|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-27-2005, 08:32 PM
|
#1 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
13 viruses?!?! 5 pops a sec. need help plz
according to housecall i have 13 viruses and can't seem to find them all and am currently recieving about five pop ups a second which is makin just writing this unbearable. if someone can help me with my log it would be greatly appreciated, thanks in advance
Logfile of HijackThis v1.99.1 Scan saved at 9:20:23 PM, on 4/27/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\System32\winupdt.exe C:\WINDOWS\System32\RUNDLL32.exe C:\windows\system32\btpdln.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\rprzrl.exe C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\Program Files\2Wire\2PortalMon.exe C:\WINDOWS\System32\csrlib32.exe C:\windows\system32\packager.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe c:\windows\system32\abzvgtm.exe C:\WINDOWS\System32\hpzcka.exe C:\WINDOWS\System32\crtios32.exe C:\WINDOWS\System32\hpzcka.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJTHotkey\HJTHotkey.exe C:\WINDOWS\System32\msorcl32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - blank (file missing) O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing) O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - blank (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [btpdln] c:\windows\system32\btpdln.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rprzrl.exe O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe O4 - HKLM\..\Run: [Nwtmcbx] C:\Program Files\Xoukh\Ikuod.exe O4 - HKLM\..\Run: [d4pw2r7k] C:\Program Files\d4pw2r7k\d4pw2r7k.exe O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe O4 - HKLM\..\Run: [ws8g32V] csrlib32.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [esstnz] c:\windows\system32\abzvgtm.exe O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [msyuv] C:\WINDOWS\System32\msyuv.exe O4 - HKCU\..\Run: [iviresize] C:\WINDOWS\System32\iviresize.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [hpzcka] C:\WINDOWS\System32\hpzcka.exe O4 - HKCU\..\Run: [hBrmRSZtU] crtios32.exe O4 - HKCU\..\Run: [msorcl32] C:\WINDOWS\System32\msorcl32.exe O4 - HKCU\..\RunOnce: [hpzcka] C:\WINDOWS\System32\hpzcka.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1114636417609 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
04-27-2005, 08:36 PM
|
#2 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
fyi
by the way the most annoying of these has seemed to be the mmviewer which although i can isolate, i can't seem to get rid of
|
|
|
|
|
04-27-2005, 08:47 PM
|
#3 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Download and install the Microsoft antispyware program and update it, then boot your machine into safemode with networking and rerun your housecall scans and run the microsoft scanner, (both in safemode) and then resubmit your HJT log.
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
|
04-27-2005, 10:08 PM
|
#4 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
new log... rescanning done
here it is thanx for replying so fast
Logfile of HijackThis v1.99.1 Scan saved at 11:06:31 PM, on 4/27/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\System32\msorcl32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe O4 - HKLM\..\Run: [Nwtmcbx] C:\Program Files\Xoukh\Ikuod.exe O4 - HKLM\..\Run: [d4pw2r7k] C:\Program Files\d4pw2r7k\d4pw2r7k.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [msyuv] C:\WINDOWS\System32\msyuv.exe O4 - HKCU\..\Run: [iviresize] C:\WINDOWS\System32\iviresize.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msorcl32] C:\WINDOWS\System32\msorcl32.exe O4 - HKCU\..\Run: [nmm32g] C:\WINDOWS\System32\nmm32g.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1114636417609 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
04-27-2005, 10:17 PM
|
#5 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
After running the scans in safemode did you manage to clean anything up? and have your popup's slowed down at all?
