Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this help


  • This topic is locked This topic is locked
5 replies to this topic

#1 strongbeard

strongbeard

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 01 August 2005 - 08:27 PM

I ran into a problem recently with AV gold. i d/led hijackthis and it recomended to creat a log and post it so..............


Logfile of HijackThis v1.99.1
Scan saved at 9:17:59 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\apihr32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uidbc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {94FA607F-D21C-7B55-1D1B-1A9DE22BEE8D} - C:\WINDOWS\system32\appwe32.dll
O2 - BHO: Class - {DB18D626-27BB-9CC6-9A93-CF0127F28A43} - C:\WINDOWS\system32\mfcis32.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apihr32.exe] C:\WINDOWS\system32\apihr32.exe
O4 - HKLM\..\Run: [d3ev32.exe] C:\WINDOWS\system32\d3ev32.exe
O4 - HKLM\..\Run: [winfk.exe] C:\WINDOWS\system32\winfk.exe
O4 - HKLM\..\RunOnce: [winwu32.exe] C:\WINDOWS\winwu32.exe
O4 - HKLM\..\RunOnce: [atlbn.exe] C:\WINDOWS\system32\atlbn.exe
O4 - HKLM\..\RunOnce: [sdkdp.exe] C:\WINDOWS\sdkdp.exe
O4 - HKLM\..\RunOnce: [mfcis32.exe] C:\WINDOWS\system32\mfcis32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sonymvec] C:\WINDOWS\system32\sonymvec.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TFTP2036
O4 - Global Startup: TFTP2672
O4 - Global Startup: TFTP3656
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mp1: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\winwu32.exe" /s (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 02 August 2005 - 01:54 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 02 August 2005 - 07:42 PM

Please remember that every time you reboot the computer there's a chance that the infection will reinstall and all the files names will change. Try to do all these instructions without rebooting

Please read through the instructions before you start (you may want to print this out or copy it into a word program).


Please download and install these programs - don't run them yet!!

Please download the trial version of Ewido Security Suite:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
    Tutorial if needed
Please download and unzip AboutBuster to a folder. AboutBuster MUST be updated before you use it.
Check the AboutBuster Tutorial for instructions.
Don't run it yet.

Download and unzip HSfix to your desktop.

The above Registry file was written specifically for this infection and is not to be used on any other infection as it could damage a person's PC

Please download Cleanup CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more.

Please download
CW-Shredder

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:
  • Reboot into safe mode

    Important Step
  • Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
    Scroll down and find the service called:
    Remote Procedure Call (RPC) Helper

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dońt find this service listed go ahead with the next steps.

  • Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
    OR]
    Use the process viewer in Hijackthis, Open the Misc Tools Section then Open Process Manager, find these programs and kill process the following running processes (Do not worry if they are not there)


    apihr32.exe

    SysUpd.exe

    d3ev32.exe

    winfk.exe

    winwu32.exe

    atlbn.exe

    sdkdp.exe

    mfcis32.exe

    sonymvec.exe

    windialup.exe


  • Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):

    C:\WINDOWS\system32\apihr32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uidbc.dll/ sp.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uidbc.dll/sp.html#37049

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {94FA607F-D21C-7B55-1D1B-1A9DE22BEE8D} - C:\WINDOWS\system32\appwe32.dll

    O2 - BHO: Class - {DB18D626-27BB-9CC6-9A93-CF0127F28A43} - C:\WINDOWS\system32\mfcis32.dll

    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe

    O4 - HKLM\..\Run: [apihr32.exe] C:\WINDOWS\system32\apihr32.exe

    O4 - HKLM\..\Run: [d3ev32.exe] C:\WINDOWS\system32\d3ev32.exe

    O4 - HKLM\..\Run: [winfk.exe] C:\WINDOWS\system32\winfk.exe

    O4 - HKLM\..\RunOnce: [winwu32.exe] C:\WINDOWS\ winwu32.exe

    O4 - HKLM\..\RunOnce: [atlbn.exe] C:\WINDOWS\system32\ atlbn.exe

    O4 - HKLM\..\RunOnce: [sdkdp.exe] C:\WINDOWS\ sdkdp.exe

    O4 - HKLM\..\RunOnce: [mfcis32.exe] C:\WINDOWS\system32\mfcis32.exe

    O4 - HKCU\..\Run: [sonymvec] C:\WINDOWS\system32\sonymvec.exe

    O4 - Global Startup: TFTP2036

    O4 - Global Startup: TFTP2672

    O4 - Global Startup: TFTP3656

    O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)

    O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} -
    C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)

    O23 - Service: Remote Procedure Call (RPC) Helper ( 11F #`I) - Unknown owner - C:\WINDOWS\winwu32.exe" /s (file missing)


    Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

    Exit HijackThis.
  • Using Windows Explorer, locate the following files, and DELETE them (Do not worry if they are not there):

    C:\WINDOWS\uidbc.dll/sp.html#37049

    C:\WINDOWS\system32\appwe32.dll

    C:\WINDOWS\system32\mfcis32.exe

    C:\WINDOWS\SysUpd.exe

    C:\WINDOWS\system32\apihr32.exe

    C:\WINDOWS\system32\d3ev32.exe

    C:\WINDOWS\system32\winfk.exe

    C:\WINDOWS\ winwu32.exe

    C:\WINDOWS\system32\ atlbn.exe

    C:\WINDOWS\ sdkdp.exe

    C:\WINDOWS\system32\sonymvec.exe

    C:\WINDOWS\System32\windialup\1753[1]\windialup.exe

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

  • Double click on the HSfix and when asked to merge say yes.

  • Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

  • Run AboutBuster . This will scan your computer for the bad files and delete them. It will ask to scan the system again, let it. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

  • Run Ewido Security Suite
    Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
    If Ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if Ewido needs to be run again.
    When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

  • Run Cleanup.

  • Reboot into normal mode and open up Internet Explorer

  • Download and run this online virus scan if you can:<---Important

    TrendMicro Housecall
    Make sure you check "AutoClean"

  • Reboot and post a fresh HJT log back here by using the add reply button below, and lets see how we did.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 strongbeard

strongbeard
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 04 August 2005 - 03:55 PM

Thx so much for your time. I followed the steps to the best of my ability, hopefully i dun it right :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 4:51:24 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tnxav.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D7338BF1-6CF6-5C0B-58D7-FBEE6772FCC4} - C:\WINDOWS\apijy.dll (file missing)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apihr32.exe] C:\WINDOWS\system32\apihr32.exe
O4 - HKLM\..\Run: [d3ev32.exe] C:\WINDOWS\system32\d3ev32.exe
O4 - HKLM\..\Run: [winfk.exe] C:\WINDOWS\system32\winfk.exe
O4 - HKLM\..\Run: [mfcng32.exe] C:\WINDOWS\mfcng32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [sonymvec] C:\WINDOWS\system32\sonymvec.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TFTP2036
O4 - Global Startup: TFTP2672
O4 - Global Startup: TFTP3656
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1753[1]\windialup.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mp1: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\winwu32.exe" /s (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 04 August 2005 - 08:58 PM

(STEP 1)

Please download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
________
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 01 September 2005 - 12:01 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users