Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi :) Please Look At My Hjt Log


  • Please log in to reply
1 reply to this topic

#1 Jsakas

Jsakas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 October 2005 - 11:55 PM

I feel like my computer is running a lot slower then it should, I came here about a year ago on a different user name and you guys did a lot for me so I'm back again, here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:46 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\3Com_DMI\3CDMINIC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jon\LOCALS~1\Temp\Rar$EX15.641\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file

missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Titan FTP Server Tray App] C:\Program Files\South River

Technologies\Titan FTP Server\srxTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [dlfisaq] c:\windows\system32\vxcxgc.exe
O4 - HKLM\..\Run: [esvirde] C:\WINDOWS\system32\dbvfcv.exe r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

https://components.viewpoint.com/MTSInstall....viewpoint.com/

cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.08.43&unknown&unknown&http://www.scion.c

om/scionConfigApp/scion/viewsection.jsp?forceLoad=1
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -

http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -

http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co...eb_site.cab?110

2283215749
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation -

C:\WINDOWS\system32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,

Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner -

C:\WINDOWS\system32\srxTitan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:57 PM

Posted 30 October 2005 - 12:42 PM

Next time you post a log, please turn off wordwrap in notepad.

Sorry for some reason I did not receive a notification that you replied.


Ok, let's get started. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Download and install ewido security suite. Update the program and then close it. Do not run it yet.

Step #2

Open Notepad and copy/paste the text in the quotebox below into the new document:

@ECHO OFF
process -k explorer.exe
cd %windir%
Nail.exe /fullremove
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
start explorer.exe
exit


Save the document to your desktop as fixnail.bat and close Notepad.

Step #3

Start in Safe Mode Using the F8 method:

* Restart the computer.
* As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.

Step #4

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file
missing)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dlfisaq] c:\windows\system32\vxcxgc.exe
O4 - HKLM\..\Run: [esvirde] C:\WINDOWS\system32\dbvfcv.exe r
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #5

Locate the fixnail.bat file on your desktop and double-click on it to run it.

Step #6

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #7

Start ewido and click the Scanner button and then click the Start button. Let it run to completion and fix everything it finds.

Step #8

Delete the following files:

C:\WINDOWS\dinst.exe
c:\windows\system32\vxcxgc.exe
C:\WINDOWS\system32\dbvfcv.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\dsr.dll

Step #9


OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users