You didn't do anything silly did you?Originally posted by TheKiler@11 June 2004 - 05:19
No, I've been doing some research for my school. That was it.
Like actually take your pc to school and plug it into the network?
.
You didn't do anything silly did you?Originally posted by TheKiler@11 June 2004 - 05:19
No, I've been doing some research for my school. That was it.
Like actually take your pc to school and plug it into the network?
.Political correctness is based on the principle that it's possible to pick up a turd by the clean end.
No, I havent. I've scanned for the trojans and it found nothing. HELP :helpsmile:
well, seeing as you are at a loss, try this.
download hijack this here.
unzip into it's own folder and scan and save a log.
post the contents here.
good luck.
Logfile of HijackThis v1.97.7
Scan saved at 4:16:29 PM, on 6/11/2004
Platform: Windows XP SP1, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\protowall\ProtoWall.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.165.109.81:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\protowall\ProtoWall.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v4.windowsupdate.microsoft.com/v5co...b?1086544794265
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...8073.5604282407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
ok. first please unzip hijack this into it's own folder. running it from the zip file is risky, since the backups will be deleted as soon as you clear your temp files.
this item I have a question about:
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
did you set that shell up yourself? if not, you can also check it with hijack this.
rescan and check the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
close all browser windows and hit fix checked.
I see you have nod32 still installed, but it isn't listed in your running processes.
the corresponding 010 item is also missing.
I suggest you go offline, and uninstall/reinstall your nod32 software.
before doing that, though, using internet explorer, do an online virus scan here: http://housecall.trendmicro.com/hous...start_corp.asp
Reply With Quote
Bookmarks