Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

why cant i run the hjt?


  • This topic is locked This topic is locked
11 replies to this topic

#1 jkhart

jkhart

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 September 2004 - 08:49 AM

help needed!
im having problems with my pc and wanted to post a log however the hjt wont run. i followed the instructions as far as unzipping the hjt download. then when i try to run it to get a log it wont. a warning message flashes up but this dissapears too quickly to read.
i have tried downloading the hjt again however found the same problem. im guessing this is a pc problem rather than a problem with the hjt. help!

if it makes a difference i am running kerio personal firwall and have avast! and spybot search and destroy. the problems i am experiencing have been numerous but the lastest are -
when logging on to hotmail getting only a blank screen, this is after accessing my account
every time i run spybot it finds the same two programs but cant delete them as they are running, it then asks to run on next start up. upon the next start up the same thing occurs
something called dr watsons debugger (i didnt know this was on the pc - should it be there?) keeps shutting down the pc

BC AdBot (Login to Remove)

 


#2 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 18 September 2004 - 09:59 AM

Have you tried going to Task Manager and killing the process on those 2 programs, then running HJT?

#3 jkhart

jkhart
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 September 2004 - 11:17 AM

ideed i have - that is another prob. task manager will come up however closes immediately. too quickly for me to even read it. argh

#4 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 18 September 2004 - 11:26 AM

This is not the right way to do it but, have you tried running HJT in Safe Mode?

#5 jkhart

jkhart
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 September 2004 - 03:47 AM

it worked - first hurdle over thankyou!
ok below is the log, it was obtained in safe mode if that makes a difference!

Logfile of HijackThis v1.98.2
Scan saved at 09:40:47, on 19/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.235.97.200/personal5/superx1/0/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccRegVfY] C:\WINDOWS\expIorer.exe /i
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Update Emulator] kernel-mon.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [Windows Media Player] winsupdate.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\Run: [WindowsRegKey update] Windowsup.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Update Emulator] kernel-mon.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [Windows Media Player] winsupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update] Windowsup.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\system administrator\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00106\gd-dial.exe -remove
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Update Emulator] kernel-mon.exe
O4 - HKCU\..\Run: [Windows Media Player] winsupdate.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKCU\..\Run: [WindowsRegKey update] Windowsup.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKCU\..\RunServices: [Windows Media Player] winsupdate.exe
O4 - Global Startup: BuzMe V.92.lnk = C:\Program Files\RingCentral\BuzMe\BMUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/d1/arctal.chm::/AWM123.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095508982805
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

#6 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 19 September 2004 - 04:15 AM

Ok, running HJT in Safe Mode does not give me the full picture, but for the purpose of getting started this is the best way. We will do this bit by bit.

First;

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

NOTE THE OPTIONAL FIX IN BLUE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Update Emulator] kernel-mon.exe

O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [Windows Media Player] winsupdate.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe

O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe

O4 - HKLM\..\Run: [WindowsRegKey update] Windowsup.exe

O4 - HKLM\..\RunServices: [Microsoft Update Emulator] kernel-mon.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [Windows Media Player] winsupdate.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe

O4 - HKLM\..\RunServices: [Windows Streams Server] localsrv.exe

O4 - HKLM\..\RunServices: [WindowsRegKey update] Windowsup.exe

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00106\gd-dial.exe -remove

O4 - HKCU\..\Run: [Microsoft Update Emulator] kernel-mon.exe

O4 - HKCU\..\Run: [Windows Media Player] winsupdate.exe

O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKCU\..\Run: [Windows Streams Server] localsrv.exe

O4 - HKCU\..\Run: [WindowsRegKey update] Windowsup.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe

O4 - HKCU\..\RunServices: [Windows Media Player] winsupdate.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/d1/arctal.chm::/AWM123.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

Restart your computer in
Safe Mode Also make sure you show hidden and system files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,

C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\msopt.dll
C:\WINDOWS\svchst.exe <<Make sure it is this one!!
c:\program files\GlobalDialer<<Folder


Reboot in Normal Mode, then post a fresh logfile so that I can check to see if it is clean.

Edited by 12g, 19 September 2004 - 04:15 AM.


#7 jkhart

jkhart
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 September 2004 - 04:56 AM

ok done all that.
here is new log - this one was successfully obtained in normal mode.


Logfile of HijackThis v1.98.2
Scan saved at 10:53:31, on 19/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\svchst.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\system administrator\Application Data\My-disgo\MyKey disgo.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.235.97.200/personal5/superx1/0/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccRegVfY] C:\WINDOWS\expIorer.exe /i
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\system administrator\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Global Startup: BuzMe V.92.lnk = C:\Program Files\RingCentral\BuzMe\BMUI.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

#8 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 19 September 2004 - 05:19 AM

Good news!! getting there :thumbsup:

Next;

Go, CTRL>SHIFT>ESC>"End Process" on;

svchst.exe

Next;

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\shman32.exe /i

O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i

Restart your computer in
Safe Mode Also make sure you show hidden and system files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,

C:\WINDOWS\shman32.exe
C:\WINDOWS\svchst.exe

Reboot in Normal Mode, then post a fresh logfile so that I can check to see if it is clean.

#9 jkhart

jkhart
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 September 2004 - 06:42 AM

ok followed instructions. heres the latest, thank you so much for all this help! what have all my probs been due to? nasty stuff on my machine?

Logfile of HijackThis v1.98.2
Scan saved at 12:38:23, on 19/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\system administrator\Application Data\My-disgo\MyKey disgo.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.235.97.200/personal5/superx1/0/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccRegVfY] C:\WINDOWS\expIorer.exe /i
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\system administrator\Application Data\My-disgo\MyKey disgo.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Global Startup: BuzMe V.92.lnk = C:\Program Files\RingCentral\BuzMe\BMUI.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095508982805

#10 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 19 September 2004 - 08:32 AM

Yes, you had a mass of infection on your machine, the good news is;

Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

#11 jkhart

jkhart
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 September 2004 - 12:41 PM

thank you so much for all of your help today. its greatly apprieciated!!

#12 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:45 AM

Posted 19 September 2004 - 01:18 PM

You are very welcome :thumbsup:

Since this problem is solved, this topic will now be closed. If the originator of the topic should need it reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic.

If anyone should have a similar problem, please start a new topic of your own.

Edited by 12g, 14 October 2004 - 09:01 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users