Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log File: Expert Help Required To Diagnose!


  • This topic is locked This topic is locked
9 replies to this topic

#1 mr_smith

mr_smith

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 September 2006 - 08:50 AM

Hi guys, a short while back i inadvertently ended the process tree of Windows Explorer from the task manager. Ever since my computer has never been the same, not just the general speed but things like not letting me access command prompt, not responding when i search through files etc.
Here is my log and thanks in advance for any help you guys can offer!



Logfile of HijackThis v1.99.1
Scan saved at 14:41:45, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ipzk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\svcnvt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Danny 2.EVERTON\My Documents\Unzipped\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided By Wanadoo
R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0A9AC70B-D55C-F5E0-B29D-89941C454F9E} - C:\WINDOWS\apies32.dll
O2 - BHO: Class - {0C15FBBF-B80F-96ED-6EE4-997206532B11} - C:\WINDOWS\crrh32.dll
O2 - BHO: Class - {0C2FEE74-57FE-9E11-0066-4B3674EE41B9} - C:\WINDOWS\mfctk32.dll
O2 - BHO: Class - {0F1C3739-CC5D-6992-6F47-EE686EE4D193} - C:\WINDOWS\iebd.dll
O2 - BHO: Class - {10DCC6BF-4320-96ED-E95C-D51538F50933} - C:\WINDOWS\system32\winvc32.dll
O2 - BHO: Class - {1150B906-9787-9B41-57FE-0707E655DD60} - C:\WINDOWS\system32\iplu.dll
O2 - BHO: Class - {116B5897-9869-1B77-3DC7-646F9CB58D2B} - C:\WINDOWS\system32\mssf32.dll
O2 - BHO: Class - {11ED9DA4-522D-1169-0632-D92D9FEBB3F0} - C:\WINDOWS\system32\atlsp32.dll
O2 - BHO: Class - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - C:\WINDOWS\system32\cryw32.dll
O2 - BHO: Class - {13EC115E-BB2C-7F02-A3BD-83D068848141} - C:\WINDOWS\system32\winsa32.dll
O2 - BHO: Class - {153BA99B-DBE0-E2BE-1997-47DB1BCF3E65} - C:\WINDOWS\addjt.dll
O2 - BHO: Class - {17AF3D30-061C-15C3-F3DD-FF77212FA819} - C:\WINDOWS\system32\iesi32.dll
O2 - BHO: Class - {1C802FC2-0FBE-6831-98C8-B57153BA99B1} - C:\WINDOWS\msno.dll
O2 - BHO: Class - {1F49118B-CE28-E736-9A74-BB3462551B2C} - C:\WINDOWS\apids.dll
O2 - BHO: Class - {2439DCBB-DA51-FB1C-927A-CC1E586A8D00} - C:\WINDOWS\system32\addyk32.dll
O2 - BHO: Class - {32411A5D-AEB5-6507-BD50-A6A678D49817} - C:\WINDOWS\mfcul32.dll
O2 - BHO: Class - {4D4601F5-8E7E-0E4E-5736-315F1F6D86C7} - C:\WINDOWS\system32\winaw32.dll
O2 - BHO: Class - {50869ABA-33E9-4196-7AEE-75E885433BAA} - C:\WINDOWS\netre32.dll
O2 - BHO: Class - {52B2CB22-30E3-B0AD-A1D3-8E7E7FD2A9BA} - C:\WINDOWS\javapg.dll
O2 - BHO: Class - {560E5B6E-818D-D734-6E90-6B02A8D4A3BA} - C:\WINDOWS\system32\atlwa32.dll
O2 - BHO: Class - {58F75656-4DDB-E2A7-FD0E-2A83E69FE7B2} - C:\WINDOWS\system32\sysht.dll
O2 - BHO: - {59B814F9-F732-476D-8B37-73A3C359FA2E} - C:\WINDOWS\lbbho.dll
O2 - BHO: Class - {5AE7D4AD-FC97-9E4E-DB12-EE4595280A73} - C:\WINDOWS\syszn.dll
O2 - BHO: Class - {610146D6-50AE-6627-57CD-E713C4595869} - C:\WINDOWS\iekn32.dll
O2 - BHO: Class - {66986988-5B7C-BCCE-8321-B70B3F482869} - C:\WINDOWS\system32\addeb32.dll
O2 - BHO: Class - {6C7FF605-A242-47BA-6F53-DF6E15E38036} - C:\WINDOWS\system32\apiau.dll
O2 - BHO: Class - {6D300628-EE43-722F-B0FB-28A73151168F} - C:\WINDOWS\mssf32.dll
O2 - BHO: XBTP04910 - {73C53351-46F7-4895-82C9-EB1F2CB77BFB} - C:\PROGRA~1\CONGOO~1\congoo.dll
O2 - BHO: Class - {758EC25A-11D7-6312-0626-180A669A98BF} - C:\WINDOWS\addeo32.dll
O2 - BHO: Class - {7DB64B28-1BB0-D8F6-CB9A-E8FB11BD47AD} - C:\WINDOWS\system32\javayp.dll
O2 - BHO: Class - {8B118993-5C36-8BA8-1141-71794E0D9F1C} - C:\WINDOWS\system32\addks.dll
O2 - BHO: Class - {8F3AD9AB-7DFD-A5AF-23F0-F6986A9DB089} - C:\WINDOWS\system32\msnu32.dll
O2 - BHO: Class - {8F7588D6-7A8B-1766-6205-203FDF6F7347} - C:\WINDOWS\system32\ntuo32.dll
