HijackThis Advice Please =]

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
If someone could please take a little bit of time to advise me on what to remove, I would very much appreciate it. Thank you very much~

Logfile of HijackThis v1.99.1
Scan saved at 4:11:48 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2005_11_06.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://img.bugs.co.kr/playerdll/BugsLoader20050901.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
 
Joined
Sep 7, 2004
Messages
49,014
Problems?????????

Get all of these and/or verify you have the current versions

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
Hey thanx a lot MFDnSC! I though i downloaded every spyware, adware, virus, blah blah scanner that has ever been posted in the history of mankind lol! but i forgot about spyware blaster! ill be sure to dl that right away~ ms antispy i actually had to delete because it was messing up my starcraft [starcraft simply wouldnt load]. nehoo but about my hijack log, if yall see anything fishy, please let me know what i should fix =] hey thanx again MFDnSC!
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
o man~ this is serious stuff.. umm how do i scan it? with a virus scanner or do i check the box inside hijack and then click "fix checked"? thanx for the advice dohnutman really appreciate it~ this may save my baby lol
 
Joined
Jan 22, 2005
Messages
954
lunar_angel said:
o man~ this is serious stuff.. umm how do i scan it? with a virus scanner or do i check the box inside hijack and then click "fix checked"? thanx for the advice dohnutman really appreciate it~ this may save my baby lol
Follow and WAIT for MFDnSC ok???
he WILL help you, jz chill out for a while. Remember, it's Holiday season and we ALL have our own lives.

If you want to do stuff without the guidance of an 'expert'. Well, the only thing I can say is GOODLUCK! :)
 
Joined
Mar 21, 2003
Messages
113
jrom727 said:
Follow and WAIT for MFDnSC ok???
he WILL help you, jz chill out for a while. Remember, it's Holiday season and we ALL have our own lives.

If you want to do stuff without the guidance of an 'expert'. Well, the only thing I can say is GOODLUCK! :)
Well, I'n no expert but I no slouch either... but, like I said earlier, it might be the legitimate windows program. the legit conime.exe is used by windows for asian language input support in the command prompt. According to microsofts database it is for:
“This entry is used only when the locale of the computer is set to 932 (Japanese), 936 (Chinese), 949 (Korean Unified Hangul), or 950 (Chinese Big5 Extended).”

So if you doing anything that involves these languages, its nothing to worry about... every system has it, just make sure its only 27.0KB. if not, upload it here and have them scan it.
http://virusscan.jotti.org/
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
jrom this is for you. i did not at all rush or imply mfdnsc to rush his efforts. i just simply asked a question. now i dont know why you're trying to make me look bad but i would appreciate it if perhaps you chill out. HEY DOHNUT THANX A LOT FOR THE HELP MAN~Yah im working with korean language support so i guess its ok =]
 
Joined
Sep 7, 2004
Messages
49,014
dohnutman has definetly caught something I missed
===============
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log


==============
http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
Wow alrighty then~ thank you very much for the well explained procedure to follow . . ill get on this as soon as i get back from my trip . . you really know your stuff mfdnsc =] im glad this forum is made up of people with your caliber of knowledge~
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
Hi MFDnSC~ well ive gone ahead and followed your instructions with the ewido scanner. The hijackthis log and ewido log are posted below respectively. BTW a question about the kaspersky scanner: Will it remove stuff it detects or only tell me that I have that stuff on my computer? Because I've had programs like that [i.e Spyware Doctor] and I found it to be quite useless since the only recommendations it ever has is for me to buy something to completely remove stuff. Thus, if it only detects I don't think that I'll be installing that software.

Here's the logs:

Logfile of HijackThis v1.99.1
Scan saved at 5:12:50 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall_2005_11_06.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://img.bugs.co.kr/playerdll/BugsLoader20050901.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

WHOA RAN INTO A PROBLEM! Ive had this kinda problem before but it just went away so I forgot about it but now it just came back. When I tried to open "my computer" to get the ewido log file, the box pops up but it's empty and my computer freezes. Thus I am only able to post the hijackthislog. =/ Darnit even after trying to fix my computer it craps out on me. =[
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
hi MFDnSC~ well i decided to go ahead with kaspersky and boy am I glad you suggested it! On "critical" it was clean but on "My computer" it found 1 virus and 2 suspicious objects =/ here's that post of kaspersky whenever you have time to check it out~ thank you again very much for your time MFDnSC~ o btw i was able to retrieve the ewido log as well so heres kaspersky and ewido logs respectively~

KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 28, 2005 00:43:52
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/12/2005
Kaspersky Anti-Virus database records: 157713
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 62146
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 5413 sec

Infected Object Name - Virus Name
C:\QUARANTINE\javainstaller.jar-3c936701-45802ed6.zip.Vir/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\QUARANTINE\javainstaller.jar-3c936701-45802ed6.zip.Vir Infected: Trojan-Downloader.Java.OpenStream.w

Scan process completed.




ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:41:39 PM, 12/27/2005
+ Report-Checksum: BFFA2972

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojsetkw5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Unzipped\inhale1217\Loader.exe -> Backdoor.Konsl : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll.tcf -> Spyware.Wheaterbug : Cleaned with backup


::Report End
 

lunar_angel

Thread Starter
Joined
Dec 22, 2005
Messages
19
Oh that's a relief~ But what about the 1 virus and 2 suspicious objects that Kaspersky came across? Hmmm and the other problem pretty much is this: Sometimes, I want to go into "My Computer" so I double click the icon or try to get into it by clicking "Start" then "My Computer". The BOX that should contain all the icons [i.e Shared documents, My documents, C:, D:, etc.] pops up but inside is blank. I try to close the box but it won't close. Then I get an error message and the "would you like to send an error report to microsoft" deal. I think that it happens after I run Crap Cleaner. But that's just a guess. Other than that it's a pretty random deal.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top