| |||||||
| Free Registration | Blogs | Downloads | D3Live! | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read | TS2 |
 |
Hijackthis Log HELP ME!!!
This is a discussion on Hijackthis Log HELP ME!!! within the General Chat forum part of the General category; Omfg...i still cant visit certain websites, msn doesnt work for me, i cant delete an antivirus hend gave me because ...
Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 35000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community! |
| | LinkBack | Thread Tools | Display Modes |
|
#1
02-08-2008, 02:39 AM
| ||||
| ||||
| Hijackthis Log HELP ME!!! Omfg...i still cant visit certain websites, msn doesnt work for me, i cant delete an antivirus hend gave me because i think thats the problem for wc but idk it just keeps rebooting everytime i try to un install, and i cant even get updates on anything. help me!! heres my log if u guys no what to do Logfile of HijackThis v1.99.1 Scan saved at 6:35:06 PM, on 2/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\Integrator.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Luddha\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [svcmon] C:\Program Files\PI\PIN\svcmon.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\xLiLBlingx141516\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O15 - Trusted Zone: CREDIT UNION TRAINING - CU Training Inc. O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196709028014 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/game...lugin10USA.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.185 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.185 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe  |
| D3scene |
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
#2
02-08-2008, 03:51 AM
| ||||
| ||||
| I Think Your Best Bet Is To Plug An iPod / External HD And Copy What You Want Onto The Other Device, And Wipe Your Drive. Starting Fresh Is The best Way To Go. |
|
#3
02-08-2008, 03:57 AM
| ||||
| ||||
| thats such a noobish way out tho stroup -- Dead, give me a day and ill see what i can do for u E: This is what i got by quickly doing searches on each exe....of course this isnt my full help ima be looking into it a bit more tomorrow aswell Okay C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Webshots\WebshotsTray.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe [side note: this file accesses internet a lot, may cause disruptions when connecting to sites/use applications] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [side note: some users find this application to be spyware itself, others have not] C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Luddha\Desktop\HJT\HijackThis.exe Possible Danger/Threat C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Integrator.exe C:\WINDOWS\System32\svchost.exe Dangerous/Known Spyware C:\Program Files\Viewpoint\Common\ViewpointService.exe E2: CastleCops® - HijackThis Log Tutorial .... useful info Last edited by Kalbintion; 02-08-2008 at 04:23 AM. |
|
#5
02-08-2008, 04:10 AM
| ||||
| ||||
| yes but backing up large hd's and restoring it all back is A MAJOR PAIN.....ever restored 500 gbs of data? ... it takes a while, meanwhile it was a simple solution all along that wouldve taken about a 1/10th it took to copy it all back n reinstall everything |
|
#7
02-08-2008, 04:17 AM
| ||||
| ||||
| personally, I would just whipe it. I keep nothing on my computer that cannot be restored in under 3 hours of downloading/installing and hooking up a backup drive. if you decide to whipe the drive, i suggest dband. Darik's Boot and Nuke (Hard Drive Disk Wipe) note- this will remove your OS as well. |
|
#8
02-08-2008, 04:21 AM
| ||||
| ||||
| im sorry volund, why use a program? a simple "Place Disc Into Drive, Boot Off Of Disc, Go To Install, Select Drive, Select Format" would do the exact same thing... |
|
#10
02-08-2008, 05:18 AM
| ||||
| ||||
| uhm, u obviously dont understand the purpose of formatting -- yes they are retrievable TO SOME EXTENT, then eventually are completely unable to be retrieved due to the HDD writing to that sector again n again, thus you can never be guarentee'd the file u want to restore will be there if u attempt to restore after formatting --- so stroup. a BASIC format from the disc [not a quick-format neither] would suffice all programs to not be able to be ran unless they built themselves into the BIOS [which is hard to do] |
|
#11
02-08-2008, 05:20 AM
| |||
| |||
| Try fixing: R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.185 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.103 85.255.112.185 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Also note that having more than one anti-virus running with their auto-protect features on can cause serious problems. Disable their auto-protect features and uninstall all but one of them which you trust. In my opinion, it's best if you uninstall all of them and get something reliable such as ESET or Kaspersky. |
|
#12
02-08-2008, 05:24 AM
| |||
| |||
| I'm surprised a cocktail of tools like SpyBot, Registry Mechanic, and AVG didn't do the trick. Otherwise I suppose I support Kalbination's method. I wasn't aware of Reformatting leaving any files in a harmful way nor System Restores accuracy. Figured i'd add my two cents...On another note: C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe These are safe Windows programs ironically Last edited by Critical; 02-08-2008 at 05:27 AM. |
|
#13
02-08-2008, 05:30 AM
| ||||
| ||||
