 Pretty sure I am infected with something |
Forum Rules
Greetings,
Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum
Failure to follow these instructions will only result in delays of the cleaning and removal process.
If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.
Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.
Thank You
 Dec 13 2005, 02:24 PM
Post
#1
|
|
|
Active Member  Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179  |
Ok I went to bed one night and everything was fine, went to work in the AM, came home and went to use my computer and everything was running a lot slower then normal. I am getting pop ups for this program called winfixer and it even tried to install itself many times even when I "X" out of it. Windows stops it from dowloading thank god. I dont know how my computer got infected because I am the only one with access and its password protected. I do have a wireless setup, thats the only thing I can think of.??
I ran the newest version of adaware Se and it removed a few items and some tracking cookies, then I ran Spybot search and destroy and it removed another few cookies. I just used the newest version of hijack this and it will be posted below. The other thing i noticed is that when I type a word or phrase in the search bar at the top of the IE page, it no longer searches and just brings me to a page with a syntex error. ahh also when I came home from work that day my IE had a toolbar installed underneath the search bar...WTF? I didnt do that. When i ran the adaware it also said something tried to jack my home page. So any help would definatly be appreciated. Oh and I used to be a member here but have long forgotton my log in and password. I havent had problems with this PC in over a year... figures... Logfile of HijackThis v1.99.1 Scan saved at 9:08:34 AM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wmdmps.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\program files\support.com\client\bin\tgcmd.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AIM\aim.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\DOCUME~1\Brian\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [197_150_ni_1] C:\WINDOWS\system32\197_150_ni_1.exe O4 - HKCU\..\Run: [198_150_ni_4] "C:\Documents and Settings\Brian\198_150_ni_4.exe" O4 - HKCU\..\Run: [imjp81k] "C:\WINDOWS\system32\imjp81k.exe" O4 - HKCU\..\Run: [inloader] "C:\WINDOWS\system32\inloader.exe" O4 - Startup: taskmgr.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing) O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.139.139/activex/AxisCamControl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing) O23 - Service: wmdmps - Unknown owner - C:\WINDOWS\system32\wmdmps.exe |
 |
|
 |
Replies
(1 - 10)
|
Dec 13 2005, 02:59 PM
Post
#2
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
also I have heard of people praising mozilla/firefox a lot. Do you think a switch to that browser would cut down on the possibility of this crap?
|
|
|
|
|
Dec 14 2005, 06:31 PM
Post
#3
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
wow its trying to intall winfixer as I type this...
|
|
|
|
|
Dec 14 2005, 08:13 PM
Post
#4
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Hi monster rain,
You wer ealmost passed by. We look for unanswered posts. By answering your own, it appeared as though you were getting help. Mozilla is good. It is not targetted as often by malware, But it is not perfect. You will still have issues. But Internet Explorer is by far the most problematic. Go into Control Panel >Add Remove Programs. Look for the entry for Surf Accuracy and uninstall that. ----------- You are running hijackthis from the zip. That will cause you to lose any backups it will make. So before we go any farther let's get it into its own folder in your program Files. To do that, click this link and choose open from the dialog. http://downloads.subratam.org/Move_hijackthis.zip When the zip opens, you'll see a file named Move hijackthis.vbs in the folder. Double click on Move hijackthis.vbs to run it. If you get a warning about a malicious script please ignore that and allow this to run. I wrote it and it is not harmful. When the script has finished running, it will start Hijackthis from its new location: C:\Program Files\Hijackthis\hijackthis.exe Next time you want to run Hijackthis, either go to C:\Program Files\Hijackthis or use Start >Run and type hijackthis and press enter. Run Hijackthis. Press the Config Button. Press the Misc Tools Button. Press the Open Uninstall Manager Button. Click the Save list Button. Save the file to your desktop. Copy and paste the contents into your next reply here, please. Also post a new hijackthis log. |
|
|
|
|
Dec 18 2005, 12:52 AM
Post
#5
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
it wont let me save it to my pc, it keeps just running from the zip file
i dont even get an option to save i cant figure out why |
|
|
|
|
Dec 18 2005, 12:59 AM
Post
#6
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Let's try this again. Please follow this step by step. Please follow these directions.
