TechSpot

HJT log and whats going on

By TearsInHvn
Oct 14, 2006
  1. My symptoms are my time is army time, my IE is slow, and last night after downloading a game i got an error. Gut told me it was a virus and I ended up right. The virus was Win32/Alcan.l & Win32/Rbot.EPW Since my scans are comping up clean. I would really hate to format and am in desperate need of help here. I hope i attached my HJT log correctly. I have never done this before.

    Tears

    Oh and AVG is attached too as per your inscructions.
    "Run a HJT scan. attach the log file as an attachment into a new thread in our security and the web forum(unless you`ve already got a thread here). See HERE for instructions on how to post a HJT log. Also, attach the AVG Antispyware log."
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.29/aces/aces-en_US.cab

    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/hearts/hearts-en_US.cab

    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.34/display/PopupSh.ocx

    Click on the fix checked button.

    Close HJT.

    Delete all files in AVG Antispyware quarantine.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\Program Files\Common Files\Sandlot Shared\slghex.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.


    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    New HJT Log

    OK here's my new log. My time is still reading army time.( 21:44 ) I was told that this virus is in a file called datingtool.exe and in the system32 folder. I can not find this folder or the file itself. But it's definetly affecting my windows clock. Thank you for the help Howard, I went to another forum and they didn't even reply to me.

    Tears
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You seem to have forgot to attach your fresh HJT log.

    As far as the time thing goes, I think that`s pretty standard. I don`t think Windows does an analogue clock in the system tray.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Here you go howard! Here's my HJT log and a for the time thing. Ummm no army time is not a good thing. I don't even have the AM or PM thing showing up. Right now it's uposed to be 2:04 pm here and my clock reads 01:09. LOL no am or pm and again it's army time. Also how do i get this virus out of my folder if i can't find the folder. And also my C drive was shared as $C and i unshared it and renamed it back again. Since it hasn't been touched.

    Now what? This is driving me crazy!

    Tears
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, you should uninstall this programme as it`s classed as spyware.

    BroadJump\Client Foundation

    It`s possible you can`t find the datingtool.exe file because you don`t have it on your system.

    Download the Autoruns programme from HERE. Hide Signed Microsoft Entries and then post the Autoruns log as an attachment.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Autoruns log

    Here is my autoruns log. Also I believe Broadjump/Client Foundation is something to do with my ISP, because i tried uninstalling it before and couldn't connect i had to reinstall my software for my ISP again and when i did, that was back there again.

    Tears
     
  8. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    New Autoruns log

    Forgot to hide microsofts entries. And once again, thank you for your help!

    Tears
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In auto runs, click options and make sure Hide microsoft entries is ticked, then click file and click refresh. Then click file and click save as and post that log.

    Regards Howard :)
     
  10. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    up above

    File is attached in above reply.... i noticed i goofed and redid it! LOL Thanks again!

    Tears
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run Killbox and have it delete this file(if there).

    C:\DOCUME~1\Lois\LOCALS~1\Temp\adxapie.sys

    As far as I can tell your system is clean and I can find no virus/spyware problems.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Hiya

    OK ......... but my clock still doesn't have a AM or PM next to it, i have 4 digits when i should have 3 and i can't change the time at all?! Weird stuff I tell ya!

    Tears
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have found the solution to your clock problem.

    Go to the control panel and double click the Regional and language icon. Click customize and then the time tab. Set your clock to how you want it to be displayed and click apply/ok/apply/ok.

    That should do it.

    Regards Howard :)
     
  14. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Problems solved Howard! Thank you soooooooooooooooooooo much for all your help! You are awesome!!


    Tears
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Glad I could help mate.

    I`d never altered the clock settings on my computer, so didn`t know how it was done until I looked it up lol.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Thank you!

    I posted twice saying thank you and how much a really appreciate your helping me and i don't see the posts. LOL SoooooooooThank you soooooooooooooooooo much Howard! You are awesome!


    Tears
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry I thought you`d posted twice by mistake and merged your posts and then edited it.

    So, that`s where it went lol.

    Regards Howard :)
     
  18. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    New Issue...slightly

    OK howard this is the prob now... Every morning when i get up, i come in here and i have a low virtual memory error on my screen. Now before all this stuff up above happend, i only rebooted my computer once a week if that. Now i'm rebooting once a day do to this memory issue. Any insight on it??


    Tears
     
  19. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    And one more thing to add

    Adding to post above....

    Also when I do a ctrl,alt & Del and click on the process tab, i will have 1 IE browser window open and it will show 4 or 5 open sometimes. It runs a tad slow when surfing to a page. I have deleted Temp internet files and cookies. Still the same.
    Now what?? LMAO!

    Tears
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try this.

    Right click my computer and select properties. Then click the advanced tab and under Performance click settings. Click the advanced tab and under Virtual Memory click change.

    Check the custom size radio button and in the intitial size and maximum size boxes, enter a value in MB`s that is equal to 1.5X to 2X the amount of ram you have.

    You should now have the same value in both boxes. Click the set button, followed by ok. Click apply/ok/apply/ok and restart your computer. See if that helps.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Formatting

    it worked for a couple of days Howard but that's all. Time to format the junk pile. LMAO! I can't even back up my stuff!

    Tears
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m sorry to hear that, but maybe a reformat is for the best.

    I hope that solves all your problems.

    Good luck.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    It's still there!

    OK Howard! I formatted..... TWICE!, and the virus is still in here because i open 1 instance of iexplore.exe and i look in my process's because my system is slow and locks up and there is 4 more instances with useage being like 25,000k each! Now what?? I have tried everything I can think of. I'm gonna cry!!

    Tears
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t think it`s a virus, more likely it caused by some flakey software.

    Go and take a look at this thread HERE. It may help.

    Regards Howard :)

    This thread is for the use of TearsInHvn only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. TearsInHvn

    TearsInHvn TS Enthusiast Topic Starter Posts: 55

    Thanks again Howard!

    That seems to have worked! I never thought of it being a software issue!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...