O2 - BHO: Class - {93FD03BB-BE2C-90D0-AFDC-EEA007E4254F} - C:\WINDOWS\apieh.dll
O2 - BHO: Class - {989E3425-E5E7-7685-2270-F4CEB77CC397} - C:\WINDOWS\d3qe32.dll
O2 - BHO: Class - {9A8FA81A-5DB1-391E-A47A-E2064E5B330E} - C:\WINDOWS\d3yn.dll
O2 - BHO: Class - {A3ABABDA-544D-9E70-AE96-BE2F5DCF0B5A} - C:\WINDOWS\system32\sdkem32.dll
O2 - BHO: Class - {A45624B1-C0BE-EFD2-7D06-BC3E9D3F449E} - C:\WINDOWS\adddf32.dll
O2 - BHO: Class - {AC5DA795-EB4D-33C1-2B1B-233A235E8A80} - C:\WINDOWS\ntup.dll
O2 - BHO: Class - {AF490C36-6A8D-7183-CFE9-1C64B1EF4B11} - C:\WINDOWS\ipoq32.dll
O2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\winte.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\WINDOWS\windv.dll
O2 - BHO: Class - {C486F978-8D65-4A98-0179-CD984597B279} - C:\WINDOWS\system32\sysjo.dll
O2 - BHO: Class - {CC08AA37-8C73-9A94-DD4C-F1ADE175874D} - C:\WINDOWS\ipol.dll
O2 - BHO: Class - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O2 - BHO: Class - {CDF42652-3705-BFD1-B061-1F21BA9B7A66} - C:\WINDOWS\apiky32.dll
O2 - BHO: Class - {CFC2CF30-BAD3-6B1F-4A72-6F6A8D1F61C6} - C:\WINDOWS\crsc32.dll
O2 - BHO: TChkBHO Class - {D7FE73D8-3E0E-4223-A2DA-84EB5D45DCD9} - C:\WINDOWS\system32\hockkt.dll (file missing)
O2 - BHO: Class - {D9B36A97-B062-4314-8710-7E66C8DEF572} - C:\WINDOWS\appia.dll
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\javaua.dll
O2 - BHO: Class - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - C:\WINDOWS\system32\addfd.dll
O2 - BHO: Class - {E7CE6792-3A0F-7F24-39AB-196D1DEFE957} - C:\WINDOWS\msvs.dll
O2 - BHO: Class - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - C:\WINDOWS\system32\winlb32.dll
O2 - BHO: Class - {EC52FBF5-32D9-5FC7-AF38-42B291F85451} - C:\WINDOWS\system32\ierr.dll
O2 - BHO: Class - {ECF3E959-3C16-6510-2542-94E05BB2E685} - C:\WINDOWS\sdkbq32.dll
O2 - BHO: Class - {F21EB9D5-50A5-AD0F-81BE-3C41DEE67AF6} - C:\WINDOWS\crxo32.dll
O2 - BHO: Class - {F2AD2848-8172-9288-2631-44FB35F261F5} - C:\WINDOWS\sdkic.dll
O2 - BHO: Class - {F9611D23-F7B8-A44B-E962-46EE65E5DBA4} - C:\WINDOWS\sysne32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Congoo NetPass - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - C:\Program Files\Congoo NetPass\congoo.dll
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [sysuh32.exe] C:\WINDOWS\sysuh32.exe
O4 - HKLM\..\Run: [xwiz] FLKPT.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\Documents and Settings\Danny 2.EVERTON\Local Settings\Temporary Internet Files\Content.IE5\M1JGH4ZU\WinFixer2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [srbho] MONITER.exe
O4 - HKLM\..\Run: [iesetupdll] DCC_send.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dmmhy.exe] C:\WINDOWS\system32\dmmhy.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [sysconf16] killall.exe
O4 - HKCU\..\Run: [Preliminary] xsetup.exe
O4 - HKCU\..\Run: [BoundRec] br0ken.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Congoo NetPass - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - C:\Program Files\Congoo NetPass\congoo.dll
O9 - Extra 'Tools' menuitem: Congoo NetPass - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - C:\Program Files\Congoo NetPass\congoo.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} - http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} (Google Video Uploader ActX) - http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132609791421
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B954E0A9-3A44-4082-9758-34DEC1CAA575}: NameServer = 85.255.116.70 85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2106E32-19FB-4234-A2A2-8F8F4C2BB51D}: NameServer = 85.255.116.70,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC734A4B-B502-44BB-8D27-BF69BC01F05B}: NameServer = 85.255.116.70,85.255.112.120
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\ipzk.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 30 September 2006 - 02:34 PM

