Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis! Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 Nitestride

Nitestride

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 25 July 2006 - 06:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:06:02 PM, on 7/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Doug\Desktop\Anti-Spyware\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {5C7B9A17-5DDD-000C-F2EA-73D58C03EBC3} - C:\WINDOWS\System32\vusc.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\vxiut.exe
F2 - REG:system.ini: UserInit=userinit.exe,htoxewi.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C7B9A17-5DDD-000C-F2EA-73D58C03EBC3} - C:\WINDOWS\System32\vusc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
O4 - HKLM\..\Run: [vptray] C:\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Lrup] "C:\WINDOWS\System32\ECURIT~1\wuaclt.exe" -vt yazr
O4 - HKCU\..\Run: [Suwluhy] C:\WINDOWS\system32\?ymbols\w?wexec.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\BlackICE\blackice.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://W:\components\hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://W:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://W:\components\wmvhdrating.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\System32\pmnqguh.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\BlackICE\rapapp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

BC AdBot (Login to Remove)

 


m

#2 Nitestride

Nitestride
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 25 July 2006 - 10:01 PM

ni.

(I know this takes time. Not being impatient, but I couldn't find this post without sifting through all of them, so I'm only bumping it so I can check it tomorrow.)

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:59 AM

Posted 26 July 2006 - 11:18 AM

Welcome aboard :thumbsup:

Please download Qoofix © RubbeR DuckY:
  • Unzip all files to a convenient location such as C:\Qoofix.
  • Go to the folder you unzipped all files and double-click Qoofix.exe.
  • Click Begin Removal and wait for the scan to finish.
  • If an infection has been found, select yes to restart your computer.
  • Post back with the contents of the Qoofix logfile in your next reply.

    Note: If you have problems with the Qoofix logfile, open it manually from its own folder -> C:\Qoofix.
---

Next..

Please download SmitfraudFix © S!Ri
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

---

Then please download and run the following uninstaller:

http://www.outerinfo.com/OiUninstaller.exe

---

Reboot after running the uninstaller and post back with: the contents of the SmitFraudFix rapport, the QooFix log aswell as a fresh HijackThis log. :flowers:
Hi there, stranger!

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:59 AM

Posted 02 August 2006 - 02:06 PM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.

Topic reopened due to user request :thumbsup:

Edited by Rawe, 03 August 2006 - 11:05 AM.

Hi there, stranger!

#5 Nitestride

Nitestride
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 03 August 2006 - 01:52 PM

Many Thanks!

During the running of these tools, Symantec Antivirus was popping up a Trjoan.Zlob message in a handfull of files...

Here's my logs:

Qoofix Logfile.txt
----------------------

Qoofix v1.03 by http://www.malwarebytes.org
Scan started on [8/3/2006] at [10:51:37 AM]
-------------------------------------------------------------
Terminated module: mvqqkat.dll found in Qoofix.exe (1188)
Terminated module: mvqqkat.dll found in explorer.exe (1720)
Terminated module: mvqqkat.dll found in goqqtq.exe (440)
Terminated module: mvqqkat.dll found in vxiut.exe (444)
Terminated module: mvqqkat.dll found in vxiut.exe (1248)
Terminated module: mvqqkat.dll found in vxiut.exe (1132)
Terminated module: mvqqkat.dll found in isnotify.exe (464)
Terminated module: mvqqkat.dll found in razerhid.exe (2152)
Terminated module: mvqqkat.dll found in VPTray.exe (2160)
Terminated module: mvqqkat.dll found in iTunesHelper.exe (2184)
Terminated module: mvqqkat.dll found in razerofa.exe (2364)
Terminated module: mvqqkat.dll found in winampa.exe (3052)
Terminated module: mvqqkat.dll found in daemon.exe (3060)
Terminated module: mvqqkat.dll found in SOUNDMAN.EXE (3068)
Terminated module: mvqqkat.dll found in rundll32.exe (3100)
Terminated module: mvqqkat.dll found in ctfmon.exe (3112)
Terminated module: mvqqkat.dll found in w?wexec.exe (3192)
Terminated module: mvqqkat.dll found in zwqwm.exe (3328)
Terminated module: mvqqkat.dll found in zwqwa.exe (3348)
Terminated module: mvqqkat.dll found in blackice.exe (3512)
-------------------------------------------------------------
C:\WINDOWS\System32\goqqtq.exe will be deleted on reboot!
C:\WINDOWS\System32\htoxewi.exe will be deleted on reboot!
C:\WINDOWS\System32\lmgtf.dat will be deleted on reboot!
C:\WINDOWS\System32\mvqqkat.dll will be deleted on reboot!
C:\WINDOWS\System32\vxiut.exe will be deleted on reboot!
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xwdra.exe will be deleted on reboot!
C:\WINDOWS\unwn.exe will be deleted on reboot!
C:\WINDOWS\System32\dmonwv.dll will be deleted on reboot!