| Yes on the outside they are safe windows programs, but some malicious code can run it making it appear as a safe file in which turn it isnt, there are many applications that are out there that can make use of those two files for malicious purposes, however rare, it still can happen. |
|
#16
02-08-2008, 06:33 AM
| ||||
| ||||
| Alright thanks for your help guys i did what kal, chris, and gevo did but i still cant visit certain websites, msn is still broken, and wc still doesnt work. heres the scan again. o and for scvhost thing i del it all the system ones but when i got towards the last one a pop up came up saying shut down immediatly so then i just restarted, i still have the scvhost but idk what to do on that. heres the scan Logfile of HijackThis v1.99.1 Scan saved at 10:30:27 PM, on 2/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\Integrator.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Norton Personal Firewall\NISSERV.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Luddha\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [svcmon] C:\Program Files\PI\PIN\svcmon.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\xLiLBlingx141516\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O15 - Trusted Zone: CREDIT UNION TRAINING - CU Training Inc. O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196709028014 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/game...lugin10USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
|
#17
02-08-2008, 06:48 AM
| |||
| |||
| Do not delete svchost. It is a safe, unless it is outside the system32 folder (most viruses who use the 'svchost' file name drop the file in another folder). Try pinging the sites (start -> run -> cmd, and type in "ping <website>". See if you can actually reach the site, and we can work from there. And it seems you are still running 3 anti-viruses or firewalls. Like I said in my last post, this can cause serious problems. I would recommend uninstalling all but one of them, or uninstalling them all and getting ESET or Kaspersky. |
|
#18
02-08-2008, 11:52 PM
| ||||
| ||||
| hmm ok i pinged one of the sites i cant visit which is my account for bmgmusic.com, i got 66.150.2.134 with 32 bytes of data Packets Sent=4, recieved 0, Lost=4 100% Loss And i have windows fire wall which came with mine and mcaffee or w/e which ive used forever and now i have AV PE classic which i tried to install...but it doesnt everytime i go to add/remove programs and click to uninstall my whole computer reboots, and i tried to deleteing manually but half the files are in use it says even though i dont have in running. |
|
#19
02-09-2008, 12:14 AM
| |||
| |||
| Quote:
Also, these sites that you can't access, what sort of error are you receiving? Are you being redirected to some search engine page or is it just the default "Page cannot be loaded"? It also seems that the IP you pinged was wrong. This can be an issue with the DNS cache. See if there are any entries in your HOSTS file (default path: "C:\WINDOWS\System32\drivers\etc\HOSTS"). It should have no file extension; open it up in notepad and see if there are any entries listed. Copy paste what you have there to here (in a code or quote box preferably for better formatting and clarity). One last thing, click here. Does the page load? |
|
#20
02-09-2008, 01:35 AM
| ||||
| ||||
| oo ok no that page does load thats because thats the home page, when i login and try to go to my account it is just page cannot be displayed, there is no search engine, also it happens to me when i try and log into my hotmail, and does by any change have to do with not being able to play warcract/get windows updates? Heres the Host file thing. # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host And heres the tracert. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. Tracing route to BMG Music Service CRUBC0USVYCTI0U4CFEY [8.15.7.117] over a maximum of 30 hops: 1 14 ms 3 ms 2 ms dslrouter [192.168.1.1] 2 24 ms 23 ms 23 ms 72.87.215.1 3 31 ms * 39 ms 130.81.33.162 4 26 ms 31 ms 32 ms so-7-3-0-0.BB-RTR2.LAX01.verizon-gni.net [130.81 .28.221] 5 30 ms 26 ms 25 ms 0.so-6-2-0.XT2.LAX7.ALTER.NET [152.63.112.49] 6 400 ms 27 ms 27 ms 0.so-6-0-0.XL2.LAX15.ALTER.NET [152.63.112.61] 7 34 ms 43 ms 27 ms 0.so-7-0-0.BR1.LAX15.ALTER.NET [152.63.116.25] 8 27 ms 27 ms 43 ms so-7-1-1.edge1.LosAngeles1.Level3.net [4.68.111. 189] 9 36 ms 46 ms * vlan99.csw4.LosAngeles1.Level3.net [4.68.20.254] 10 49 ms 27 ms 32 ms ae-83-83.ebr3.LosAngeles1.Level3.net [4.69.137.4 1] 11 100 ms 105 ms 107 ms ae-4.ebr4.Washington1.Level3.net [4.69.132.82] 12 106 ms 106 ms 107 ms ae-84-84.csw3.Washington1.Level3.net [4.69.134.1 86] 13 130 ms 98 ms 99 ms ae-31-89.car1.Washington1.Level3.net [4.68.17.13 1] 14 108 ms 109 ms 109 ms CO-LOCATION.car1.Washington1.Level3.net [63.210. 59.250] 15 * * * Request timed out. 16 * * * Request timed out. 17 * * * Request timed out. 18 * * * Request timed out. 19 * * * Request timed out. 20 * * * Request timed out. 21 * * * Request timed out. 22 * * * Request timed out. 23 * * * Request timed out. 24 * * * Request timed out. 25 * * * Request timed out. 26 * * * Request timed out. 27 * * * Request timed out. 28 * * * Request timed out. 29 * * * Request timed out. 30 * * * Request timed out. Trace complete. |
|
#21
02-09-2008, 02:24 AM
| |||
| |||
| Currently, I believe it is a DNS issue. Do other computers on your network (at your house) run into any similar issues? Also, try going to Start -> Run, and typing in "ipconfig /flushdns" and pressing OK. Last edited by gevorgkhc; 02-09-2008 at 02:27 AM. |
|
#22
02-09-2008, 04:59 AM
| ||||
| ||||
| dead, is that your ENTIRE "hosts" file? ..... reason i say this is because of all computers that ive ran into the default HOSTS file is what is shown below Quote:
|