winzlo

Members
  • Content Count

    41
  • Joined

  • Last visited

Community Reputation

0 Neutral

About winzlo

  • Rank
    Advanced Member
  1. i apologize for not coming to you sooner but i couldnt find the thread, like an idiot i was looking in the wrong forums as far as i can tell, we did get rid of some of the problems, the popup thing that said something about windows cannot find blah blah sumthing system32 but my computer is running EXTREMELY slow also my ad-aware and spybot search and destroy have both been like disabled(pretty much the scans find NOTHING, EVER) and even with no programs open i can press ctrl alt del and look and cpu memory usage will be extremely high i'll try to do one thing and it will go to 100% one MAJOR problem is that when i go to task manager and try to shut down a process(more than one are there are any given time) ekrn.exe, it just pops right back up, and when i try to set the priority to very low or whatever access is denied, and that goes for any process in there looking at ad-watch in the "connect tab" in analyzed processes it lists ekrn.exe(with an outgoing tcp of 1480) and svchost.exe i can guarantee both of these are malevolent, in process watch, a tool that comes with ad-aware pro(that i have no clue how to use and cant find any directions :-/ , it shows something under image name s[systep process] then under that there is one that just says system and in that there is smss.exe and in that there is csrss.exe and winlogon.exe(with a high priority level i cannot change), and in winlogon.exe there is services.exe and lsass.exe, inside services.exe is a TON AND A HALF of svchost.exe's and even AAWSERVICE.EXE WITH THE ADAWARE LOGO IS THERE! so is ekrn.exe! when i click the scan button nothing happens, no matter what i click on and have highlighted! theres a terminate button but i used it last night on one of these bad programs an error came up and i had to restart my computer, would it work in safe mode? where do i go to get technical support for all the money my broke but paid for pro? so far the only help i have gotten is from you, THANKFULLY, and i did message them once, right when i got pro, send in a message to the tech team twice, and never recieved a response(if i do is it by email? maybe i didnt see it cause my mailbox is full of junk mail i should probably have gone with a diff email address) as far as that tech support i guess it would be worth another try, but i really only see myself getting ahead through you guys, do you know anyone that can tell me how to use the terminate button on these bad processes??? thanks again
  2. thanks, ill get on it as soon as i get the go ahead, im hesitant because i feel i must tell you that somethings wrong(even though im not noticing ANYTHING indicating adware, its normal for my scans to find stuff, however for some strange reason, even when i dont get the scanner busy error with ad-aware, both ad-aware and spybot search and destroy have NOT been finding anything, with the exception of one or two items, such as MRU with a TAC of 0.... should i still do the system restore as you instructed or is there something wrong here? ill do another scan with spybod s&d hopefully i find more than one item and see that my adware programs arent being messed with by some kind of malware? soon as i get the go ahead i'll get right on it, thanks and god bless once again
  3. "Delete these folders named listed in bold: C:\Documents and Settings\Owner\Application Data\axis wait balm C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink Finally, let's reset your system restore at this point to purge the infected backups and create a new restore point before proceeding" done, thanks again, im back 100 percent i havent been staying here in weeks long story im sure u care less about hearing... anyway im tired as hell ill do the system restore thing tomorrow, what does that exactly do by the way? im about to do the disk cleanup thing before i go to sleep, thanks again jane also for some reason my adaware hasnt been picking up on anything really when i know my computer is badly infected, sometimes the program wont work saying server is busy :-/ but i definetly have seen a change by following your kind instructions, hopefully we can get things back to normal within the next few days cause im just gonna avoid the problems that had me staying at my sisters and have patience, thanks again so atleast tell me what the system restore thing is gonna do and what i've accomplished this far with your help and what that has done? thanks later