Hello mr_smith,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#3 mr_smith

mr_smith
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 September 2006 - 05:55 PM

ok Rosty, all your help is greatly appreciated!!
i look forward to hearing from you :thumbsup:

#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 03 October 2006 - 10:49 AM

Hi mr_smith,
you've not been forgotten.
Thanks for your patient.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 04 October 2006 - 12:42 PM

Hi mr_smith,
welcome to BleepingComputer.
My name is Rosty and I'm going to help you with your log.

Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.

3) To start the scan, Click > "Scan Now" at left
  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.
  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.
Download about:buster by RubbeRDuckY Here.
Download CWShredder Here to its own folder.

Save these files somewhere you will remember like to the Desktop.

Update About:Buster
Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster

Update CWShredder
[*]Open CWShredder and click I AGREE
[*]Click Check For Update
[*]Close CWShredder

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

Please run about:buster by RubbeRDuckY:
Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Reboot in normal mode.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) , save it to your desktop.

Please open HijackThis and click do a scan only and place a check next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pnfuk.dll/sp.html#22048
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0A9AC70B-D55C-F5E0-B29D-89941C454F9E} - C:\WINDOWS\apies32.dll
O2 - BHO: Class - {0C15FBBF-B80F-96ED-6EE4-997206532B11} - C:\WINDOWS\crrh32.dll
O2 - BHO: Class - {0C2FEE74-57FE-9E11-0066-4B3674EE41B9} - C:\WINDOWS\mfctk32.dll
O2 - BHO: Class - {0F1C3739-CC5D-6992-6F47-EE686EE4D193} - C:\WINDOWS\iebd.dll
O2 - BHO: Class - {10DCC6BF-4320-96ED-E95C-D51538F50933} - C:\WINDOWS\system32\winvc32.dll
O2 - BHO: Class - {1150B906-9787-9B41-57FE-0707E655DD60} - C:\WINDOWS\system32\iplu.dll
O2 - BHO: Class - {116B5897-9869-1B77-3DC7-646F9CB58D2B} - C:\WINDOWS\system32\mssf32.dll
O2 - BHO: Class - {11ED9DA4-522D-1169-0632-D92D9FEBB3F0} - C:\WINDOWS\system32\atlsp32.dll
O2 - BHO: Class - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - C:\WINDOWS\system32\cryw32.dll
O2 - BHO: Class - {13EC115E-BB2C-7F02-A3BD-83D068848141} - C:\WINDOWS\system32\winsa32.dll
O2 - BHO: Class - {153BA99B-DBE0-E2BE-1997-47DB1BCF3E65} - C:\WINDOWS\addjt.dll
O2 - BHO: Class - {17AF3D30-061C-15C3-F3DD-FF77212FA819} - C:\WINDOWS\system32\iesi32.dll
