Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #16  
Old May 27th, 2004, 12:35 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
hahaha that is nice to no umm oki sure ill post up a new log.
Reply With Quote
  #17  
Old May 27th, 2004, 12:37 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
here it is : Logfile of HijackThis v1.97.7
Scan saved at 7:35:19 PM, on 26/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pcpk.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {40B23B41-FA8C-4F62-B7E1-64EB1A6ED9A7} - C:\WINDOWS\System32\pcpk.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...905.7433912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab









***** it seems to me that the ones with the R1 in the front always pop bakk up and they are the bad for the comp is there a possiblity to make sure it stays away lol... i think a comp is more complicated then life sometimes lol im jking life is complicated try fixing and juggling on studying exams that is wat im doin ******
Reply With Quote
  #18  
Old May 27th, 2004, 12:42 AM
Mobo's Avatar
Mobo Mobo is offline
Seargent Spyware
 
Join Date: Sep 2003
Posts: 1,434
Do this and we'll get it:

Download CW Shredder:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Unzip, run and hit the ->fix tab to fix all found problems

CW Shredder takes advantage of security holes in windows so you should install all critical as well as hot fixes available from windows update.


Then repost a fresh Hijack this log .

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ and save it to a folder on your desktop.
Unzip, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Reply With Quote
  #19  
Old May 27th, 2004, 12:50 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 22
Posts: 11,532
Aww I felt sorry for you and came back....but Mobo is on the case now...your in good hands!
Reply With Quote
  #20  
Old May 27th, 2004, 01:07 AM
Melodi's Avatar
Melodi Melodi is offline
Senior Member
 
Join Date: May 2004
O/S: Windows XP Pro
Location: San Diego, CA
Posts: 868
Well thank you very much Dammitt. I don't think there was anything wrong with my help either. I'm just not that fast or proficient YET. I asked Mobo to help because no one else was.
Reply With Quote
  #21  
Old May 27th, 2004, 01:14 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 22
Posts: 11,532
Awwww Melodi...didn't mean to insult your efforts....Mobo is good...thats all I meant....
Reply With Quote
  #22  
Old May 27th, 2004, 01:29 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
aww lol dont worri i no everyone in these forum are nice ppl :


i have cwshredder already, but ill redo everything and post up a new log..
Reply With Quote
  #23  
Old May 27th, 2004, 01:30 AM
Mobo's Avatar
Mobo Mobo is offline
Seargent Spyware
 
Join Date: Sep 2003
Posts: 1,434
Quote:
Originally Posted by tmac_no1
aww lol dont worri i no everyone in these forum are nice ppl :


i have cwshredder already, but ill redo everything and post up a new log..

Post when ready..
Reply With Quote
  #24  
Old May 27th, 2004, 01:30 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
for your ppl info i have ad-ware, norton and pop stopper any other prgrams i may have to download
Reply With Quote
  #25  
Old May 27th, 2004, 02:18 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
srri for the wait here it is : Logfile of HijackThis v1.97.7
Scan saved at 9:16:15 PM, on 26/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Documents and Settings\Owner\Desktop\sp1aexpress_usa.exe
c:\aac96fd7d4c3e6324dcb9cad101631f3\update\update. exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...905.7433912037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
Reply With Quote
  #26  
Old May 27th, 2004, 02:21 AM
Mobo's Avatar
Mobo Mobo is offline
Seargent Spyware
 
Join Date: Sep 2003
Posts: 1,434
That seems to have done it..

I would deffinitely have spyware blaster installed on the system. It protects from its updated database to prevent some malware from getting onboard in the first place.. www.javacoolsoftware.com/spywareblaster.html
Reply With Quote
  #27  
Old May 27th, 2004, 02:32 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
umm oki ill check it out
Reply With Quote
  #28  
Old May 27th, 2004, 03:22 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
k im still tryin to download limewire but it aint working its the same thingy
Reply With Quote
  #29  
Old May 27th, 2004, 03:23 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
this was the orginal problem i had and its still there :



i decided to ditch kazaa and use limewire since my friend recommended it. I am tryint ot install it but i cant cause there comes a notive stating:
an error has occured while downloadin a file :

http://installengine.com/cert20/isengine/isscript.msi

I try to retry but it still wouldnt work
Reply With Quote
  #30  
Old May 27th, 2004, 03:24 AM
tmac_no1's Avatar
tmac_no1 tmac_no1 is offline
Member
 
Join Date: May 2004
Posts: 57
btw if you have any downloadin program to recommend plz do so cause im lookin for one . .
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
No answers? Grabster Windows 7 2 April 19th, 2013 03:13 AM
Top 5 Smartest Answers itschahat Jokes Forum 2 June 5th, 2007 01:32 PM
Coflicting answers... Mambonuts Hardware 8 October 22nd, 2006 12:20 AM
In need of answers? bAdWaYz Open Discussion 3 July 22nd, 2005 02:19 PM


All times are GMT +1. The time now is 03:51 PM.