  4. figured id close the original zip file and use the extracted one and now i clicked save log, for the heck of it and i now have the option step one has been completed reboot now? i never said yes to any commants, guess its for a log after a reboot?
  5. when i clicked the green light it says right now ok to create log file or abort, hit abort got error code 0 and it closed i followed the directions perfectly ill try again, it mentioned the zip file....that i extracted to my desktop as directed to guess aborting was a good thing? should i give it another shot? to be more informational... there was an error when i hit the green light, let me try again, i know it had to do with the zip file, thinkin i clicked the non extracted one?
  6. i successfully put show hidden files(99 percent sure) i will check real quick IM SURE that they are their... but i wasnt able to access the folder "application data" ok im checking now, ya, its been unchecked, and it IS CHECKED to show hidden files and folders... what isnt unchecked is hide extensions for blah blah.... but ill leave it like that since you didnt tell me to do that... but i did successfully do the uncheck of hide blah blah(recommended) now im gonna post this and do what you directed me to do above, thanks again, gotta take a leak n throw sumthin in the microwave really quick i apologize iknow your waiting for me but i havent put anything in my stomach aside from liquid all day... brb i already downloaded the thing too so ill be right back n get right on it, 5 minutes, like 7 tops
  7. ya i figured i posted a dumb question and played it safe, i replied about what happened when i tried to access the stuff, thanks again
  8. i answered my own dumb question n wrote down what to delete lol went into safe mode, accessed owner/application data and was told access denied this folder is not accessible or sumthin like that under allusers there was no folder for application data... awhile ago i made another user on here for the heck of it n forgot the password lol... aside from administrator and eddie(the one i forgot until recently the password to) there should be no other users im still curious about what you meant by being at work and the three things.... alright jane what should i do now? skip the step in safe mode or.... ill just wait on you geeze this sucks not being able to surf the web etc. i prefer watching things in google video than the crap on tv anyday lol thanks again jane.... the only person to help make this x-mas not super sucky haha... but hey its supposed to be about acting in a christ like manner, i dont know what you believe in but if there was a santa you would get a mega computer or sumthin lol.... even if he had to dismantle any fireplace
  9. k im on it, i already did the thing so it will show hidden files, now before i go into safe mode, will i be able to access this page from that? otherwise i guess i should write down your instructions before going into safe mode?
  10. crap wasnt i supposed to attach a file??? im sorry jane i have so much crap goin on right now i cant even fall asleep half the time thanks again for your help and patience... i hope your christmas is a great one
