-
06/01/06 10:02:49 [Info]: BlackLight Engine 1.0.37 initialized
06/01/06 10:02:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/01/06 10:02:49 [Note]: 7019 4
06/01/06 10:02:49 [Note]: 7005 0
06/01/06 10:02:51 [Note]: 7006 0
06/01/06 10:02:51 [Note]: 7011 1688
06/01/06 10:02:51 [Note]: 7026 0
06/01/06 10:02:52 [Note]: 7026 0
06/01/06 10:02:59 [Note]: FSRAW library version 1.7.1015
-
I'm getting pretty confident that there is no malware on your system. Can you post another HijackThis log for checking please. Also, did that firewall help any of your issues? Can you also list all your current problems :)
-
Logfile of HijackThis v1.99.1
Scan saved at 7:47:08 PM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Launch G-series Keyboard Profiler.lnk = C:\Program Files\Logitech\G-series Software\LGDCore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
I haven't tried using a firewall, but I can't figure out how that would help me if I did.
My current problems are a poker pop up that causes explorer.exe to restart after I close it, random audio advertisements that play, and it seems to have hijacked some of my desktop (as I noted in the picture I posted earlier).
-
Only thing I could think of on your logs, would be interesting to know what this is:
C:\Program Files\URLy Warning\URLyWarning.exe
I can't find any good info on the .exe file and the program itself is pretty suspicious. Anything you installed yourself?
-
Yeah, URLYWarning is a program that alerts you when a website updates. I was using it back in November for XBox 360 sales.
But I think I might have found the culprit. The Dr. Watson debugger. I _never_ installed it. And when I end the process, it comes right back.
-
http://www.microsoft.com/resources/d....mspx?mfr=true
I'd suggest uninstalling this URLyWarning. I don't know it, and it could be adware based program.
To check, please surf here: www.virustotal.com
Paste this in the box next to the "Browse" button: C:\Program Files\URLy Warning\URLyWarning.exe
Hit Send and let me know what comes up. As for the Dr. Watson Debugger.. I know there's been problems with it. But if your only problems at the moment are popups, then it's not Dr. Watson. :)
-
Well I uninstalled the URLY Warning program a long time ago. I highly doubt it'd be causing problems now.
And could Dr. Watson be behind why my desktop is getting hijacked?
-
No, it couldn't.
Please just install that firewall. Even if it doesn't help you with this particular problem, your system will be safer after setting one up.
How is your desktop getting hijacked? Can you post a screenshot? Only problem on your desktop earlier was the small icon problem.
I know this is getting frustrating for both of us. I simply can't see anything malware based on your logs that would hijack your desktop or would give you any kind of popups.
-
Well there's the icon problem, and sometimes I can't move icons around. It also frequently locks up. It almost sounds like a virus is infecting explorer.exe.
Also, the poker pop up I'm getting, when I close it with the X button, explorer.exe crashes and restarts.
-
Got some help from the other Staff members..
Change the theme, then go to the apperance tab under
"windows and buttons" and change it, hit apply, then change back to xp style.
Then lets look at a startuplist log... Please reboot into Safe Mode and create the following:- Open HiJackThis
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- Check the 2 boxes next to the Box that says "Generate StartupList log"
- Click on the button "Generate StartupList log"
- Copy and paste the StartupList from the notebook onto your post.