Hjt Log Please Look Thank You![RESOLVED]


Recommended Posts

an one other thing i cant get rid of all is the tight vnc i went to add remove programs an removed it from there but then said some other stuff i have to remove manualy but when i try to remove it it says it aleady running how do i get around this one cause i dont want it no more ??????????????????///

Link to post
Share on other sites
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

well i removed it from in safe mode but according to a new hjt log its still there hmmmmmmmmm weired heres a new log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:30:40 PM, on 8/26/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

C:\WINNT\StartupMonitor.exe

C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

C:\Program Files\Trillian Pro\trillian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe \STARTUP

O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian.exe

O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\chris\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911231519

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187911210589

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--

End of file - 5756 bytes

Link to post
Share on other sites

Paste the following into notepad:

sc stop winvnc >> service.txt
sc delete winvnc >> service.txt
sc stop "VNC Server" >> service.txt
sc delete "VNC Server" >> service.txt
notepad service.txt

Save the file as "delVNC.bat" (include the quotes) to your desktop. Double click the file to run, a black window will flash and then notepad will open with some text inside of it; please post the text that it contains.

-Ryan

Link to post
Share on other sites

Paste everything that was in the code box into Notepad. Save the file to your desktop as "delVNC.bat" (the quotes are required.

Now on your desktop, there will be a delVNC.bat icon - it will have a gear on the icon. Double click this icon. A black window will open, and then notepad will open a file names service.txt

Service.txt will have some text in it. Copy and paste that text into a forum post.

-Ryan

Link to post
Share on other sites

C:\Documents and Settings\chris\My Documents>sc stop winvnc 1>>service.txt

'sc' is not recognized as an internal or external command,

operable program or batch file.

C:\Documents and Settings\chris\My Documents>sc delete winvnc 1>>service.txt

'sc' is not recognized as an internal or external command,

operable program or batch file.

C:\Documents and Settings\chris\My Documents>sc stop "VNC Server" 1>>service.tx

t

'sc' is not recognized as an internal or external command,

operable program or batch file.

C:\Documents and Settings\chris\My Documents>sc delete "VNC Server" 1>>service.

txt

'sc' is not recognized as an internal or external command,

operable program or batch file.

C:\Documents and Settings\chris\My Documents>notepad service.txt

Link to post
Share on other sites

Fix this entry in HJT: O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

Then do the following:

Delete an NT Service

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in: winvnc
  • Click "ok", then reboot

Link to post
Share on other sites

ok i went to that log on my desk top first of all an i seen the little black box do its thing scanning then diapeared real quick i couldnt see the resaults then i came right back to this post an seen ya next reply about the high jack this ok i did that an i got this >>>>>>>>>>>the service "winvnc" is enabled and or runnng. disable it first using high jack this its self from the scan resaults or the services.msc

Link to post
Share on other sites

i looked again an it caused for a reboot so i did an ran hjt again an its still there im stuck on this one im getting upset after doing all this stuff an its still there once i get it removed ill never install it again i only did it to remote to my moms computer an clean hers up you know another remote solution i could use besides vnc ?????????/

Link to post
Share on other sites
Guest
This topic is now closed to further replies.