Hi,
Go to
here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.
Post the log that it generates here.
Steve
Message Edited by zbestwun2001 on 01-26-2005 02:42 PM
I have tried to do what you suggested but when i try to run a scan on Hijackthis it says it has detected a fault and has to close. It's 10.30pm and i have been trying for the last 3 hours.
Funny thing is the 'Ceres' pop ups have stopped and my computer speed has returned to normal. does this mean they have gone ??
Try running one (or both) of these free online scans: House Call, or Panda Software. Let them fix whatever they find.
Some viruses and spyware programs can inhibit the use of HijackThis and other antivirus/antispyware programs. Running either or both of the above-mentioned online scans often will help fix this problem. After running the scan(s), see if HijackThis will run . Post back here and let us know the results.
Hope this helps
George:smileyhappy:
Message Edited by SpotCheckBilly on 01-28-2005 03:07 PM
That's seems to be my weak spot ... :) - plus, I hate to imagine this stuff festering away on someones system.
You might need to try the prior version. There seems to be a problem with the newest version when it gets to certain entry types during the scan on some systems.
I have been having similar issues and did what you suggested for Tracey - could you please advise me also?!? I am also not the best with technology so kitchen english please!
Thanks
Keith
Logfile of HijackThis v1.99.0
Scan saved at 16:53:03, on 29/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Let's start with this, then see what we'll have left. Also, when you post back a respose, go ahead and start a new thread, then post a quick note here so i'll get the e-mail notification.
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives. 2. Check(tick) "Auto Clean". 3. Click "Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
If you don't already have it, download, install and run
AdAware SE Personal.
-
Next, check for, and download any available updates:
1. click "Check for updates now". 2. Click "Connect". 3. If updates(definitions) are available click "Ok", otherwise, click "Ok". 4. Click "Finish".
-
Next, configure AdAware to be as effective as possible:
1. Click the 'gear' in the upper-right hand corner of the AdAware Window. 2. Click Scanning, and check(tick) the following:
Scan within archives Scan active processes Scan registry Deep-scan registry Scan my IE Favorites for banned URLs Scan my Hosts file
3. Click "Tweak". 4. Click "Scanning Engine", then check(tick) the following:
Unload recognized proceses & modules during scan
5. Click "Cleaning Engine", then check(tick) then following:
>Always try to unload modules before deletion During removal, unload Explorer and IE if necessary Let Winodws remove files in use at next reboot Delete quarantined objects after retoring
6. Then click "Proceed"
-
Now, let AdAware locate and remove anything it finds, by:
1. Click "Start". 2. Check(tick) "perform full system scan". 3. Click "Next".
-
Exit the program.
If you don't already have it, download, install and run
Spybot S & D. Next, update the current definitions by:
-
Next, check for, and download any available updates:
1. Click "Search for Updates". 2. Check(tick) all available updates. 3. Click "Download Updates". 4. Click "Search & Destroy". 5. Click "Check for Problems".
-
When the scan is completed:
1. Check(tick) everything that was found. 2. Click "Fix selected problems".
zbestwun2001
3 Apprentice
•
8.8K Posts
0
January 26th, 2005 20:00
Go to here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.
Post the log that it generates here.
Steve
Message Edited by zbestwun2001 on 01-26-2005 02:42 PM
Midnight Star
4.8K Posts
0
January 28th, 2005 01:00
Let's see whats running on that system that might be causing that type of problem; post up a HiJackThis log for review.
Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.0. Now, let's do the following:
1. Click " Scan"
2. Click " Save log"
Notepad will pop-up with a copy of your system long, then:
1. " Edit | Select all"
2. " Edit | Copy"
Next, let's " Reply" back to this post, then:
1. Right-click on the message body.
2. Select " Paste"
Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
Mike.
Baggie babe
2 Posts
0
January 28th, 2005 20:00
Hiya Mike
Thanx for helping a lady in distress
I have tried to do what you suggested but when i try to run a scan on Hijackthis it says it has detected a fault and has to close. It's 10.30pm and i have been trying for the last 3 hours.
Funny thing is the 'Ceres' pop ups have stopped and my computer speed has returned to normal. does this mean they have gone ??
regards Tracy
SpotCheckBilly
932 Posts
0
January 28th, 2005 21:00
Hi Tracy,
Try running one (or both) of these free online scans: House Call, or Panda Software. Let them fix whatever they find.
