Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please analyze my HijackThis Log


  • Please log in to reply
6 replies to this topic

#1 galatia

galatia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 April 2005 - 03:51 PM

Hello guys I need your help in telling me what to fix.

I am running Windows 2000 Professional. The problem is: I cannot open any of Windows Explorer, My Computer, My Network Places, Internet Explorer and Control Panel. when I try to oepn any of these windows, I received response such as this:

'The instruction at "0x00e326b8" referenced memory at "0x000a0000". The memory cound not be "read".'

The following is the log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 4:44:15 AM, on 22-04-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINPROF\System32\smss.exe
C:\WINPROF\system32\winlogon.exe
C:\WINPROF\system32\services.exe
C:\WINPROF\system32\lsass.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\system32\spoolsv.exe
C:\WINPROF\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Ascential\DataStage\Engine\bin\dsservice.exe
C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
C:\WINPROF\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINPROF\System32\nvsvc32.exe
C:\WINPROF\system32\regsvc.exe
C:\WINPROF\system32\MSTask.exe
C:\WINPROF\system32\ZoneLabs\vsmon.exe
C:\WINPROF\System32\WBEM\WinMgmt.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\system32\MsgSys.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINPROF\explorer.exe
D:\Archive\installation files\file manager\2x\2xExplorer.exe
C:\Documents and Settings\Administrator\Desktop\working2\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActiveX Control - {46FB1EEC-6878-4CA3-A696-2F8E21C7E658} - C:\WINPROF\system32\mspyr.dll
O2 - BHO: IE SP2 AddOn - {DFB5E6F0-C142-4765-8E4F-627D3C291AFA} - C:\WINPROF\system32\spthz.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINPROF\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINPROF\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AB6C322-2D21-42BF-9C25-D62BBD315CE3}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: NavLogon - C:\WINPROF\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINPROF\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINPROF\System32\dmadmin.exe
O23 - Service: DataStage Engine Resource Service (DSEngine) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsservice.exe
O23 - Service: DSRPC Service (dsrpc) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
O23 - Service: DataStage Telnet Service (dstelnet) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINPROF\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINPROF\system32\ZoneLabs\vsmon.exe
O23 - Service: Performance Accounts Sharing (WksPatch) - Unknown owner - C:\WINPROF\System32\drivers\svchost.exe (file missing)

Thanks very much.

With Best Regards,
Will

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 AM

Posted 22 April 2005 - 08:41 AM

Enter your control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: ActiveX Control - {46FB1EEC-6878-4CA3-A696-2F8E21C7E658} - C:\WINPROF\system32\mspyr.dll
O2 - BHO: IE SP2 AddOn - {DFB5E6F0-C142-4765-8E4F-627D3C291AFA} - C:\WINPROF\system32\spthz.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AB6C322-2D21-42BF-9C25-D62BBD315CE3}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINPROF\system32\mspyr.dll
C:\WINPROF\system32\spthz.dll

Reboot your computer to go back to normal mode and post a new log.

#3 galatia

galatia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 22 April 2005 - 12:29 PM

Thanks very much, Grinler.

I can get into Windows Explorer and Internet Explorer now.

Here's the latest scan log from HijackThis:

Note: HijackThis can't seems to fix this entry - O15 - Trusted Zone: http://*.63.219.181.7


Logfile of HijackThis v1.99.1
Scan saved at 1:29:24 AM, on 23-04-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINPROF\System32\smss.exe
C:\WINPROF\system32\winlogon.exe
C:\WINPROF\system32\services.exe
C:\WINPROF\system32\lsass.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\system32\spoolsv.exe
C:\WINPROF\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Ascential\DataStage\Engine\bin\dsservice.exe
C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
C:\WINPROF\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINPROF\System32\nvsvc32.exe
C:\WINPROF\system32\regsvc.exe
C:\WINPROF\system32\MSTask.exe
C:\WINPROF\system32\ZoneLabs\vsmon.exe
C:\WINPROF\system32\MsgSys.EXE
C:\WINPROF\System32\WBEM\WinMgmt.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Documents and Settings\Administrator\Desktop\working2\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINPROF\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O12 - Plugin for .swf: C:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll
O15 - Trusted Zone: http://*.63.219.181.7
O20 - Winlogon Notify: NavLogon - C:\WINPROF\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINPROF\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINPROF\System32\dmadmin.exe
O23 - Service: DataStage Engine Resource Service (DSEngine) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsservice.exe
O23 - Service: DSRPC Service (dsrpc) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
O23 - Service: DataStage Telnet Service (dstelnet) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINPROF\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINPROF\system32\ZoneLabs\vsmon.exe
O23 - Service: Performance Accounts Sharing (WksPatch) - Unknown owner - C:\WINPROF\System32\drivers\svchost.exe (file missing)

