Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 cntryraz

cntryraz

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 April 2005 - 09:36 AM

I need help bad!!! I have desktop.exe, iffisearch.exe who knows what else jacking up my computer. I have downloaded and ran HiJack This, Ad-Aware and Spybot S&D and still having problems. I'll show the Hi-Jack This log. Can you help? I'm not to sure how to make my computer show all hidden files either.


Logfile of HijackThis v1.99.1
Scan saved at 7:35:00 PM, on 3/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\ypvcbb.exe
C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
C:\WINNT\System32\calc.exe
C:\WINNT\System32\mrtMngr.EXE
C:\winnt\system32\AyGq.exe
C:\WINNT\Xhrmy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\PROMon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\AyGq.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINNT\System32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINNT\Pynix.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINNT\System32\lmf32v.dll
O2 - BHO: Var2Helper Class - {7412C042-43B8-4F63-AEF3-E786DFAD1484} - C:\WINNT\System32\imwire29.dll
O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users\Application Data\RDSA\rdsa.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\System32\dsktrf1.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\Documents and Settings\All Users\Application Data\x1ff\x1ff.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [1] C:\DOCUME~1\Owner\LOCALS~1\Temp\1.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Uhbg.exe
O4 - HKLM\..\Run: [apkyfdyued] C:\WINNT\System32\ypvcbb.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AyGq.exe] c:\winnt\system32\AyGq.exe
O4 - HKLM\..\Run: [Zbw] C:\winnt\system32\Zbw.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINNT\Xhrmy.exe
O4 - HKLM\..\Run: [x37S37R] toupex.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [IMwire] C:\WINNT\System32\imwireup.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [AutoLoaderxwoY1JMeWRLM] "C:\WINNT\System32\toupex.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AmazingTens] "C:\Program Files\AmazingTens\AmazingTens.exe" /H
O4 - HKLM\..\RunOnce: [1] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstall.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstallRes.dll"
O4 - HKLM\..\RunOnce: [3] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\shfolder.dll"
O4 - HKLM\..\RunOnce: [4] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsInstall.dll"
O4 - HKLM\..\RunOnce: [5] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\insmac2k.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:23 AM

Posted 05 April 2005 - 11:09 AM

Hi there,

You have a nice collection in there.. I suggest you print out the next instructions or copy and paste it in notepad, because you also have to work in safe mode, and this page wouldn't be available then.
It's important that you follow all my steps in the right order!!

First of all, make sure you have Adaware SE on your system and not a previous version of Adaware. Update it.

* Download and install CCleaner
Do not use it yet.

Download: http://downloads.subratam.org/PeperFix.exe
* Double click on Peperfix.exe
-click: Find and fix button
-Reboot when prompted

* Please set your system to show
all files; please see here if you're unsure how to do this.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINNT\Pynix.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINNT\System32\lmf32v.dll
O2 - BHO: Var2Helper Class - {7412C042-43B8-4F63-AEF3-E786DFAD1484} - C:\WINNT\System32\imwire29.dll
O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users\Application Data\RDSA\rdsa.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\System32\dsktrf1.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
O2 - BHO: Xbrowse Class - {CE7EF827-47CC-48EB-B570-C367F1E1277E} - C:\Documents and Settings\All Users\Application Data\x1ff\x1ff.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [1] C:\DOCUME~1\Owner\LOCALS~1\Temp\1.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Uhbg.exe
O4 - HKLM\..\Run: [apkyfdyued] C:\WINNT\System32\ypvcbb.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AyGq.exe] c:\winnt\system32\AyGq.exe
O4 - HKLM\..\Run: [Zbw] C:\winnt\system32\Zbw.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINNT\Xhrmy.exe
O4 - HKLM\..\Run: [x37S37R] toupex.exe
O4 - HKLM\..\Run: [IMwire] C:\WINNT\System32\imwireup.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [AutoLoaderxwoY1JMeWRLM] "C:\WINNT\System32\toupex.exe"
O4 - HKLM\..\Run: [AmazingTens] "C:\Program Files\AmazingTens\AmazingTens.exe" /H
O4 - HKLM\..\RunOnce: [1] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstall.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstallRes.dll"
O4 - HKLM\..\RunOnce: [3] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\shfolder.dll"
O4 - HKLM\..\RunOnce: [4] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsInstall.dll"
O4 - HKLM\..\RunOnce: [5] C:\WINNT\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\insmac2k.dll"
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll


* Click on Fix Checked when finished and exit HijackThis.

* Reboot into Safe Mode`:
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Uninstall through your add/remove programs the following if present:

CxtPls
SEP
eSyndicate
PeoplePC
AmazingTens


Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINNT\System32\ypvcbb.exe
C:\Program Files\CxtPls <== this folder
C:\WINNT\isrvs <== this folder
C:\Documents and Settings\All Users\Application Data\RDSA <== this folder
C:\Program Files\SEP <== this folder
C:\Program Files\eSyndicate <== this folder
C:\Documents and Settings\All Users\Application Data\x1ff <== this folder
C:\Program Files\PeoplePC <== this folder
c:\winnt\system32\AyGq.exe
C:\winnt\system32\Zbw.exe
C:\WINNT\Xhrmy.exe
C:\WINNT\System32\imwireup.exe
C:\WINNT\farmmext.exe
C:\WINNT\System32\toupex.exe
C:\Program Files\AmazingTens <== this folder
C:\WINNT\System32\ms.exe

* Start Ccleaner and click Run Cleaner

* Perform a full scan with Adaware SE (you are still in safe mode) and let it delete everything it finds.

