Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Problem!


  • Please log in to reply
10 replies to this topic

#1 ZelZanza

ZelZanza

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 02 April 2005 - 09:56 PM

Hi guys. I'm having major problems with my computer. I'm having constant pop-ups. I run Windows ME (I know, bad choice, but I can't afford a new comp/upgrade now). I have run Ad-Aware, Spybot, AVG, and Stinger. I have purged my restore folders as well, because I found many trojans and viruses backed up in there. I have gone through my hijackthis log and searched through google to find what needed to be deleted, ano all this left. Please tell me what I still need to fix? Thanks a whole bunch guys.
--------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:03:10 PM, on 4/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS2\HIJACKTHIS.EXE

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Edit: Also, I just started noticing that about every like 10-15 minutes, my computer locks up for about 20 seconds, and then goes fine again. When I'm online on a game, it d/ces me from it during that period of time.

Edited by ZelZanza, 03 April 2005 - 10:14 AM.

ZelZanza

BC AdBot (Login to Remove)

 


#2 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 02 April 2005 - 11:33 PM

Someone please help me :thumbsup: . I've gone to 3 other forums requesting help, and nobody has posted there yet. And it's been a week since I started the topics on the other forums.
ZelZanza

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 PM

Posted 03 April 2005 - 04:10 PM

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#4 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 03 April 2005 - 04:43 PM

I downloaded and installed/extracted the l2mfix.exe. I ran l2mfix.bat, and it says (in DOS) "Syntax error", and notepad opens with a name "not.txt" which reads "Not compatible with 9x or windows nt."

Edited by ZelZanza, 03 April 2005 - 04:44 PM.

ZelZanza

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 PM

Posted 03 April 2005 - 05:30 PM

My bad:

Download the following file:

http://castlecops.com/zx/Zupe/FindIt9xME.zip


and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

#6 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 03 April 2005 - 06:31 PM

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 2F63-1602
Directory of C:\WINDOWS\SYSTEM

MNPRINT2 DLL 227,104 03-26-05 1:09p MNPRINT2.DLL
ALD DLL 227,104 03-26-05 1:09p ALD.DLL
DSEML DLL 227,104 03-26-05 1:09p DSEML.DLL
KDRNEL32 DLL 227,104 03-26-05 1:09p KDRNEL32.DLL
MMLS2 DLL 227,104 03-26-05 1:09p mmls2.dll
PZCRT DLL 227,104 03-26-05 1:09p pzcrt.dll
PLWRPROF DLL 227,104 03-26-05 1:09p PLWRPROF.DLL
JWVAEE DLL 227,104 03-26-05 1:09p JWVAEE.DLL
VXAJET32 DLL 227,104 03-26-05 1:09p VXAJET32.DLL
NBRSSL DLL 227,104 03-26-05 1:09p nbrssl.dll
MTEXCL35 DLL 227,104 03-26-05 1:09p mtexcl35.dll
MMIHRNJP DLL 227,104 03-26-05 1:09p mmihrnjp.dll
BCRLNDMM DLL 227,104 03-26-05 1:09p bcrlndmm.dll
IQ1XCG9X DLL 227,104 03-26-05 1:09p IQ1XCG9X.DLL
RZAUI DLL 227,104 03-26-05 1:09p RZAUI.DLL
CCRAL DLL 227,104 03-26-05 1:09p ccral.dll
NJRSNL DLL 227,104 03-26-05 1:09p njrsnl.dll
MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
23 file(s) 5,238,656 bytes
0 dir(s) 30,846.72 MB free

------- Hidden Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 2F63-1602
Directory of C:\WINDOWS\SYSTEM

