HJT log and whats going on

Status
Not open for further replies.

TearsInHvn

Posts: 64   +0
My symptoms are my time is army time, my IE is slow, and last night after downloading a game i got an error. Gut told me it was a virus and I ended up right. The virus was Win32/Alcan.l & Win32/Rbot.EPW Since my scans are comping up clean. I would really hate to format and am in desperate need of help here. I hope i attached my HJT log correctly. I have never done this before.

Tears

Oh and AVG is attached too as per your inscructions.
"Run a HJT scan. attach the log file as an attachment into a new thread in our security and the web forum(unless you`ve already got a thread here). See HERE for instructions on how to post a HJT log. Also, attach the AVG Antispyware log."
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.29/aces/aces-en_US.cab

O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab

O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.34/display/PopupSh.ocx

Click on the fix checked button.

Close HJT.

Delete all files in AVG Antispyware quarantine.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\Program Files\Common Files\Sandlot Shared\slghex.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.


Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
New HJT Log

OK here's my new log. My time is still reading army time.( 21:44 ) I was told that this virus is in a file called datingtool.exe and in the system32 folder. I can not find this folder or the file itself. But it's definetly affecting my windows clock. Thank you for the help Howard, I went to another forum and they didn't even reply to me.

Tears
 
You seem to have forgot to attach your fresh HJT log.

As far as the time thing goes, I think that`s pretty standard. I don`t think Windows does an analogue clock in the system tray.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Here you go howard! Here's my HJT log and a for the time thing. Ummm no army time is not a good thing. I don't even have the AM or PM thing showing up. Right now it's uposed to be 2:04 pm here and my clock reads 01:09. LOL no am or pm and again it's army time. Also how do i get this virus out of my folder if i can't find the folder. And also my C drive was shared as $C and i unshared it and renamed it back again. Since it hasn't been touched.

Now what? This is driving me crazy!

Tears
 
Your HJT log is clean.

However, you should uninstall this programme as it`s classed as spyware.

BroadJump\Client Foundation

It`s possible you can`t find the datingtool.exe file because you don`t have it on your system.

Download the Autoruns programme from HERE. Hide Signed Microsoft Entries and then post the Autoruns log as an attachment.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Autoruns log

Here is my autoruns log. Also I believe Broadjump/Client Foundation is something to do with my ISP, because i tried uninstalling it before and couldn't connect i had to reinstall my software for my ISP again and when i did, that was back there again.

Tears
 
In auto runs, click options and make sure Hide microsoft entries is ticked, then click file and click refresh. Then click file and click save as and post that log.

Regards Howard :)
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run Killbox and have it delete this file(if there).

C:\DOCUME~1\Lois\LOCALS~1\Temp\adxapie.sys

As far as I can tell your system is clean and I can find no virus/spyware problems.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hiya

OK ......... but my clock still doesn't have a AM or PM next to it, i have 4 digits when i should have 3 and i can't change the time at all?! Weird stuff I tell ya!

Tears
 
I have found the solution to your clock problem.

Go to the control panel and double click the Regional and language icon. Click customize and then the time tab. Set your clock to how you want it to be displayed and click apply/ok/apply/ok.

That should do it.

Regards Howard :)
 
Glad I could help mate.

I`d never altered the clock settings on my computer, so didn`t know how it was done until I looked it up lol.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you!

I posted twice saying thank you and how much a really appreciate your helping me and i don't see the posts. LOL SoooooooooThank you soooooooooooooooooo much Howard! You are awesome!


Tears
 
Sorry I thought you`d posted twice by mistake and merged your posts and then edited it.

So, that`s where it went lol.

Regards Howard :)
 
New Issue...slightly

OK howard this is the prob now... Every morning when i get up, i come in here and i have a low virtual memory error on my screen. Now before all this stuff up above happend, i only rebooted my computer once a week if that. Now i'm rebooting once a day do to this memory issue. Any insight on it??


Tears
 
And one more thing to add

Adding to post above....

Also when I do a ctrl,alt & Del and click on the process tab, i will have 1 IE browser window open and it will show 4 or 5 open sometimes. It runs a tad slow when surfing to a page. I have deleted Temp internet files and cookies. Still the same.
Now what?? LMAO!

Tears
 
Try this.

Right click my computer and select properties. Then click the advanced tab and under Performance click settings. Click the advanced tab and under Virtual Memory click change.

Check the custom size radio button and in the intitial size and maximum size boxes, enter a value in MB`s that is equal to 1.5X to 2X the amount of ram you have.

You should now have the same value in both boxes. Click the set button, followed by ok. Click apply/ok/apply/ok and restart your computer. See if that helps.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Formatting

it worked for a couple of days Howard but that's all. Time to format the junk pile. LMAO! I can't even back up my stuff!

Tears
 
I`m sorry to hear that, but maybe a reformat is for the best.

I hope that solves all your problems.

Good luck.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
It's still there!

OK Howard! I formatted..... TWICE!, and the virus is still in here because i open 1 instance of iexplore.exe and i look in my process's because my system is slow and locks up and there is 4 more instances with useage being like 25,000k each! Now what?? I have tried everything I can think of. I'm gonna cry!!

Tears
 
I don`t think it`s a virus, more likely it caused by some flakey software.

Go and take a look at this thread HERE. It may help.

Regards Howard :)

This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back