Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window Media Player Problem; Games Gone Also


  • Please log in to reply
3 replies to this topic

#1 jupiter

jupiter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 10 January 2006 - 09:36 AM

I have been having problems with my Window Media Player v.10. I entered my first post on Dec. 30, 2005 in the Audio/Video Discussion area. I have contiued to attempt different methods of curing the problem and have posted progress reports to keep everyone up on what's happening here. I still have the same problem. The latest reply suggested I try HiJack This, so I've installed that and below is my scan log. To save space here please refer to my previous postings. Your help is very much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:11:24 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
F:\Program Files\Messenger\MSMSGS.EXE
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
F:\Program Files\Symantec\WinFax\WFXCTL32.EXE
F:\Program Files\Nikon\NkView6\NkvMon.exe
F:\Program Files\Norton Utilities\SYSDOC32.EXE
F:\Corel\Office7\Dad7\QUICK.EXE
F:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
F:\Program Files\Forward Design\PopUp Hitman\PopUp Hitman.exe
F:\WINDOWS\system32\devldr32.exe
F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Program Files\Norton Utilities\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\System32\WFXSVC.EXE
F:\Program Files\Symantec\WinFax\WFXMOD32.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\DOCUME~1\STEPHA~1.SMI\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suscombroadband.com/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FE691B94-556F-8658-9410-F247687080F7} - F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\GRIDSA~1\surf list.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [hpppta] F:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickFinder Scheduler] f:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [internet mail more file] F:\Documents and Settings\All Users\Application Data\findjugsinternetmail\DriveBait.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "F:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [owns meow] F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\KINDFA~1\InsidePlan.exe
O4 - Startup: Corel Desktop Application Director.LNK = F:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = F:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: PopUp Hitman.lnk = F:\Program Files\Forward Design\PopUp Hitman\PopUp Hitman.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Controller.LNK = F:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = F:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Norton System Doctor.lnk = F:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\System32\WFXSVC.EXE

BC AdBot (Login to Remove)

 


m

#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 19 January 2006 - 09:25 PM

Hi jupiter,

Back again eh?

You have a LOP infection and possibly something else causing the problems with WMP. Since it's been a few days since you've posted a log, let's start out by posting a fresh log so I can see if anything has changed. Please describe what you may have done to fix the problem and what is happening with your system now (since you posted your last log).

Also make sure you have followed all the instructions in this topic before you post your new log:

Preparation Guide For Use Before Posting A Hijackthis Log

You also forgot to unzip HijackThis. This needs to be done before fixing items with HijackThis so that the backups it makes are secure. Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 jupiter

jupiter
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 01 February 2006 - 11:37 AM

OK, I'm finally back. Sorry for the delay. Was out of town for awhile. So, since your last posting I have downloaded and run SpyBot, McCaffee Stinger, HJT (unzipped as you requested) and Norton AV. My most recent log is posted below:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:21 AM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
F:\Program Files\Messenger\MSMSGS.EXE
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
F:\Program Files\Symantec\WinFax\WFXCTL32.EXE
F:\Program Files\Nikon\NkView6\NkvMon.exe
F:\Program Files\Norton Utilities\SYSDOC32.EXE
F:\Corel\Office7\Dad7\QUICK.EXE
F:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
F:\Program Files\Forward Design\PopUp Hitman\PopUp Hitman.exe
F:\WINDOWS\system32\devldr32.exe
F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Program Files\Norton Utilities\NPROTECT.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\System32\WFXSVC.EXE
F:\Program Files\Symantec\WinFax\WFXMOD32.EXE
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suscombroadband.com/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FE691B94-556F-8658-9410-F247687080F7} - F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\GRIDSA~1\surf list.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [hpppta] F:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickFinder Scheduler] f:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [internet mail more file] F:\Documents and Settings\All Users\Application Data\findjugsinternetmail\DriveBait.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "F:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [owns meow] F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\KINDFA~1\InsidePlan.exe
O4 - Startup: Corel Desktop Application Director.LNK = F:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = F:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: PopUp Hitman.lnk = F:\Program Files\Forward Design\PopUp Hitman\PopUp Hitman.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Controller.LNK = F:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = F:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Norton System Doctor.lnk = F:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\System32\WFXSVC.EXE

Thanks for your time and attention.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 03 February 2006 - 12:36 AM

OK, still having problems with WMP? Lets get rid of LOP and see what else we can get some other tools to clean up.

Download and install the trial version of Ewido Security Suite.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch Ewido by double-clicking the desktop icon.
- You may get a message that the database could not be found. This is normal-- click the OK button.
- The program will now go to the main screen.
- On the left hand side of the main screen click update.
- Click on Start update.
- The update will start and a progress bar will show the updates being installed.
Once the updates are installed close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Reboot your computer into Safe Mode.

Scan with HijackThis and put a check by the following:

O2 - BHO: (no name) - {FE691B94-556F-8658-9410-F247687080F7} - F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\GRIDSA~1\surf list.exe (file missing)
O4 - HKLM\..\Run: [internet mail more file] F:\Documents and Settings\All Users\Application Data\findjugsinternetmail\DriveBait.exe
O4 - HKCU\..\Run: [owns meow] F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\KINDFA~1\InsidePlan.exe


Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.

Delete the following folders--Windows abbreviates long file and folder names. For example:

F:\DOCUME~1\STEPHA~1.SMI\APPLIC~1\GRIDSA~1 should be:

F:\Documents and Settings\STEPHA~1.SMI<--your user accont/profile name that begins with STEPHA\Application Data\GRIDSA~1<--a folder name that begins with GRIDSA that will contain the file surf list.exe.

LOP strings together a random set of words. So delete these:

F:\Documents and Settings\STEPHA~1.SMI\Application Data\GRIDSA~1<--contains the file surf list.exe
F:\Documents and Settings\All Users\Application Data\findjugsinternetmail
F:\Documents and Settings\STEPHA~1.SMI\Application Data\KINDFA~1<--contains the file InsidePlan.exe

Click on Start> Run.
Type in tasks & click OK
In the ensuing window, click on the Advanced menu (located above) & select View Hidden Tasks.
Look for any tasks/jobs that consist of a mixture of 16 random upper case letters and numbers. They will look like the following examples but may not have the .job extension:

A034B7FF91BB36BB.job
A06F1FEF91A49933.job
A2C3205A93B8CDFA.job
A36F645091B91BF0.job
A42C6F7190EFE559.job

Delete any found by selecting the task, right click and choose Delete.
  • Open Ewido and click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot back into normal mode and perform an online scan with Panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button.
- A new window will open...click the Check Now button.
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it.
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan.
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log.

Download fl.zip.
Extract the contents to a new folder on Desktop. (It will NOT work properly if it's not unzipped)
Locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

So I will need to see these logs in your next reply:

1. Ewido
2. Panda
3. HijackThis
4. fl.bat

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users