Need help from the computer nerds
06-01-2005, 03:52 PM
#11
3.0 BAR
Join Date: Feb 2003
Posts: 9,089
Re: Need help from the computer nerds
search for a program call ewidos security. download it and install it.
boot into safemode and run it. let it scan all files, and let it fix all errors. sit by it for a few minutes and when a window pops up asking to fix check off the box that says auto fix (or something like that). then go for dinner cuz it's gunna take awhile.
reboot normally... run highjackthis again and repost the log.
boot into safemode and run it. let it scan all files, and let it fix all errors. sit by it for a few minutes and when a window pops up asking to fix check off the box that says auto fix (or something like that). then go for dinner cuz it's gunna take awhile.
reboot normally... run highjackthis again and repost the log.
06-01-2005, 04:54 PM
#12
0.0 BAR
Join Date: Feb 2005
Posts: 0
Re: Need help from the computer nerds
C:\Program Files\AWS\WeatherBug\Weather.exe (not as serious as the others)
C:\WINDOWS\system32\?hkdsk.exe
O2 - BHO: (no name) - {1324122C-B588-FF5A-902C-8FC3BCC494AA} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O2 - BHO: (no name) - {1A913446-868B-DE23-D858-A77F6419D2C3} - C:\WINDOWS\system32\eatsbb.dll
O2 - BHO: (no name) - {26092225-98B8-BC68-BD1C-B7EEFD80B993} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O2 - BHO: (no name) - {26092229-98B8-CD1C-BD1B-BDEEF985B9E9} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [api driver] sys32.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Mpfltw] C:\WINDOWS\system32\?hkdsk.exe
O4 - HKCU\..\Run: [Eaai] C:\Program Files\nsab\osae.exe (i dont know what this is but get it out of your start up)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
you have some potentialy nasty ------ ---- on there. reboot hit f8 like crazy, until you have the option to start into safe mode. fix all of thoes with hijack this. also try to find and delete them.
C:\WINDOWS\system32\?hkdsk.exe
O2 - BHO: (no name) - {1324122C-B588-FF5A-902C-8FC3BCC494AA} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O2 - BHO: (no name) - {1A913446-868B-DE23-D858-A77F6419D2C3} - C:\WINDOWS\system32\eatsbb.dll
O2 - BHO: (no name) - {26092225-98B8-BC68-BD1C-B7EEFD80B993} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O2 - BHO: (no name) - {26092229-98B8-CD1C-BD1B-BDEEF985B9E9} - C:\WINDOWS\system32\cuksutry.dll (file missing)
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [api driver] sys32.exe
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Mpfltw] C:\WINDOWS\system32\?hkdsk.exe
O4 - HKCU\..\Run: [Eaai] C:\Program Files\nsab\osae.exe (i dont know what this is but get it out of your start up)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
you have some potentialy nasty ------ ---- on there. reboot hit f8 like crazy, until you have the option to start into safe mode. fix all of thoes with hijack this. also try to find and delete them.
06-01-2005, 07:08 PM
#13
3.0 BAR
Thread Starter
Join Date: May 2004
Posts: 5,042
Re: Need help from the computer nerds
well I ran the hijacker program and fixed all those items. We will see what happens now.
I am never using Limewire or Kazaa ever again. They are a pain, and virus filled.
Back to newsgroups for me.
I am never using Limewire or Kazaa ever again. They are a pain, and virus filled.
Back to newsgroups for me.
06-03-2005, 02:52 PM
#17
1.5 BAR
Join Date: May 2003
Posts: 784
Re: Need help from the computer nerds
Originally Posted by kain
go to symantec and do their housecall virus scanning. its completly free and you dont download anything. it just runs a virus scanner from their web sight. its pretty fast and catches pretty much everything, so give them a try.
06-03-2005, 03:59 PM
#18
1.0 BAR
Join Date: Aug 2003
Location: Sheridan, Wy
Posts: 208
06-04-2005, 12:49 AM
#19
0.0 BAR
Join Date: Feb 2003
Posts: 0
Re: Need help from the computer nerds
StartupList report, 6/3/2005, 10
5:56 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Colten\Desktop\startuplist\StartupList.EX E
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Colten\Desktop\startuplist\StartupList.ex e
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MimBoot = C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
A70F6A1D-0195-42a2-934C-D8AC0F7C08EB = rundll32.exe E6F1873B.DLL,D9EBC318C
98D0CE0C16B1 = rundll32.exe D0CE0C16B1,D0CE0C16B1
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
WinampAgent = C:\Program Files\Winamp\winampa.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Raeo = C:\Documents and Settings\Colten\Application Data\leeu.exe
Rtfeq = C:\WINDOWS\System32\?hkntfs.exe
ProxyWay = C:\Program Files\ProxyWay\proxyway.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\System32\ogegkc.dll (file missing) - {F863AB78-11C3-3610-B80F-65F3EE514397}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer - Colten.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB
[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...0C/wmv9dmo.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/Ms...Downloader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6,093 bytes
Report generated in 6.680 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
----------------------------------------------------------------------------------------------
5:56 PMStartupList version: 1.52
Started from : C:\Documents and Settings\Colten\Desktop\startuplist\StartupList.EX E
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Colten\Desktop\startuplist\StartupList.ex e
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MimBoot = C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
A70F6A1D-0195-42a2-934C-D8AC0F7C08EB = rundll32.exe E6F1873B.DLL,D9EBC318C
98D0CE0C16B1 = rundll32.exe D0CE0C16B1,D0CE0C16B1
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
WinampAgent = C:\Program Files\Winamp\winampa.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Raeo = C:\Documents and Settings\Colten\Application Data\leeu.exe
Rtfeq = C:\WINDOWS\System32\?hkntfs.exe
ProxyWay = C:\Program Files\ProxyWay\proxyway.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\System32\ogegkc.dll (file missing) - {F863AB78-11C3-3610-B80F-65F3EE514397}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer - Colten.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB
[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...0C/wmv9dmo.cab
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/Ms...Downloader.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6,093 bytes
Report generated in 6.680 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
----------------------------------------------------------------------------------------------
Thread
Thread Starter
Forum
Replies
Last Post
HondaTuner
General Discussion
33
10-14-2006 07:38 PM
myshtern
General Discussion
10
07-26-2006 08:13 AM