O2 - BHO: Class - {1C802FC2-0FBE-6831-98C8-B57153BA99B1} - C:\WINDOWS\msno.dll
O2 - BHO: Class - {1F49118B-CE28-E736-9A74-BB3462551B2C} - C:\WINDOWS\apids.dll
O2 - BHO: Class - {2439DCBB-DA51-FB1C-927A-CC1E586A8D00} - C:\WINDOWS\system32\addyk32.dll
O2 - BHO: Class - {32411A5D-AEB5-6507-BD50-A6A678D49817} - C:\WINDOWS\mfcul32.dll
O2 - BHO: Class - {4D4601F5-8E7E-0E4E-5736-315F1F6D86C7} - C:\WINDOWS\system32\winaw32.dll
O2 - BHO: Class - {50869ABA-33E9-4196-7AEE-75E885433BAA} - C:\WINDOWS\netre32.dll
O2 - BHO: Class - {52B2CB22-30E3-B0AD-A1D3-8E7E7FD2A9BA} - C:\WINDOWS\javapg.dll
O2 - BHO: Class - {560E5B6E-818D-D734-6E90-6B02A8D4A3BA} - C:\WINDOWS\system32\atlwa32.dll
O2 - BHO: Class - {58F75656-4DDB-E2A7-FD0E-2A83E69FE7B2} - C:\WINDOWS\system32\sysht.dll
O2 - BHO: - {59B814F9-F732-476D-8B37-73A3C359FA2E} - C:\WINDOWS\lbbho.dll
O2 - BHO: Class - {5AE7D4AD-FC97-9E4E-DB12-EE4595280A73} - C:\WINDOWS\syszn.dll
O2 - BHO: Class - {610146D6-50AE-6627-57CD-E713C4595869} - C:\WINDOWS\iekn32.dll
O2 - BHO: Class - {66986988-5B7C-BCCE-8321-B70B3F482869} - C:\WINDOWS\system32\addeb32.dll
O2 - BHO: Class - {6C7FF605-A242-47BA-6F53-DF6E15E38036} - C:\WINDOWS\system32\apiau.dll
O2 - BHO: Class - {6D300628-EE43-722F-B0FB-28A73151168F} - C:\WINDOWS\mssf32.dll
O2 - BHO: XBTP04910 - {73C53351-46F7-4895-82C9-EB1F2CB77BFB} - C:\PROGRA~1\CONGOO~1\congoo.dll
O2 - BHO: Class - {758EC25A-11D7-6312-0626-180A669A98BF} - C:\WINDOWS\addeo32.dll
O2 - BHO: Class - {7DB64B28-1BB0-D8F6-CB9A-E8FB11BD47AD} - C:\WINDOWS\system32\javayp.dll
O2 - BHO: Class - {8B118993-5C36-8BA8-1141-71794E0D9F1C} - C:\WINDOWS\system32\addks.dll
O2 - BHO: Class - {8F3AD9AB-7DFD-A5AF-23F0-F6986A9DB089} - C:\WINDOWS\system32\msnu32.dll
O2 - BHO: Class - {8F7588D6-7A8B-1766-6205-203FDF6F7347} - C:\WINDOWS\system32\ntuo32.dll
O2 - BHO: Class - {93FD03BB-BE2C-90D0-AFDC-EEA007E4254F} - C:\WINDOWS\apieh.dll
O2 - BHO: Class - {989E3425-E5E7-7685-2270-F4CEB77CC397} - C:\WINDOWS\d3qe32.dll
O2 - BHO: Class - {9A8FA81A-5DB1-391E-A47A-E2064E5B330E} - C:\WINDOWS\d3yn.dll
O2 - BHO: Class - {A3ABABDA-544D-9E70-AE96-BE2F5DCF0B5A} - C:\WINDOWS\system32\sdkem32.dll
O2 - BHO: Class - {A45624B1-C0BE-EFD2-7D06-BC3E9D3F449E} - C:\WINDOWS\adddf32.dll
O2 - BHO: Class - {AC5DA795-EB4D-33C1-2B1B-233A235E8A80} - C:\WINDOWS\ntup.dll
O2 - BHO: Class - {AF490C36-6A8D-7183-CFE9-1C64B1EF4B11} - C:\WINDOWS\ipoq32.dll
O2 - BHO: Class - {BAF90AF4-4A3B-FBEB-2AC8-B906DF47DCF3} - C:\WINDOWS\winte.dll
O2 - BHO: Class - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\WINDOWS\windv.dll
O2 - BHO: Class - {C486F978-8D65-4A98-0179-CD984597B279} - C:\WINDOWS\system32\sysjo.dll
