Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new user - please check this SHORT log for problems


  • Please log in to reply
3 replies to this topic

#1 ellenellenellen

ellenellenellen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 30 June 2005 - 10:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:42:42 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ellen\My Documents\x0. computer program things\SpySub.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Ellen\My Documents\x0. computer program things\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:15 PM

Posted 01 July 2005 - 08:30 PM

If you still need help, could you post a fresh log please?

#3 ellenellenellen

ellenellenellen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 02 July 2005 - 04:09 AM

yes I can, thanks for replying. Here is the fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 5:05:55 AM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ellen\My Documents\x0. computer program things\SpySub.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Ellen\My Documents\x0. computer program things\HijackThis.exe

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:15 PM

Posted 02 July 2005 - 09:53 AM

Please confirm that you have run the following scans or run them now. Save any logs that you generate - we may need them later. Also, please provide me with a description of the problem you are experiencing. Before you ask for help read this.

Anti-spyware

Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4and Ad-aware SE v1.06. Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.


Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. You can download it free at http://www.emsisoft.com/en/software/free/ . Let it fix whatever it wants to.


Anti-virus

Also, run this pc through the Panda Scan Online virus scanner.
Online Virus Scanners FAQ


Next, please reboot & post a fresh HijackThis log. If you have any problems with one part of this instruction make a note of it and continue onto the next section. Let me know any problems in your next post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users