  11. sorry the deljob was copied n pasted wrong, the hijack this shoulda been copied n pasted right.... here is the full from the deljob notepad file -------------------------------------------------------- File(s) moved to C:\deljob A49B1E2293088F3E.job -------------------------------------------------------- Files remaining after cleaning AdwareAlert Scheduled Scan.job -------------------------------------------------------- App data folders Volume in drive C has no label. Volume Serial Number is 80ED-5021 Directory of C:\Documents and Settings\Owner\Application Data 12/04/2007 12:10 AM <DIR> . 12/04/2007 12:10 AM <DIR> .. 03/01/2006 10:29 PM <DIR> acccore 05/04/2006 03:48 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> AdobeUM 06/27/2007 11:37 PM <DIR> ADWARE~1 AdwareAlert 04/09/2006 11:13 AM <DIR> Aim 07/04/2006 12:43 PM <DIR> APPLEC~1 Apple Computer 05/03/2007 10:27 PM <DIR> AXISWA~1 axis wait balm 03/28/2007 12:50 PM <DIR> DivX 11/06/2006 10:45 PM <DIR> Google 03/01/2006 10:23 PM <DIR> Help 03/01/2006 09:01 PM <DIR> IDENTI~1 Identities 11/13/2007 12:56 AM <DIR> Lavasoft 06/05/2006 04:51 PM <DIR> LEADER~1 Leadertech 03/01/2006 11:00 PM <DIR> MACROM~1 Macromedia 11/15/2007 03:01 PM <DIR> MEGAUP~1 MegauploadToolbar 08/18/2006 12:43 PM <DIR> MICROS~1 Microsoft 12/02/2007 01:04 AM <DIR> Mozilla 03/02/2006 12:26 AM <DIR> MUSICM~1 Musicmatch 08/20/2006 01:10 PM <DIR> Netscape 03/04/2006 10:30 PM <DIR> Real 07/14/2006 03:34 PM <DIR> Sonic 03/07/2006 08:21 PM <DIR> Sun 11/06/2006 03:19 AM <DIR> uTorrent 08/04/2007 01:30 PM <DIR> VIEWPO~1 Viewpoint 08/21/2006 05:32 AM <DIR> yahoo! 11/22/2006 10:37 PM <DIR> ZANGOT~1 ZangoToolbar 0 File(s) 0 bytes 28 Dir(s) 8,304,766,976 bytes free Volume in drive C has no label. Volume Serial Number is 80ED-5021 Directory of C:\Documents and Settings\All Users\Application Data 12/19/2007 02:37 PM <DIR> . 12/19/2007 02:37 PM <DIR> .. 05/03/2007 10:26 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> Adobe(2) 08/14/2006 10:17 PM <DIR> AOL 08/04/2007 01:03 PM <DIR> AOLDOW~1 AOL Downloads 08/04/2007 01:07 PM <DIR> AOLOCP~1 AOL OCP 05/17/2006 04:20 PM <DIR> APPLEC~1 Apple Computer 09/17/2006 12:47 PM <DIR> CanonBJ 12/19/2007 02:37 PM <DIR> ESET 05/03/2007 10:27 PM <DIR> FIVEBO~1 FiveBoneBarbLink 07/24/2007 02:52 PM <DIR> Google 06/26/2007 09:38 PM <DIR> Lavasoft 03/02/2006 11:00 AM <DIR> MICROS~1 Microsoft 08/05/2007 05:36 PM <DIR> SPYBOT~1 Spybot - Search & Destroy 08/04/2007 01:05 PM <DIR> VIEWPO~1 Viewpoint 03/02/2006 12:43 AM <DIR> WINDOW~1 Windows Genuine Advantage 11/02/2006 02:00 AM <DIR> YAHOO 08/21/2006 04:16 AM <DIR> yahoo! 0 File(s) 0 bytes 19 Dir(s) 8,304,766,976 bytes free --------------------------------------------------------
  12. it was there n now its there twice lol sorry here it all is - this is from deljob(and no nothing came up about suspicious files :-/ ) - 12/04/2007 12:10 AM <DIR> . 12/04/2007 12:10 AM <DIR> .. 03/01/2006 10:29 PM <DIR> acccore 05/04/2006 03:48 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> AdobeUM 06/27/2007 11:37 PM <DIR> ADWARE~1 AdwareAlert 04/09/2006 11:13 AM <DIR> Aim 07/04/2006 12:43 PM <DIR> APPLEC~1 Apple Computer 05/03/2007 10:27 PM <DIR> AXISWA~1 axis wait balm 03/28/2007 12:50 PM <DIR> DivX 11/06/2006 10:45 PM <DIR> Google 03/01/2006 10:23 PM <DIR> Help 03/01/2006 09:01 PM <DIR> IDENTI~1 Identities 11/13/2007 12:56 AM <DIR> Lavasoft 06/05/2006 04:51 PM <DIR> LEADER~1 Leadertech 03/01/2006 11:00 PM <DIR> MACROM~1 Macromedia 11/15/2007 03:01 PM <DIR> MEGAUP~1 MegauploadToolbar 08/18/2006 12:43 PM <DIR> MICROS~1 Microsoft 12/02/2007 01:04 AM <DIR> Mozilla 03/02/2006 12:26 AM <DIR> MUSICM~1 Musicmatch 08/20/2006 01:10 PM <DIR> Netscape 03/04/2006 10:30 PM <DIR> Real 07/14/2006 03:34 PM <DIR> Sonic 03/07/2006 08:21 PM <DIR> Sun 11/06/2006 03:19 AM <DIR> uTorrent 08/04/2007 01:30 PM <DIR> VIEWPO~1 Viewpoint 08/21/2006 05:32 AM <DIR> yahoo! 11/22/2006 10:37 PM <DIR> ZANGOT~1 ZangoToolbar 0 File(s) 0 bytes 28 Dir(s) 8,304,766,976 bytes free Volume in drive C has no label. Volume Serial Number is 80ED-5021 Directory of C:\Documents and Settings\All Users\Application Data 12/19/2007 02:37 PM <DIR> . 12/19/2007 02:37 PM <DIR> .. 05/03/2007 10:26 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> Adobe(2) 08/14/2006 10:17 PM <DIR> AOL 08/04/2007 01:03 PM <DIR> AOLDOW~1 AOL Downloads 08/04/2007 01:07 PM <DIR> AOLOCP~1 AOL OCP 05/17/2006 04:20 PM <DIR> APPLEC~1 Apple Computer 09/17/2006 12:47 PM <DIR> CanonBJ 12/19/2007 02:37 PM <DIR> ESET 05/03/2007 10:27 PM <DIR> FIVEBO~1 FiveBoneBarbLink 07/24/2007 02:52 PM <DIR> Google 06/26/2007 09:38 PM <DIR> Lavasoft 03/02/2006 11:00 AM <DIR> MICROS~1 Microsoft 08/05/2007 05:36 PM <DIR> SPYBOT~1 Spybot - Search & Destroy 08/04/2007 01:05 PM <DIR> VIEWPO~1 Viewpoint 03/02/2006 12:43 AM <DIR> WINDOW~1 Windows Genuine Advantage 11/02/2006 02:00 AM <DIR> YAHOO 08/21/2006 04:16 AM <DIR> yahoo! 0 File(s) 0 bytes 19 Dir(s) 8,304,766,976 bytes free -------------------------------------------------------- here is my new hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:52:18 PM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2159AC53-6EBF-40B8-AE36-CE84ECAE6D8A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A17690B-9F65-4F58-80C3-B36E93AB2BCF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{2159AC53-6EBF-40B8-AE36-CE84ECAE6D8A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6298 bytes if its any help, a few days ago when the net went out i tried tsk manager and every time i would shut down the process it would come right back, sometimes saw 3 in there at once, the process says ekrn.exe thanks again thinkin maybe when i hit reply it never went through here it is, i thank IE for the back button lol
  13. this is from deljob(and no nothing came up about suspicious files :-/ ) - 12/04/2007 12:10 AM <DIR> . 12/04/2007 12:10 AM <DIR> .. 03/01/2006 10:29 PM <DIR> acccore 05/04/2006 03:48 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> AdobeUM 06/27/2007 11:37 PM <DIR> ADWARE~1 AdwareAlert 04/09/2006 11:13 AM <DIR> Aim 07/04/2006 12:43 PM <DIR> APPLEC~1 Apple Computer 05/03/2007 10:27 PM <DIR> AXISWA~1 axis wait balm 03/28/2007 12:50 PM <DIR> DivX 11/06/2006 10:45 PM <DIR> Google 03/01/2006 10:23 PM <DIR> Help 03/01/2006 09:01 PM <DIR> IDENTI~1 Identities 11/13/2007 12:56 AM <DIR> Lavasoft 06/05/2006 04:51 PM <DIR> LEADER~1 Leadertech 03/01/2006 11:00 PM <DIR> MACROM~1 Macromedia 11/15/2007 03:01 PM <DIR> MEGAUP~1 MegauploadToolbar 08/18/2006 12:43 PM <DIR> MICROS~1 Microsoft 12/02/2007 01:04 AM <DIR> Mozilla 03/02/2006 12:26 AM <DIR> MUSICM~1 Musicmatch 08/20/2006 01:10 PM <DIR> Netscape 03/04/2006 10:30 PM <DIR> Real 07/14/2006 03:34 PM <DIR> Sonic 03/07/2006 08:21 PM <DIR> Sun 11/06/2006 03:19 AM <DIR> uTorrent 08/04/2007 01:30 PM <DIR> VIEWPO~1 Viewpoint 08/21/2006 05:32 AM <DIR> yahoo! 11/22/2006 10:37 PM <DIR> ZANGOT~1 ZangoToolbar 0 File(s) 0 bytes 28 Dir(s) 8,304,766,976 bytes free Volume in drive C has no label. Volume Serial Number is 80ED-5021 Directory of C:\Documents and Settings\All Users\Application Data 12/19/2007 02:37 PM <DIR> . 12/19/2007 02:37 PM <DIR> .. 05/03/2007 10:26 PM <DIR> Adobe 05/03/2007 10:26 PM <DIR> Adobe(2) 08/14/2006 10:17 PM <DIR> AOL 08/04/2007 01:03 PM <DIR> AOLDOW~1 AOL Downloads 08/04/2007 01:07 PM <DIR> AOLOCP~1 AOL OCP 05/17/2006 04:20 PM <DIR> APPLEC~1 Apple Computer 09/17/2006 12:47 PM <DIR> CanonBJ 12/19/2007 02:37 PM <DIR> ESET 05/03/2007 10:27 PM <DIR> FIVEBO~1 FiveBoneBarbLink 07/24/2007 02:52 PM <DIR> Google 06/26/2007 09:38 PM <DIR> Lavasoft 03/02/2006 11:00 AM <DIR> MICROS~1 Microsoft 08/05/2007 05:36 PM <DIR> SPYBOT~1 Spybot - Search & Destroy 08/04/2007 01:05 PM <DIR> VIEWPO~1 Viewpoint 03/02/2006 12:43 AM <DIR> WINDOW~1 Windows Genuine Advantage 11/02/2006 02:00 AM <DIR> YAHOO 08/21/2006 04:16 AM <DIR> yahoo! 0 File(s) 0 bytes 19 Dir(s) 8,304,766,976 bytes free -------------------------------------------------------- here is my new hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:52:18 PM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2159AC53-6EBF-40B8-AE36-CE84ECAE6D8A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A17690B-9F65-4F58-80C3-B36E93AB2BCF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{2159AC53-6EBF-40B8-AE36-CE84ECAE6D8A}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6298 bytes if its any help, a few days ago when the net went out i tried tsk manager and every time i would shut down the process it would come right back, sometimes saw 3 in there at once, the process says ekrn.exe thanks again thinkin maybe when i hit reply it never went through here it is, i thank IE for the back button lol
  14. i just did along with a new hijack this but i dont see it in the replies... maybe u saw what u needed and deleted it so other people dont get my computer information?