Highlight, then copy and paste your entire HJT log in to the box on this web page http://www.hijackthis.de/en it will give you some good hints on what to kill off via HJT, with a bit of luck Lobos will be around soon and I am sure he will have more things for you to do. |
|
|
|
|
04-27-2005, 10:28 PM
|
#6 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
I'm here I'just never seen those two entries go so easily NAIL and Svcproc.exe
I'm still not convinced they are gone but will see. if they repop back up again going throught he log now Lobos |
|
|
|
|
04-27-2005, 11:32 PM
|
#7 | |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
Hi ceresrules
Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Please run Notepad and copy the following text into a new file: Quote:
Download FindIt's.zip to your desktop: http://forums.net-integration.net/i...=post&id=142443 1. Unzip/extract the files inside to a folder on your desktop. ============================ Reboot to Safe Mode Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal. =============== Run HiJackThis and click "Scan", then check(tick) the following, if present: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe O4 - HKLM\..\Run: [Nwtmcbx] C:\Program Files\Xoukh\Ikuod.exe O4 - HKLM\..\Run: [d4pw2r7k] C:\Program Files\d4pw2r7k\d4pw2r7k.exe O4 - HKCU\..\Run: [msyuv] C:\WINDOWS\System32\msyuv.exe O4 - HKCU\..\Run: [iviresize] C:\WINDOWS\System32\iviresize.exe O4 - HKCU\..\Run: [msorcl32] C:\WINDOWS\System32\msorcl32.exe O4 - HKCU\..\Run: [nmm32g] C:\WINDOWS\System32\nmm32g.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab Now, with all windows closed except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders... C:\Program Files\Xoukh C:\Program Files\d4pw2r7k files... C:\WINDOWS\System32\msorcl32.exe C:\windows\system32\eliteduy32.exe C:\WINDOWS\System32\msyuv.exe C:\WINDOWS\System32\iviresize.exe C:\WINDOWS\System32\nmm32g.exe ============================== Run Ewido Run the scan and let it clean the PC Open the findit folder and run FindIt's.bat and wait for notepad to open a text file. It will take awhile so please be patient ... 3. Then post the results here please, along with the new HijackThis log. Let me know how it went Lobos. |
|
|
|
|
|
04-28-2005, 02:34 PM
|
#8 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
thanks guys
you guys are pretty darn good the pop ups are gone already , im sure this isnt a clean log but its pretty good so far, thanks
Logfile of HijackThis v1.99.1 Scan saved at 3:35:38 PM, on 4/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [d4pw2r7k] C:\Program Files\d4pw2r7k\d4pw2r7k.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1114636417609 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
04-28-2005, 02:36 PM
|
#9 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
btw
by the way the link you posted for findit is broken.
|
|
|
|
|
04-28-2005, 02:45 PM
|
#10 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
sorry about that your loooking much better . I have to look into that MSAS how much of the nail infection it takes out or if this was a fluke. But your looking better
here's a good link Download FindIt's.zip to your desktop: http://forums.net-integration.net/in...post&id=142443 1. Unzip/extract the files inside to a folder on your desktop. 2. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It will take awhile so please be patient ... 3. Then post the results here please, |
|
|
|
|
04-28-2005, 09:36 PM
|
#11 |
|
Member (3 bit)
Join Date: Apr 2005
Posts: 6
|
findit log
here goes
Microsoft Windows XP [Version 5.1.2600] The current date is: Thu 04/28/2005 PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first * UPX! C:\WINDOWS\System32\SKYTOWN.EXE * UPX! C:\WINDOWS\TSC.EXE »»»»» lagitamate file's can/will show in this section. * UPX! C:\WINDOWS\System32\DEVIL.DLL * UPX! C:\WINDOWS\System32\ILU.DLL * UPX! C:\WINDOWS\System32\ILUT.DLL * UPX! C:\WINDOWS\RMAGEN~1.DLL * UPX! C:\WINDOWS\VSAPI32.DLL »»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Checking Windir\svcproc.exe and nail.exe. »»»»» Checking for System32\DrPMon.dll. »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. Volume in drive C is HP_PAVILION Volume Serial Number is 9C2E-53B2 Directory of C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. Volume in drive C is HP_PAVILION Volume Serial Number is 9C2E-53B2 Directory of C:\WINDOWS\system32 04/26/2005 12:06 PM 2,238 Casino-on-Net.ico 04/26/2005 12:06 PM 3,774 Free Cell Phone.ico 04/26/2005 12:06 PM 7,358 Free LapTop Computer.ico 04/26/2005 12:06 PM 3,774 Free Ringtones!.ico 04/26/2005 12:06 PM 7,358 Free Sony Playstation.ico 04/26/2005 12:06 PM 7,358 Free U2 iPod.ico 04/26/2005 12:06 PM 3,774 NBA Giveaway.ico 7 File(s) 35,634 bytes 0 Dir(s) 181,619,302,400 bytes free »»»»»»»»»»»»»»»»»»»»»»»». ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\BolgerDll.BolgerDllObj ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.amo ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.iiittt ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.momo ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.ohb ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410} |
|
|
|
|
04-28-2005, 09:46 PM
|
#12 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
This little lot look highly suspicious, let's see what Lobos has to say when he logs in.