DESKTOP INI 271 01-26-05 5:16p desktop.ini
FOLDER HTT 23,155 01-26-05 5:16p folder.htt
WS516505 OCX 490 10-07-02 7:33a ws516505.ocx
FFASTLOG TXT 20,913 09-11-02 5:31p ffastlog.txt
HPF82H04 GID 8,628 04-21-02 10:31a hpf82h04.GID
HPF82T04 GID 8,628 03-20-01 7:10p hpf82t04.GID
6 file(s) 62,085 bytes
0 dir(s) 30,846.69 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{3015D465-E9D4-17EE-460D-2FA812D543B6}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
desktop.ini Wed Jan 26 2005 5:16:46p ...H. 271 0.26 K
mnprint2.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
ald.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
dseml.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
folder.htt Wed Jan 26 2005 5:16:46p ...H. 23,155 22.61 K
kdrnel32.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
mmls2.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
pzcrt.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
plwrprof.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
jwvaee.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
vxajet32.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
nbrssl.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
mtexcl35.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
mmihrnjp.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
bcrlndmm.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
iq1xcg9x.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
rzaui.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
ccral.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K
njrsnl.dll Sat Mar 26 2005 1:09:46p ..S.R 227,104 221.78 K

19 items found: 19 files, 0 directories.
Total of file sizes: 3,884,194 bytes 3.70 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"hppwrsav"="C:\\SCANJET\\PrecisionScanLT\\hppwrsav.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvCpl.dll,NvStartup"
"ICSMGR"="ICSMGR.EXE"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"ResCh"=""
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"Hidserv"="Hidserv.exe run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



ZelZanza

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 PM

Posted 04 April 2005 - 03:41 PM

Download the attached bat file to your c:\ folder.

Reboot your computer and as it is starting, tap the f8 key. When you get to the menu, choose safe command prompt only.

Then at the command prompt type:

c:\dell2m.bat

and press enter.

When it is done, reboot and give me another findit log.

Attached Files



#8 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 04 April 2005 - 05:22 PM

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 2F63-1602
Directory of C:\WINDOWS\SYSTEM

MSTEXT35 DLL 166,672 09-30-99 7:21p mstext35.dll
MSEXCL35 DLL 252,688 09-09-99 10:06p msexcl35.dll
MSLTUS35 DLL 168,720 09-09-99 10:06p msltus35.dll
MSPDOX35 DLL 250,128 06-07-99 6:59p mspdox35.dll
MSXBSE35 DLL 287,504 04-25-99 5:00p Msxbse35.dll
MSRD2X35 DLL 252,176 04-25-99 5:00p Msrd2x35.dll
6 file(s) 1,377,888 bytes
0 dir(s) 30,890.78 MB free

------- Hidden Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 2F63-1602
Directory of C:\WINDOWS\SYSTEM

DESKTOP INI 271 01-26-05 5:16p desktop.ini
FOLDER HTT 23,155 01-26-05 5:16p folder.htt
WS516505 OCX 490 10-07-02 7:33a ws516505.ocx
FFASTLOG TXT 20,913 09-11-02 5:31p ffastlog.txt
HPF82H04 GID 8,628 04-21-02 10:31a hpf82h04.GID
HPF82T04 GID 8,628 03-20-01 7:10p hpf82t04.GID
6 file(s) 62,085 bytes
0 dir(s) 30,890.75 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{3015D465-E9D4-17EE-460D-2FA812D543B6}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
desktop.ini Wed Jan 26 2005 5:16:46p ...H. 271 0.26 K
folder.htt Wed Jan 26 2005 5:16:46p ...H. 23,155 22.61 K

2 items found: 2 files, 0 directories.
Total of file sizes: 23,426 bytes 22.88 K

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"hppwrsav"="C:\\SCANJET\\PrecisionScanLT\\hppwrsav.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvCpl.dll,NvStartup"
"ICSMGR"="ICSMGR.EXE"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"ResCh"=""
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"Hidserv"="Hidserv.exe run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



ZelZanza

#9 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 04 April 2005 - 05:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:25:00 PM, on 4/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS2\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: zanza.icxdn.com
O15 - Trusted Zone: *.windowsupdate.com
O15 - Trusted Zone: *.graalonline.com
ZelZanza

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:28 PM

Posted 04 April 2005 - 05:25 PM

Fix these entries and your clean:

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: zanza.icxdn.com
O15 - Trusted Zone: *.windowsupdate.com
O15 - Trusted Zone: *.graalonline.com


Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help.

#11 ZelZanza

ZelZanza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 04 April 2005 - 05:50 PM

Thanks so much Grinler. You saved my computer from doom!

You helped me through here and on chat. Thanks so much for taking the time to do so. :thumbsup:
ZelZanza




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users