Create a new folder. Find hijackthis.zip Double click on hijackthis.zipThis will open and you will see hijackthis.exe inside. Right click on hijackthis.exe and a menu will appear. Click copy on that menu. Now oen the new folder you created and right click on an empty space in the body of that new folder. Another menu will appear. Click Paste on that menu. Now ytou will have an extracted hijackthis.exe inside that new folder. Run that copy from now on. |
|
|
|
|
Dec 18 2005, 01:06 AM
Post
#7
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
im all over it, i think i got it right.
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wmdmps.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\program files\support.com\client\bin\tgcmd.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Brian\My Documents\My Received Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [197_150_ni_1] C:\WINDOWS\system32\197_150_ni_1.exe O4 - HKCU\..\Run: [198_150_ni_4] "C:\Documents and Settings\Brian\198_150_ni_4.exe" O4 - HKCU\..\Run: [imjp81k] "C:\WINDOWS\system32\imjp81k.exe" O4 - HKCU\..\Run: [inloader] "C:\WINDOWS\system32\inloader.exe" O4 - HKCU\..\Run: [wmerrenu] "C:\WINDOWS\system32\wmerrenu.exe" O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing) O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.139.139/activex/AxisCamControl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing) O23 - Service: wmdmps - Unknown owner - C:\WINDOWS\system32\wmdmps.exe |
|
|
|
|
Dec 18 2005, 01:39 AM
Post
#8
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Click the link to download a tool to remove Ist Service:
http://securityresponse.symantec.com/avcenter/FxIstbar.exe Save FxIstbar.exe on the desktop. You'll use it later. ---------------- Run hijackthis. Select the following items and press the fix checked button. R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe O4 - HKCU\..\Run: [197_150_ni_1] C:\WINDOWS\system32\197_150_ni_1.exe O4 - HKCU\..\Run: [198_150_ni_4] "C:\Documents and Settings\Brian\198_150_ni_4.exe" O4 - HKCU\..\Run: [imjp81k] "C:\WINDOWS\system32\imjp81k.exe" O4 - HKCU\..\Run: [inloader] "C:\WINDOWS\system32\inloader.exe" O4 - HKCU\..\Run: [wmerrenu] "C:\WINDOWS\system32\wmerrenu.exe" O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB ------------- Close all Internet Explorer Windows. CLose all programs you are using and save your work if youare in the middle of something. Double click on FxIstbar.exe and let it run. Restart the computer. Go for free online Virus scans here: http://housecall.trendmicro.com/housecall/start_corp.asp http://www.pandasoftware.com/activescan/ Allow them to clean Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here. ---------------- Run hijackthis and post the new log. Download Autoruns from this page: http://www.sysinternals.com/Utilities/Autoruns.html Unzip to a folder and the double click on autoruns.exe Wait until the program has finished running (the status line will show 'Ready') Under the 'Options' menu, make sure that 'Include Empty Sections' is checked. Wait again until ready. Be sure the 'Everything' tab is selected. Select 'File -> Save' and save the output file. Copy the contents of the Autoruns text file and post its contents in your next reply here. You may need to post more than one reply to fit all the logs into your respose. |
|
|
|
|
Dec 18 2005, 03:18 AM
Post
#9
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
so far i completed the hijack this step as well as the fist.exe thing.
it came up clean the microsytems scan locks up my computer im doing the pandasoftware one right now, ill post the results tomm, i need to hot the hay for tonight |
|
|
|
|
Dec 18 2005, 08:34 AM
Post
#10
|
|
|
Active Member Group: Active Members Posts: 18 Joined: 13-December 05 Member No.: 17179 |
with the panda virus thing am i supposed to do the free 30 day trial i assume?
|
|
|
|
|
Dec 18 2005, 02:18 PM
Post
#11
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
No. Just scan your computer.
|
|
|
|
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 11:42 PM |
