|
|
|
having trouble, log included
|
|
|
mesa101
Member
|
4. August 2008 @ 12:40 |
Link to this message
|
i started having trouble with firefox,{ firefox couldn't find page } then ie started going bad.. kaspersky found win32.hupigon.dckd and removed it.. but i see 2 entries about a proxy or something that cant be deleted in hjt. R1 AND R1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:45, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B8292E5-964F-4187-8A65-68045FF6DB07}: NameServer = 216.45.34.2 216.45.33.130
O20 - AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 7.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 2138 bytes
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
5. August 2008 @ 01:56 |
Link to this message
|
Hi mesa101,
Your Log looks really clean except for the redirected start pages.
Have you tried resetting your home page in IE and Firefox?
You should have been able to fix the R1 lines..
Maybe something is hiding. Do the following:
Please download Malwarebytes' Anti-Malware to your desktop.
? Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Be sure that everything is checked, and click Remove Selected.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post contents of that file in your next reply.
Download ComboFix from Here to your Desktop.
? Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
5. August 2008 @ 02:52 |
Link to this message
|
also web pages freeze and my connection drops..{dsl}
mbam log below''
Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 3
2:49:49 8/5/2008
mbam-log-8-5-2008 (02-49-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 70619
Time elapsed: 28 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
|
mesa101
Member
|
5. August 2008 @ 02:54 |
Link to this message
|
i forgot combofix
ComboFix 08-08-04.01 - Owner 2008-08-04 17:56:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1073 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.
2008-08-04 16:58 . 2008-08-04 16:58 <DIR> d-------- C:\Program Files\Panda Security
2008-08-04 16:58 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 22:36 . 2008-08-03 22:37 1,316 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 22:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 22:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 22:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 22:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 22:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 22:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 22:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 22:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-03 20:14 . 2008-08-03 20:15 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-02 10:14 . 2008-08-02 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-01 09:27 . 2008-08-01 09:27 99,648 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-31 00:27 . 2008-07-31 00:27 36,770 --a------ C:\WINDOWS\system32\tcpipbak.reg
2008-07-31 00:27 . 2005-10-20 10:30 32,768 --a------ C:\WINDOWS\system32\ServiceRepair.exe
2008-07-31 00:27 . 2006-03-13 09:41 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2008-07-31 00:27 . 2008-07-31 00:27 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-07-31 00:27 . 2008-07-31 00:27 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-07-26 20:41 . 2008-07-26 20:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-26 20:41 . 2008-08-04 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 20:41 . 2008-08-04 18:00 4,127,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-26 20:41 . 2008-07-26 20:54 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-26 20:41 . 2008-07-26 20:54 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 20:41 . 2008-08-04 17:59 60,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-26 20:41 . 2008-08-04 17:59 56,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 20:41 . 2008-08-04 17:59 6,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-23 15:36 . 2008-07-23 15:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-23 10:45 . 2008-07-23 10:45 100,809,072 --a------ C:\Image.bin
2008-07-21 08:11 . 2008-07-21 08:11 24,392 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-20 14:49 . 2008-07-28 16:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\IObit
2008-07-20 14:49 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-07-19 18:11 . 2008-08-03 20:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-07-18 22:46 . 2008-07-18 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 18:09 . 2008-07-17 18:09 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-17 00:19 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-08 22:02 . 2008-07-08 22:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-08 21:58 . 2008-07-08 21:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-08 21:50 . 2008-07-08 21:50 <DIR> d-------- C:\WINDOWS\EHome
2008-07-08 21:39 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 20:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-08-04 00:15 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-04 00:15 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-08-04 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 20:56 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-03 20:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2008-07-27 00:54 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-25 06:15 --------- d-----w C:\Program Files\FrostWire
2008-07-23 14:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2008-07-22 03:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\VideoReDo-TVSuite
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-07-20 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-07-15 21:18 --------- d-----w C:\Program Files\Java
2008-07-14 21:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 21:36 --------- d-----w C:\Program Files\Ahead
2008-07-03 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template
2008-07-03 22:50 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-07-01 02:55 --------- d-----w C:\Program Files\LG Software Innovations
2008-06-29 01:08 --------- d-----w C:\Program Files\QuickTime
2008-06-29 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-28 20:10 827 ----a-w C:\Program Files\Common Files\ConvertXtoDvd 3.lnk
2008-06-27 00:56 --------- d-----w C:\Program Files\Shockwave.com
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 18:24 --------- d-----w C:\Program Files\CCleaner
2008-06-17 12:45 --------- d-----w C:\Documents and Settings\Administrator.YOUR-D9B2E5A77E\Application Data\iolo
2008-06-17 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-17 00:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-07 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 15:58 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-05 03:15 1,566 ----a-w C:\Program Files\Common Files\VideoReDo TVSuite.lnk
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nolowdiskspaceckecks"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
.