Some viruses and spyware programs can inhibit the use of HijackThis and other antivirus/antispyware programs. Running either or both of the above-mentioned online scans often will help fix this problem. After running the scan(s), see if HijackThis will run . Post back here and let us know the results.
Hope this helps
George:smileyhappy:
Message Edited by SpotCheckBilly on 01-28-2005 03:07 PM
Midnight Star
4.8K Posts
0
January 28th, 2005 22:00
Hey Tracy,
That's seems to be my weak spot ... :) - plus, I hate to imagine this stuff festering away on someones system.
You might need to try the prior version. There seems to be a problem with the newest version when it gets to certain entry types during the scan on some systems.
-
Mike.
KRobson
1 Message
0
January 29th, 2005 15:00
Scan saved at 16:53:03, on 29/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\PostCast Server\postcastserver.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\program files\dell computer\dell image expert\quicktime\qttask.exe
C:\WINDOWS\services.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\f0r0r\dirote.exe
C:\WINDOWS\System32\0rlof\dirote.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\f0r0r\ppi.exe
C:\WINDOWS\System32\0rlof\ppi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\James Gaubert\Application Data\winvc\msiesh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [PostCast Server] C:\Program Files\PostCast Server\postcastserver.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\System32\f0r0r\kolder.exe C:\WINDOWS\System32\f0r0r\dirote.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\dell computer\dell image expert\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wms32] C:\WINDOWS\System32\0rlof\kolder.exe C:\WINDOWS\System32\0rlof\dirote.exe
O4 - HKLM\..\Run: [JavaVM] C:\WINDOWS\java.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [pgbumrnceuc] C:\WINDOWS\System32\ajzujj.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [idev] C:\WINDOWS\idev.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.faceparty.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/build/vxiewer.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre3.com/build/preload.cab
O16 - DPF: {0CB2BD5A-7A80-4BA9-B49A-02DC51144BDF} (vciewer control) - http://www.thepaymentcentre.com/build/vciewer.cab
O16 - DPF: {11111111-1111-1111-1111-110718384385} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://accu.acculoader.com/new/cont/sc.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/extremegayvideo/Browser_Plugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65EE465F-DAE4-44C4-B3AE-9FA8BCB4E95F}: NameServer = 194.74.65.69 194.72.9.38
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Midnight Star
4.8K Posts
0
January 29th, 2005 15:00
Keith,
Let's start with this, then see what we'll have left. Also, when you post back a respose, go ahead and start a new thread, then post a quick note here so i'll get the e-mail notification.
Download the Sasser removal tool from Symantec and follow the removal instructions on that page.
Go to www.trendmicro.com, and then:
1. Click "Free Online Scan".
2. Click "Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
If you don't already have it, download, install and run AdAware SE Personal.
-
Next, check for, and download any available updates:
1. click "Check for updates now".
2. Click "Connect".
3. If updates(definitions) are available click "Ok", otherwise, click "Ok".
4. Click "Finish".
-
Next, configure AdAware to be as effective as possible:
1. Click the 'gear' in the upper-right hand corner of the AdAware Window.
2. Click Scanning, and check(tick) the following:
Scan within archives
Scan active processes
Scan registry
Deep-scan registry
Scan my IE Favorites for banned URLs
Scan my Hosts file
3. Click "Tweak".
4. Click "Scanning Engine", then check(tick) the following:
Unload recognized proceses & modules during scan
5. Click "Cleaning Engine", then check(tick) then following:
>Always try to unload modules before deletion
During removal, unload Explorer and IE if necessary
Let Winodws remove files in use at next reboot
Delete quarantined objects after retoring
6. Then click "Proceed"
-
Now, let AdAware locate and remove anything it finds, by:
1. Click "Start".
2. Check(tick) "perform full system scan".
3. Click "Next".
-
Exit the program.
If you don't already have it, download, install and run Spybot S & D. Next, update the current definitions by:
-
Next, check for, and download any available updates:
1. Click "Search for Updates".
2. Check(tick) all available updates.
3. Click "Download Updates".
4. Click "Search & Destroy".
5. Click "Check for Problems".
-
When the scan is completed:
1. Check(tick) everything that was found.
2. Click "Fix selected problems".
-
Click "Ok", then exit the program.
Post back a new log.
-
Mike.