* Reboot your system back to normal mode.

* Perform an onlinescan with housecall and/or Etrust and let it delete everything it finds.

Post back a fresh HijackThis log and I'll take another look.

If you had any problems with deleting files or noticed any other problems during your fix, let me also know in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 cntryraz

cntryraz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 14 April 2005 - 08:37 PM

Okay, it's been a littlte while but here's what I got. I did forget to mention before that I have been having trouble with AOL and haven't been able to get online. So I wasn't able to complete the cleaning programs at the end of the directions.

As far as everything else, the following could not be deleted:

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll

O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe

O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [AyGq.exe] c:\winnt\system32\AyGq.exe

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll


The above trouble files have messed up my laptop also. Several trys were attempted to rid my work computer of them but none worked. I really appreciate all the help you guys provide. I hope there is a way to get rid of these. I also have some files that Ad-Aware pulls up every time I run it even after they are deleted. Here is a new HJT log and also an Ad-Aware log. I was wondering if you might know what would cause the CPU usage to spike to 100% when I open the AOL sign in page.


HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:57 PM, on 4/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
C:\WINNT\isrvs\desktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\PROMon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINNT\system32\AyGq.exe
C:\WINNT\System32\mrtMngr.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\AyGq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\WINNT\system32\LxrJD31s.exe
C:\WINNT\System32\LxrJD31c.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Iel277g.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AyGq.exe] C:\WINNT\system32\AyGq.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Ad-Aware Log:

ArchiveData(auto-quarantine- 2005-04-09 10-21-33.bckp)
Referencefile : SE1R8 13.09.2004
======================================================

DSSAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : software\broderbund software\dss

LYCOS SIDESEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=Regkey : sep.band.1
obj[2]=RegValue : sep.band.1 ""
obj[3]=Regkey : sep.band
obj[4]=RegValue : sep.band ""
obj[5]=Regkey : typelib\{4e627a1e-bc4b-4faf-8de8-1d9a54d37da3}
obj[6]=Regkey : sep.search.1
obj[7]=RegValue : sep.search.1 ""
obj[8]=Regkey : sep.search
obj[9]=RegValue : sep.search ""
obj[10]=Regkey : clsid\{c30793af-14b2-4300-8b5d-4bfa3987050e}
obj[11]=RegValue : clsid\{c30793af-14b2-4300-8b5d-4bfa3987050e} ""
obj[12]=File : C:\Documents and Settings\Owner\Desktop\backups\backup-20050409-092941-530.dll
obj[13]=File : C:\Documents and Settings\Owner\Local Settings\Temp\temp.frDD05
obj[14]=File : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP480\A0058041.dll
obj[15]=File : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP480\A0058087.dll
obj[16]=File : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP484\A0059184.dll

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:23 AM

Posted 15 April 2005 - 03:35 AM

Hi there,

The peper trojan is still there.
It is really important you use that peperfix on it.
Can you go online now with the infected computer? Or are you posting this from another computer.
If from another computer, download the peperfix again and burn it to cdrom or floppy and place it on the infected computer.
We're going to use the peperfix in safe mode afterwards.

* There's an attachement over here (fix.zip), so download it, unzip it and place it on your desktop. Don't use it yet.

* Please set your system to show all files; please see here if you're unsure how to do this.

Boot in SAFE MODE now

* Doubleclick fix.bat you downloaded earlier.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Iel277g.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AyGq.exe] C:\WINNT\system32\AyGq.exe
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll


* Click on Fix Checked when finished and exit HijackThis.

* Run the peperfix.
* Reboot your system back to normal mode.
* Run the peperfix again.

Post back a fresh HijackThis log and I'll take another look.

If you had any problems with deleting files let me also know in your next reply!!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 cntryraz

cntryraz
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2005 - 09:50 PM

All seemed to work so far. I am now able to get online. I have to say, you guys are awesome. Here is an updated log as requested. Also, I've been taking the actions Grinler has on this site for protecting computers against malware and stuff. I just have one problem. For some reason when I try to do WIndows Update, it goes through the the upload process but, a message pops up stating it can't be downloaded. The particular update is a security update. Should I try to trouble shoot through Microsoft Update?
Anyway here's the HJT log thanks again for the awesome help!!:


Logfile of HijackThis v1.99.1
Scan saved at 7:41:11 AM, on 4/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\PROMon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINNT\System32\mrtMngr.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe\CalCheck.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Explosion Calendar Checker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe




You have well earned a donation and WILL receive one from me shortly. Thanks again!

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:23 AM

Posted 27 April 2005 - 03:07 AM

Hello, that log looks clean again. Well done.

First I'll give you my preventionspeech :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again!

About the windows update.. do you have a legal XP version? If not, i'm sorry to tell you, but you can't update then.

Also perform next:

* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

Can you give me the exact error that you get when you try to download the updates?
Actually, you need a lot more than only the security patches from windowsupdate, you also need to update to SP2.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:23 AM

Posted 30 April 2005 - 05:19 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users