O2 - BHO: Class - {CC08AA37-8C73-9A94-DD4C-F1ADE175874D} - C:\WINDOWS\ipol.dll
O2 - BHO: Class - {CD2B4E39-CD9B-C98A-ED81-38BBFD853B81} - C:\WINDOWS\system32\winmg32.dll
O2 - BHO: Class - {CDF42652-3705-BFD1-B061-1F21BA9B7A66} - C:\WINDOWS\apiky32.dll
O2 - BHO: Class - {CFC2CF30-BAD3-6B1F-4A72-6F6A8D1F61C6} - C:\WINDOWS\crsc32.dll
O2 - BHO: TChkBHO Class - {D7FE73D8-3E0E-4223-A2DA-84EB5D45DCD9} - C:\WINDOWS\system32\hockkt.dll (file missing)
O2 - BHO: Class - {D9B36A97-B062-4314-8710-7E66C8DEF572} - C:\WINDOWS\appia.dll
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\javaua.dll
O2 - BHO: Class - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - C:\WINDOWS\system32\addfd.dll
O2 - BHO: Class - {E7CE6792-3A0F-7F24-39AB-196D1DEFE957} - C:\WINDOWS\msvs.dll
O2 - BHO: Class - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - C:\WINDOWS\system32\winlb32.dll
O2 - BHO: Class - {EC52FBF5-32D9-5FC7-AF38-42B291F85451} - C:\WINDOWS\system32\ierr.dll
O2 - BHO: Class - {ECF3E959-3C16-6510-2542-94E05BB2E685} - C:\WINDOWS\sdkbq32.dll
O2 - BHO: Class - {F21EB9D5-50A5-AD0F-81BE-3C41DEE67AF6} - C:\WINDOWS\crxo32.dll
O2 - BHO: Class - {F2AD2848-8172-9288-2631-44FB35F261F5} - C:\WINDOWS\sdkic.dll
O2 - BHO: Class - {F9611D23-F7B8-A44B-E962-46EE65E5DBA4} - C:\WINDOWS\sysne32.dll
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [sysuh32.exe] C:\WINDOWS\sysuh32.exe
O4 - HKLM\..\Run: [xwiz] FLKPT.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\Documents and Settings\Danny 2.EVERTON\Local Settings\Temporary Internet Files\Content.IE5\M1JGH4ZU\WinFixer2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [srbho] MONITER.exe
O4 - HKLM\..\Run: [iesetupdll] DCC_send.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [sysconf16] killall.exe
O4 - HKCU\..\Run: [Preliminary] xsetup.exe
O4 - HKCU\..\Run: [BoundRec] br0ken.exe
O9 - Extra button: Congoo NetPass - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - C:\Program Files\Congoo NetPass\congoo.dll
O9 - Extra 'Tools' menuitem: Congoo NetPass - {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - C:\Program Files\Congoo NetPass\congoo.dll
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} - http://www.thepaymentcentre.com/build/preload2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B954E0A9-3A44-4082-9758-34DEC1CAA575}: NameServer = 85.255.116.70 85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2106E32-19FB-4234-A2A2-8F8F4C2BB51D}: NameServer = 85.255.116.70,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC734A4B-B502-44BB-8D27-BF69BC01F05B}: NameServer = 85.255.116.70,85.255.112.120
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\ipzk.exe

