hector_v

Members
 View Profile  See their activity

  • Content Count

    29

  • Joined

  • Last visited

 Content Type 

Everything posted by hector_v

  1. hector_v
    Thank You !! I really appreciate all your help and I make sure put in my two cents. Thanks Again ! HectorV
  2. hector_v
    Thanks. Things are running a lot better ! I deleted all the scanning programs. The Norton program I can run. But as mentioned, it's expired. Here's the latest log. Logfile of HijackThis v1.99.1 Scan saved at 10:49:12 AM, on 7/20/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Pr
  3. hector_v
    Hello, OK - I found the good file and deleted the bad one. The date created was 1/16 and not 1/11 as noted. But I figured it was the one and as long as the good one was left alone. Here's the latest hjt log. Thanks HectorV Logfile of HijackThis v1.99.1 Scan saved at 7:05:04 AM, on 7/20/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Pro
  4. hector_v
    Hello, Here's the Findfile txt and new hjt log. There about three files that I was not allowed to delete for some reason. The machine is working a lot faster !! I have Norton Antivirus. But it's expired. HectorV Volume in drive C has no label. Volume Serial Number is 44DE-BE07 Directory of C:\WINDOWS\SYSTEM32 08/29/2002 04:00 AM 22,016 USERINIT.EXE 01/11/2005 07:15 AM 401,408 ??erinit.exe 2 File(s) 423,424 bytes Directory of C:\Documents and Settings\Alex McInroe\Desktop Logfile of HijackThis v1.99.1 Scan saved at 7:19:29 PM, on 7/19/2005 Platfo
  5. hector_v
    Hello, Attached find the Panda report. hjt log follows. Thanks HectorV Logfile of HijackThis v1.99.1 Scan saved at 5:21:34 PM, on 7/18/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDO
  6. hector_v
    Here it is.... jjaaoo.exe.txt
  7. hector_v
    I do not get any redirects. But I do get a blank pop up once in while. When I ran the Vb script a pop up came up (Explorer being hijacked) HV
  8. hector_v
    Hello, OK - Here's the latest log. How would I check the system restore status? The cpl file seems to be gone. HectorV Logfile of HijackThis v1.99.1 Scan saved at 2:51:05 PM, on 7/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvt
  9. hector_v
    Hello, Here's the latest. HectorV Logfile of HijackThis v1.99.1 Scan saved at 11:12:47 AM, on 7/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\s
  10. hector_v
    Sorry, forgot to mentioned that during the first scan of the file a couple of replies back, the file was found to be a trojan so I deleted using killbox as indicated. HectorV
  11. hector_v
    Hello, I tried to scan the file "C:\WINDOWS\SYSTEM32\conres.cpl" But It was not found when I attempted to submitted ?? Here's the latest hjt log. Hope it helps HectorV Logfile of HijackThis v1.99.1 Scan saved at 9:45:03 AM, on 7/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:
  12. hector_v
    Hellos, Here's the latest. Thanks HectorV Logfile of HijackThis v1.99.1 Scan saved at 8:18:31 AM, on 7/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WI
  13. hector_v
    OK - Here's the latest hjt log. Thanks HectorV Logfile of HijackThis v1.99.1 Scan saved at 8:03:12 PM, on 7/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe
  14. hector_v
    Hello, Here are the three logs as requested. Logfile of HijackThis v1.99.1 Scan saved at 4:28:51 PM, on 7/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:
  15. hector_v
    Sorry, forgot to mention that I was unable to select "Unregister .dll before Deleting" while using Killbox. HV
  16. hector_v
    OK. Here's the latest hjt log. Thanks HectorV Logfile of HijackThis v1.99.1 Scan saved at 6:31:20 PM, on 7/14/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C
  17. hector_v
    Here are the other logs requested. - HV StartupList report, 7/13/2005, 4:09:45 PM StartupList version: 1.52.2 Started from : C:\cws\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svc
  18. hector_v
    OK - Attached find the rkfile log.txt The rest will follow shortly. Thanks HectorV log.txt
  19. hector_v
    Hello, The pfind link is broken. I was unable to download it. Here's the latest hjt log. Logfile of HijackThis v1.99.1 Scan saved at 6:21:46 PM, on 7/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LE
  20. hector_v
    I ran the scan as instructed. But unfortunately the program did not allow me to delete the infected files found ? Regards HectorV
  21. hector_v
    Hello, Here's the Qoologic results. Thanks HectorV PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. some examples are MRT.EXE NTDLL.DLL. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Checking Global
  22. hector_v
    Hello, Here's the latest. Thanks - HectorV Logfile of HijackThis v1.99.1 Scan saved at 4:02:20 PM, on 7/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WI
  23. hector_v
    Hello, Here's the latest log. Thanks- HectorV Logfile of HijackThis v1.99.1 Scan saved at 1:32:10 PM, on 7/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C
  24. hector_v
    HI, OK, I'm back. I ran ewido. But I could not save the log. I deleted all infected files. Hope the latest HJT log helps. Thanks - HectorV Logfile of HijackThis v1.99.1 Scan saved at 5:36:44 AM, on 7/1/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Sy
  25. hector_v
    I tried to run housecall. But my computer keeps hanging up. Here's the latest file. Logfile of HijackThis v1.99.1 Scan saved at 6:23:22 PM, on 6/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES