HijackThis v1.98.2 (2nd log)
    Scan saved at 22:12:36, on 17/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\atievxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\unzipped\hijackthis2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ya.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por Ya.com
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
    O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
    O4 - HKCU\..\Run: [Zone Alarm] vsmon.exe
    O4 - Startup: ST6UNST Uninstaller.LNK = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.ya.com
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

  • #2
    Have you tried the lavasoft forums? They deal with these types of problems all the time.

    http://www.lavasoftsupport.com/

    If you suspect you may have a virus but your AV will not start, try Symantec's online virus scan.

    http://security.symantec.com/sscv6/d...d=ie&venid=sym
    Liberty not only means that the individual has both the opportunity and the burden of choice;
    it also means that he must bear the consequences of his actions.
    Liberty and responsibility are inseparable.

    - Friedrich Hayek

    Comment


    • #3
      Go here:
      http://forums.net-integration.net/index.php?
      Very helpful site.

      Comment


      • #4
        I think you meant to post this in the windows Tech support forum. Search around the board for it and you will find it.

        Comment


        • #5
          Originally posted by highwizard
          I think you meant to post this in the windows Tech support forum. Search around the board for it and you will find it.
          No, I think he thought we were the "Hijack This" support forum.

          Al
          "Are my pants...threatening you?"

          Comment


          • #6
            Originally posted by alklloyd
            No, I think he thought we were the "Hijack This" support forum.

            Al

            Wait you mean this isn't? Well shit. /me cancels membership.

            -zac
            %54%68%69%73%20%69%73%20%6E%6F%74%20%68%65%78

            Comment


            • #7
              Originally posted by alklloyd
              No, I think he thought we were the "Hijack This" support forum.

              Al
              Oh, that's why I haven't seen more than one thread about hijackthis yet.. :)
              -- dev_zero@

              Comment

              Working...
              X