Now close all windows other than HiJackThis, then click Fix Checked.Exit HijackThis.

Please go to Start--> control panel-->Add/Remove Program and remove the following:
UnSpyPC
Congoo NetPass

Please delete these files/folders using Windows Explorer(if present):

C:\WINDOWS\apies32.dll
C:\WINDOWS\crrh32.dll
C:\WINDOWS\mfctk32.dll
C:\WINDOWS\iebd.dll
C:\WINDOWS\system32\winvc32.dll
C:\WINDOWS\system32\iplu.dll
C:\WINDOWS\system32\mssf32.dll
C:\WINDOWS\system32\atlsp32.dll
C:\WINDOWS\system32\cryw32.dll
C:\WINDOWS\system32\winsa32.dll
C:\WINDOWS\addjt.dll
C:\WINDOWS\system32\iesi32.dll
C:\WINDOWS\msno.dll
C:\WINDOWS\apids.dll
C:\WINDOWS\system32\addyk32.dll
C:\WINDOWS\mfcul32.dll
C:\WINDOWS\system32\winaw32.dll
C:\WINDOWS\netre32.dll
C:\WINDOWS\javapg.dll
C:\WINDOWS\system32\atlwa32.dll
C:\WINDOWS\system32\sysht.dll
C:\WINDOWS\lbbho.dll
C:\WINDOWS\syszn.dll
C:\WINDOWS\iekn32.dll
C:\WINDOWS\system32\addeb32.dll
C:\WINDOWS\system32\apiau.dll
C:\WINDOWS\mssf32.dll
C:\WINDOWS\addeo32.dll
C:\WINDOWS\system32\javayp.dll
C:\WINDOWS\system32\addks.dll
C:\WiNDOWS\system32\msnu32.dll
C:\WINDOWS\system32\ntuo32.dll
C:\WINDOWS\apieh.dll
C:\WINDOWS\d3qe32.dll
C:\WINDOWS\d3yn.dll
C:\WINDOWS\system32\sdkem32.dll
C:\WINDOWS\adddf32.dll
C:\WINDOWS\ntup.dll
C:\WINDOWS\ipoq32.dll
C:\WINDOWS\winte.dll
C:\WINDOWS\windv.dll
C:\WINDOWS\system32\sysjo.dll
C:\WINDOWS\ipol.dll
C:\WINDOWS\system32\winmg32.dll
C:\WINDOWS\apiky32.dll
C:\WINDOWS\crsc32.dll
C:\WINDOWS\system32\hockkt.dll
C:\WINDOWS\appia.dll
C:\WINDOWS\javaua.dll
C:\WINDOWS\system32\addfd.dll
C:\WINDOWS\msvs.dll
C:\WINDOWS\system32\winlb32.dll
C:\WINDOWS\system32\ierr.dll
C:\WINDOWS\sdkbq32.dll
C:\WINDOWS\crxo32.dll
C:\WINDOWS\sdkic.dll
C:\WINDOWS\sysne32.dll
C:\WINDOWS\system32\svcnvt.exe
C:\WINDOWS\sysuh32.exe
C:\WINDOWS\FLKPT.exe
C:\Program Files\winupdates <-- folder
C:\Program Files\RVP <-- folder
C:\Documents and Settings\Danny 2.EVERTON\Local Settings\Temporary Internet Files\Content.IE5\M1JGH4ZU <-- folder
C:\WINDOWS\MONITER.exe
C:\WINDOWS\DCC_send.exe
C:\Program Files\UnSpyPC <-- folder
C:\WINDOWS\killall.exe
C:\WINDOWS\xsetup.exe
C:\WINDOWS\ br0ken.exe
C:\Program Files\Congoo NetPass <-- folder
C:\WINDOWS\system32\ipzk.exe


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Reboot your computer and post a new HijackThis log and the report.txt from fixwareout, using the add reply button, please.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#6 mr_smith

mr_smith
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 08 October 2006 - 10:48 AM

thanks for this Rosty!! i'm about to go through the procedure and this may sound like a stupid question but can i reboot my computer through the BIOS? because the reboot floppy disk that came with the computer doesn't work as i've tried to re-boot in the past but failed!!

Thanks again!

#7 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 09 October 2006 - 04:58 AM

Hi mr_smith,

I guess that you mean the reboot into Safe Mode, if not please correct me. The reboot from floppy disc doesn't work because of the Operating System itself, you cannot run XP from a floppy.

How do I Safe Boot my computer?
Posted Image

#8 mr_smith

mr_smith
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 22 October 2006 - 12:59 PM

Hi Rosty!

sorry its taken me so long to reply, my server's been down and i've only just got re-connected to the net!

Anyway.. i followed all of the steps, but some didn't work:

i couldn't install Ad-Aware SE Personal as when i tried to unzip it it unzipped a file that didn't know what to open itself with

also i couldn't install Java Runtime Environment (JRE) 5.0 Update 9 because it tells me i need to get rid of the old Java software, which i already have done.



Here's my latest Hijack This Log File:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Danny 2.EVERTON\My Documents\Stuff\Unzipped\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\Documents and Settings\Danny 2.EVERTON\Local Settings\Temporary Internet Files\Content.IE5\M1JGH4ZU\WinFixer2006FreeInstall[1].exe" -nag
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132609791421
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


thanks again for all the help!

#9 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 22 October 2006 - 01:09 PM

Hi mr smith,
are you sure this log is taken in normal mode?
If not, please reboot to normal mode, make another scan with HiajckThis and post a new log here.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#10 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 11 November 2006 - 03:47 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users