Welcome to Dell Community Forum. My name is
Tim. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
In order to help me help you, please observe the following while we work:
1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
2. Understand that cleaning your computer can sometimes take multiple passes/posts,
and it's important to follow the steps as listed including re-running scans as listed.
3. Please reply to this thread, do not start another.
If you can do those three things, everything should go smoothly.
You have an infected computer.
You are running SP1 you need to update to SP2
but not until we clean out the infections. Infections can interfer with this update.
I need to it get you to move HJT to save backups.
Please do the following: Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to
My Computer (Windows key+e) then double click on
C: then right click and select
New then
Folder and name it
HJT.
Now move
HJT exe. to this folder
If required a tutorial is here =
Hijackthis Folder Tutorial
Next I need you to post a
new Hijackthis log things could have changed since this one
4 days ago.
OK. I followed your instructions, moved HJT.EXE, etc. Here is the latest HIJACK log file.
Logfile of HijackThis v1.99.1
Scan saved at 10:08:58 PM, on 6/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Save the file to your desktop and double click
l2mfix.exe. Click the
Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click
l2mfix.bat and select option
#1 for
RunFind Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
Hello again cjd31jr
Sorry for the confusion I will need you to post a new HiJackthis log for me to check infections can change in the time that has past. If you have not downloaded L2mfix hold off I may need to write a new fix.
Tim
OK. I got a little confused with your replies. I think you want me to hold off on the l2 and post another hijack log. However, I haven't used the laptop since I posted the last one, shut it down and have been using a temporary loaner. So I am holding off on the l2mfix as you suggest. Please advice as again, that is the latest hijack log.
Save the file to your desktop and double click
l2mfix.exe. Click the
Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click
l2mfix.bat and select option
#1 for
RunFind Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
It has been quite a few days (7 days or more) since your last post. I am presuming now that your problem has been solved and this topic is now inactive. I will keep tabs on this post for another 7 days from this date, after which if you need help you should start a new topic. If you should wish to reply before the 7 days has passed then simply please post a fresh HJT log before proceeding further.
No,my problem has not been resolved. As I explained in my last post, that is the latest HJT log. I have been waiting for your reply on next steps. Please advise as this has been going on for awhile. I have shut off this machine since the last post of the HJT. Using another laptop until I get this resolved. So please provide a solution.
tim s10
33 Posts
0
June 9th, 2006 16:00
Welcome to Dell Community Forum. My name is Tim. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
and it's important to follow the steps as listed including re-running scans as listed.
If you can do those three things, everything should go smoothly.
tim s10
33 Posts
0
June 9th, 2006 18:00
You have an infected computer.
You are running SP1 you need to update to SP2 but not until we clean out the infections. Infections can interfer with this update.
I need to it get you to move HJT to save backups.
Please do the following:
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Now move HJT exe. to this folder
If required a tutorial is here = Hijackthis Folder Tutorial
Next
I need you to post a new Hijackthis log things could have changed since this one 4 days ago.
tim
Message Edited by tim s10 on 06-09-200602:54 PM
cjd31jr
5 Posts
0
June 10th, 2006 01:00
Logfile of HijackThis v1.99.1
Scan saved at 10:08:58 PM, on 6/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ssn6tuu.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\System32\nr1rnqm8.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\explorer.exe
C:\Program Files\S?mantec\??erinit.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wmiapsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Network Monitor\netmon.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {06C7CAB4-39AC-499F-BCD2-D487DAC7A73C} - C:\WINDOWS\System32\gebcd.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Olot] "C:\PROGRA~1\COMMON~1\WNSXS~1\explorer.exe" -vt yazr
O4 - HKCU\..\Run: [Vuhaq] C:\Program Files\S?mantec\??erinit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105389755108
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll
O20 - AppInit_DLLs: mmc.dll C:\WINDOWS\System32\mmc.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\p24ulch91f4.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\SYSTEM32\gebcd.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\MBC42ENU.DLL (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe
tim s10
33 Posts
0
June 10th, 2006 22:00
http://www.downloads.subratam.org/l2mfix.exe
cjd31jr
5 Posts
0
June 30th, 2006 05:00
tim s10
33 Posts
0
June 30th, 2006 09:00
Sorry for the confusion I will need you to post a new HiJackthis log for me to check infections can change in the time that has past. If you have not downloaded L2mfix hold off I may need to write a new fix.
Tim
tim s10
33 Posts
0
June 30th, 2006 09:00
Hello cjd31jr
Were did you post the log I did not recieve message that you had posted it. sorry the l2mfix log
Message Edited by tim s10 on 06-30-200605:08 AM
cjd31jr
5 Posts
0
July 4th, 2006 15:00
tim s10
33 Posts
0
July 4th, 2006 18:00
http://www.downloads.subratam.org/l2mfix.exe
tim s10
33 Posts
0
July 13th, 2006 01:00
It has been quite a few days (7 days or more) since your last post. I am presuming now that your problem has been solved and this topic is now inactive. I will keep tabs on this post for another 7 days from this date, after which if you need help you should start a new topic. If you should wish to reply before the 7 days has passed then simply please post a fresh HJT log before proceeding further.
cjd31jr
5 Posts
0
July 20th, 2006 00:00
_KotaGuy
99 Posts
0
July 20th, 2006 01:00
I need you to follow the instructions in this post and post the L2MFix log for me to look at.
Thanks.