Contents of the 'Scheduled Tasks' folder
2008-07-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9k3ywl8t.default\
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 18:00:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-04 18:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 22:04:39
Pre-Run: 187,393,605,632 bytes free
Post-Run: 187,384,614,912 bytes free
162 --- E O F --- 2008-07-09 21:31:26
|
AfterDawn Addict
|
5. August 2008 @ 03:15 |
Link to this message
|
Quote:
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
HJT Log??
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
5. August 2008 @ 03:36 |
Link to this message
|
sorry 2og....it's 3:30 am
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:47, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B8292E5-964F-4187-8A65-68045FF6DB07}: NameServer = 216.45.34.2 216.45.33.130
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 2865 bytes
|
AfterDawn Addict
|
5. August 2008 @ 03:39 |
Link to this message
|
Did you try to fix the R1's with HJT??
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
5. August 2008 @ 12:56 |
Link to this message
|
|
yes they come right back after deletion
|
AfterDawn Addict
|
6. August 2008 @ 01:30 |
Link to this message
|
|
Looks like you?re using a proxy server of some sort..
Copy and paste these addresses in your browser and go to the site. Do you recognize it as something you use??
216.45.34.2
216.45.33.130
www.plimus.com
www.regnow.com
Let me know?
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
6. August 2008 @ 13:19 |
Link to this message
|
|
the first 2 ip's are my ip providers mail login which i dont use..i use outlook... and the plimus and regnow i dont recognize,,thats the one that look suspect
|
AfterDawn Addict
|
6. August 2008 @ 23:25 |
Link to this message
|
I see that you set your home page in your browser..
Did you run HJT with Administrator Privileges?? I think you must in Vista in order to delete anything..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
6. August 2008 @ 23:39 |
Link to this message
|
im running xp... i also see a entry for ad-aware in my ad remove programs that i cant delete.
|
AfterDawn Addict
|
6. August 2008 @ 23:56 |
Link to this message
|
|
Oops, my bad. I?ve been working with vista too much the last few days and I forget, but I?m old, give me a break ; )
It very well could be a system file gone south.
If you have an XP disc or a recovery disk that came with your computer have it at hand because this next command may ask for it, or not..
Goto -> Start -> Run and type or copy/past this in the box: sfc /scannow
Click OK
This will scan your disk for bad or corrupt system files and repair them.
See if that works and let me know?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
mesa101
Member
|
7. August 2008 @ 01:04 |
Link to this message
|
i dont know what that did but it seemed to work...imsurfing like mad now...thanks 2og until we meet again..lol
|
AfterDawn Addict
|
7. August 2008 @ 01:14 |
Link to this message
|
You?re very welcome, mesa101, Just remember?..
The oldgeek can get the bugs out.
Oops.. 
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
mesa101
Member
|
7. August 2008 @ 01:21 |
Link to this message
|
|
i hear you man..and i believe in your extermination methods too.
|
|