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 AM

Posted 22 April 2005 - 10:16 PM

Download remv3.zip from here:

http://forums.skads.org/index.php?act=Atta...ype=post&id=115

and save it on your desktop. Then extract the zip file to c:\ms4hd.

Boot your computer into Safe Mode. Instructions on how to do this can be found here:

How to boot Windows into Safe Mode

Navigate to c:\ms4hd and double-click on the remv3.bat file. When it is done it will open a log file of what it found. This log file is saved in c:\log.txt.

Reboot your computer back to normal mode and post the contents of c:\log.txt. To open it, click on start, then run, and type notepad c:\log.txt and press the OK button.

A notepad will open up. Please create a reply to this message and post the contents of that notepad along with a new hijackthis log.

#5 galatia

galatia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 24 April 2005 - 12:46 PM

Hi, Thanks again Grinler.

The entry: O15 - Trusted Zone: http://*.63.219.181.7 appears to have disappeared in the latest HijackThis log as follows:

Logfile of HijackThis v1.99.1
Scan saved at 1:41:43 AM, on 25-04-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINPROF\System32\smss.exe
C:\WINPROF\system32\winlogon.exe
C:\WINPROF\system32\services.exe
C:\WINPROF\system32\lsass.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\system32\spoolsv.exe
C:\WINPROF\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Ascential\DataStage\Engine\bin\dsservice.exe
C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
C:\WINPROF\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINPROF\System32\nvsvc32.exe
C:\WINPROF\system32\regsvc.exe
C:\WINPROF\system32\MSTask.exe
C:\WINPROF\system32\ZoneLabs\vsmon.exe
C:\WINPROF\System32\WBEM\WinMgmt.exe
C:\WINPROF\system32\svchost.exe
C:\WINPROF\system32\MsgSys.EXE
C:\WINPROF\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Documents and Settings\Administrator\Desktop\working2\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINPROF\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINPROF\web\related.htm
O12 - Plugin for .swf: C:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD86824B-CE8E-4377-9C99-CB23E3079764}: NameServer = 69.50.176.156 195.225.176.31
O20 - Winlogon Notify: NavLogon - C:\WINPROF\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINPROF\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINPROF\System32\dmadmin.exe
O23 - Service: DataStage Engine Resource Service (DSEngine) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsservice.exe
O23 - Service: DSRPC Service (dsrpc) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\dsrpcd.exe
O23 - Service: DataStage Telnet Service (dstelnet) - Ascential Software Inc. - C:\Ascential\DataStage\Engine\bin\tl_dsservice.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINPROF\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINPROF\system32\ZoneLabs\vsmon.exe
O23 - Service: Performance Accounts Sharing (WksPatch) - Unknown owner - C:\WINPROF\System32\drivers\svchost.exe (file missing)



The log from executing the remv3.bat file is as follows:


Files Found.................
----------------------------------------
dmsadmins.exe
ipdnssec6.exe
mqspbkup.exe
qwinnta.exe
sesmgr.exe

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------


Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is F8CE-5152

Directory of C:\WINPROF\system32

21-04-2005 09:25p 16,896 hdkrt.dll
21-04-2005 09:17p 16,896 hduoa.dll
2 File(s) 33,792 bytes
0 Dir(s) 5,352,955,904 bytes free
msbe.dll
mscb.dll
msi.dll
Finished

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 AM

Posted 25 April 2005 - 12:01 AM

Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#7 galatia

galatia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 25 April 2005 - 11:37 PM

Many thanks for all the help, Grinler.
Appreciate it.
:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users