Dankwsc

Members
  • Content Count

    32
  • Joined

  • Last visited

Everything posted by Dankwsc

  1. Insipid, -Here is my last Hijack this Log that I ran in safe mode: Logfile of HijackThis v1.99.1 Scan saved at 8:49:18 PM, on 6/27/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Shane Dankworth\Desktop\HijackThis.exe O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [xdkbyxru] c:\winnt\system32\xdkbyxru.exe O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Awlwsterkfp - Unknown owner - (no file) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  2. I proceeded with your instructions despite not being able to use ewido even in safe mode. However, when I started to "fix all checked" in Hijack This(normal mode) I would get the following window and it would closethe program down: The instruction at "0x100018a6" referenced memory at "0xeb01001b". The memory could not be "written". Very frustrated!!!
  3. Insipid, -I installed both cleanup and Ewido, however when I tried to update Ewido per your instructions, I could not since my internet isn't working. I guess we need to fix the internet problem before I can go any further with the instructions above. Please advise. Thanks!
  4. Insipid, -Unfortunately last night when I tried to run a log in normal mode, it would cut me off every time. I will proceed today with your instructions. Thanks!
  5. Isipid, -I will try to get a log in normal mode today if I can, otherwise the most recent log run in safe mode is on the original message. Thanks!
  6. Thanks insipid for your reply. To answer your question, Dave38 on spywareinfo was in the process of helping me. The log that I listed was in fact done in safe mode as that is the only mode that I can truly operate on. When I try to run a hijack this log in the normal mode, Spy Sheriff and Ware out completely shut me down and wont let me finish running it(it freezes my computer and I am getting tons of popups). My internet will not work properly as a result of this too. That is why I am having to correspond with you from my office at work, so please be patient with me. Once you give me direction(s) I will usually have to go home at night and work on it, then I will email you back the next day with the result until we can get the internet up and running again. My computer is barely breathing, but I am confident that help is on the way!! Thanks again!
  7. Browser has been hijacked...not sure how, when, or why. I was receiving assistance with this till the forum I was on before is no longer working. Could someone please take over where we left off? Attached is my most recent HijackThis Log. Unfortunately, this nasty "thing" has rendered my internet useless therefore I will be corresponding from another computer, so I appreciate your patience. Thanks in advance! Logfile of HijackThis v1.99.1 Scan saved at 3:01:06 PM, on 6/13/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\userinit.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ctfmon.exe C:\Documents and Settings\Shane Dankworth\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html R3 - URLSearchHook: (no name) - {C6000CE3-6670-D005-3C35-F82D96F63836} - NsCplTray.dll (file missing) O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINNT\ceres.dll O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\vfxrc.dll O2 - BHO: Internet Explorer Hot Fix - {D849BA66-677C-421A-9916-FCFB5D6B9A75} - C:\WINNT\system32\itunb.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\vfxrc.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PerformCl] C:\WINNT\system32\perfcl.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [WindowsUpdate] C:\WINNT\System\svchost.exe /s O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [abrek] PasswdMon.exe O4 - HKLM\..\Run: [MONITER] DTOURS.exe O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1 O4 - HKCU\..\Run: [eB7mRPfsj] aamcom.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe" O4 - HKCU\..\Run: [setupExeDll] RtlFindVal.exe O4 - HKCU\..\Run: [keybdll] SysEntry.exe O4 - HKCU\..\Run: [xxtoolbar] 34763.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU) O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F62805F4-8FB3-45C1-A275-87EBD4C1E533}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37 O20 - Winlogon Notify: style2 - C:\WINNT\q20924938_disk.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Awlwsterkfp - Unknown owner - (no file) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS