Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Pending] HELP !!!!!!!!!!!!!!!

[Fixed] Hijackthis! Logs - [Pending] HELP !!!!!!!!!!!!!!! posted in the Security & Safety forums; please check this for Logfile of HijackThis v1.99.1 Scan saved at 7:47:52 PM, on 9/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 09-16-2005
luckey's Avatar
Bronze Member
  
Join Date: Aug 2005
Posts: 3
luckey - See this Members User comments on their Profile page
Default [Pending] HELP !!!!!!!!!!!!!!!
please check this for Logfile of HijackThis v1.99.1
Scan saved at 7:47:52 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\CHANCEY\LOCALS~1\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wtRAMDAC] C:\WINDOWS\system32\wtRAMDAC.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\WayTech\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{45A0A046-90B7-4768-BE8A-9A31CC255ABE}: NameServer = 206.47.244.59 206.47.244.105
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

me.
  #2  
Old 09-16-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: HELP !!!!!!!!!!!!!!!


Hy there luckey , welcome to PCHF.

I dont see any direct problems in youre log but do you know what this entry is from?

O4 - HKLM\..\Run: [wtRAMDAC] C:\WINDOWS\system32\wtRAMDAC.exe

If not , can you uplaod the file in bold to this page and post back the results?

http://virusscan.jotti.org/


And also as no name asked , did you have any specific problems?


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #3  
Old 09-16-2005
luckey's Avatar
Bronze Member
  
Join Date: Aug 2005
Posts: 3
luckey - See this Members User comments on their Profile page
Default Re: HELP !!!!!!!!!!!!!!!
Here is the log from Spywear Doctor. I am also having problem getting a game to work on line. The softwear won't down load anti cheat softwear from Battlefield 1942's punkbuster disk it worked the first time but wont work after I did a re download. some one told me I my have a virus and Norton also said I had one called Gamespy but it to came from my Battlefield 1942 softwear disk. Thank you for your help Oh. not sure about wtRAMDAC.exc is Thanks again



Spyware Doctor Activity Report
Generated on 9/15/2005 8:40:25 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 9/15/2005 8:41:27 PM
scan stop: 9/15/2005 8:47:31 PM
scanned items: 43696
found items: 11
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@serving-sys[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@atdmt[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@www.affiliatefuel[1].txt Medium
Advertising C:\Documents and Settings\CHANCEY\Cookies\chancey@centrport[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@pogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@cgi-bin[1].txt Medium
Advertising C:\Documents and Settings\CHANCEY\Cookies\chancey@com[2].txt Low
Advertising C:\Documents and Settings\CHANCEY\Cookies\chancey@doubleclick[1].txt Low
Advertising C:\Documents and Settings\CHANCEY\Cookies\chancey@mediaplex[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\CHANCEY\Cookies\chancey@questionmarket[1].txt Medium


Other Sections:








Copyright ? 2003-2005. Distributed by PC Tools. Legal Notice



sigs



Click to go back
  #4  
Old 09-16-2005
's Avatar
Guest
  
Posts: n/a
Default Re: HELP !!!!!!!!!!!!!!!
Those are just internet cookies...not viruses :-)

Also, GameSpy is kind of adware/spyware, but I think it's required for BattleField 2.

As for not being able to get online with the game, I don't know how you would be able to fix that.
  #5  
Old 09-16-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: HELP !!!!!!!!!!!!!!!

No problems in that log and the gamespy detection as a virus looks like it is indeed a false positve , comming from an oficial game disc.


Have you uploaded that file to that page i posted?


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

« [FIXED] winfixer/winantispyware problems | [Pending] Re: xp LAN/onboard lan problem »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 02:44 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top