04/26/2005 12:06 PM 2,238 Casino-on-Net.ico 04/26/2005 12:06 PM 3,774 Free Cell Phone.ico 04/26/2005 12:06 PM 7,358 Free LapTop Computer.ico 04/26/2005 12:06 PM 3,774 Free Ringtones!.ico 04/26/2005 12:06 PM 7,358 Free Sony Playstation.ico 04/26/2005 12:06 PM 7,358 Free U2 iPod.ico 04/26/2005 12:06 PM 3,774 NBA Giveaway.ico |
|
|
|
|
04-28-2005, 10:32 PM
|
#13 | |
|
Moderator
Staff
Premium Member
Join Date: May 2004
Location: Baltimore, MD
Posts: 2,918
 |
Those are just icons -- they won't do anything bad, although they are left over from spyware and can be deleted.
There's some other junk in the HijackThis log -- this can be removed: Quote:
__________________
Computer: Intel Core i5-750 2.66 GHz quad-core processor @ 3.71 GHz | Asus P7P55D-E motherboard | Crucial 4 GB DDR3-1333 RAM | nVidia GeForce 8600GT | 2x WD Caviar Black WD1501FASS 1.5TB hard drives in RAID 1 | Antec Sonata III case with Antec EarthWatts 500-watt PSU | Dual Dell UltraSharp 2408WFP 24" widescreens | Windows 7 Ultimate 64-bit Other: 2005 Subaru Legacy 2.5GT sedan 5MT | Samsung Epic 4G Smartphone | Mamiya M645 1000S medium-format SLR with 55mm f/2.8, 70mm f/2.8, 210mm f/4, teleconverter, 120 and 220 film backs | Olympus E-PL1 Micro-4/3s DSLR with 14-42mm and 40-150mm lenses |
|
|
|
|
|
04-28-2005, 10:33 PM
|
#14 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,776
|
http://www.mypctuneup.com/uninstaller_exe.php
This removes Nail - worked great for me the other day. It's the only thing that would stop the F2 entry from coming back. |
|
|
|
|
04-28-2005, 11:57 PM
|
#15 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
Nail is taken care of Just some clean up
Download-locations that I know of: http://www.downloads.subratam.org/KillBox.zip http://www.atribune.org/downloads/KillBox.exe Copy a list of paths & filenames to the clipboard. In the Killbox, Go to the toolbar to File> Paste from clipboard. Press the button. The entire list will be processed. That should make things a lot simpler. No more one at a time. They do have to use the function as described, though. A right click and paste will only get one file processed. Canned: Quote: Run Killbox. Select "Delete on Reboot". Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C: Code:
C:\WINDOWS\system32Casino-on-Net.ico C:\WINDOWS\system32Free Cell Phone.ico C:\WINDOWS\system32Free LapTop Computer.ico C:\WINDOWS\system32Free Ringtones!.ico C:\WINDOWS\system32Free Sony Playstation.ico C:\WINDOWS\system32Free U2 iPod.ico C:\WINDOWS\system32NBA Giveaway.ico C:\WINDOWS\System32\DEVIL.DLL C:\WINDOWS\System32\ILU.DLL C:\WINDOWS\System32\ILUT.DLL C:\WINDOWS\System32\SKYTOWN.EXE Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. next Go to Add/Remove programs and remove(uninstall) the following, if present: E2 Give The above could appear anywhere within the entry. Be careful not to remove any personal or system software. =============== Run HiJackThis and click "Scan", then check(tick) the following, if present: O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O4 - HKLM\..\Run: [d4pw2r7k] C:\Program Files\d4pw2r7k\d4pw2r7k.exe Now, with all windows closed except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders... C:\Program Files\E2G C:\Program Files\d4pw2r7k - Please run Notepad and paste the following text into a new file: Code:
REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}]
[-HKEY_CLASSES_ROOT\trfdsk.amo]
[-HKEY_CLASSES_ROOT\trfdsk.iiittt]
[-HKEY_CLASSES_ROOT\trfdsk.momo]
[-HKEY_CLASSES_ROOT\trfdsk.ohb]
[-HKEY_CURRENT_USER\Software\Bolger]
[-HKEY_CLASSES_ROOT\BolgerDll.BolgerDllObj]
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. Restart your computer and please post a new HijackThis log. Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode". =============== Post back a new log, and let me know how everything goes. - Lobos. Last edited by Lobos; 04-29-2005 at 12:00 AM. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