User prompted NO to reboot, please reboot manually...
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [8/3/2006] at [10:57:11 AM]

Note: Some registry keys may have been removed.

**********************************************************************************


rapport.txt (from SmitFraud)
----------------------------------

SmitFraudFix v2.79

Scan done at 10:57:58.92, Thu 08/03/2006
Run from C:\Documents and Settings\Doug\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

C:\Documents and Settings\Doug\Application Data


Start Menu


C:\DOCUME~1\Doug\FAVORI~1

C:\DOCUME~1\Doug\FAVORI~1\Antivirus Test Online.url FOUND !

Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

C:\Program Files

C:\Program Files\Safety Bar\ FOUND !
C:\Program Files\SpyQuake2.com\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


Scanning wininet.dll infection


End

#6 Nitestride

Nitestride
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 14 August 2006 - 07:55 AM

So - no new instructions for me?

#7 Nitestride

Nitestride
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 23 August 2006 - 10:29 AM

My last thread seemed to have fizzled, and I still seem to have a problem.

So - here is my most recent Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:02 AM, on 8/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\BlackICE\blackd.exe
C:\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Razer\razerhid.exe
C:\SYMANT~1\vptray.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Razer\razerofa.exe
C:\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\iPod\bin\iPodService.exe
C:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Doug\Desktop\Anti-Spyware\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\vxiut.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,htoxewi.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E262BB3A-2FF6-212D-8CF8-5717C0F45DCA} - C:\WINDOWS\System32\yrtzsr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [razer] C:\Razer\razerhid.exe
O4 - HKLM\..\Run: [vptray] C:\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Adobe Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\BlackICE\blackice.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://W:\components\hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://W:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://W:\components\wmvhdrating.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\BlackICE\rapapp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 25 August 2006 - 10:16 AM

Hi Nitestride,

I've merged your new thread with the older one. My apologies that you got no answer, I can only assume Rawe didn't get an email notice that you had replied, which unfortunately happens on occasion. I'll contact him and make sure he knows you still need help.

In future please do not start another thread for the same issue. If you feel you've been abondoned, give us notice in the following thread and we will take care of it: http://www.bleepingcomputer.com/forums/topic14717.html

Also you mentioned having a hard time finding your topic. Look toward the top right of your first post and click on Options and then Track this topic in the drop down list. From there I recommend Immediate notification. I prefer to get email notice for any topic I suspscribe to, so you can also follow the instructions in Step 2 here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

In the meantime, please delete your copy of SmitFraudFix and redownload and run it according to Raw's earlier instructions. It's been updated. Post the log from it and a new HijackThis log, then we will get started on the cleanup.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:59 AM

Posted 25 August 2006 - 11:31 AM

Hello Nitestride & Papakid,

I'm sorry for not continuing with the instructions, looks like I missed the subscription completely. :thumbsup:

Papakid, do you want to take the log from here or do I take care of it?
Hi there, stranger!

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 25 August 2006 - 12:21 PM

All yours, Rawe :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:59 AM

Posted 15 September 2006 - 06:01 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users