|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
blank/search start page on IE
Hi below is my log file also I have Ran Adaware SE and Norton in safe mode.
Logfile of HijackThis v1.99.0 Scan saved at 6:35:06 PM, on 8/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BT Yahoo!\Help\bin\mpbtn.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MM_TDM~1.EXE C:\WINDOWS\netyx.exe C:\HJT\HijackThis.exe O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0. dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - HKLM\..\Run: [crrq32.exe] C:\WINDOWS\system32\crrq32.exe O4 - HKLM\..\Run: [netyx.exe] C:\WINDOWS\netyx.exe O4 - HKLM\..\RunOnce: [netzu.exe] C:\WINDOWS\system32\netzu.exe O4 - HKLM\..\RunOnce: [adddd.exe] C:\WINDOWS\system32\adddd.exe O4 - HKLM\..\RunOnce: [apigp32.exe] C:\WINDOWS\system32\apigp32.exe O4 - HKLM\..\RunOnce: [d3xn.exe] C:\WINDOWS\d3xn.exe O4 - HKLM\..\RunOnce: [winzf.exe] C:\WINDOWS\system32\winzf.exe O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\system32\sysll32.exe O4 - HKLM\..\RunOnce: [sdkmu.exe] C:\WINDOWS\sdkmu.exe O4 - HKLM\..\RunOnce: [msiy32.exe] C:\WINDOWS\msiy32.exe O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\apien.exe O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\system32\appst32.exe O4 - HKLM\..\RunOnce: [d3ra.exe] C:\WINDOWS\system32\d3ra.exe O4 - HKLM\..\RunOnce: [netwv32.exe] C:\WINDOWS\system32\netwv32.exe O4 - HKLM\..\RunOnce: [craf32.exe] C:\WINDOWS\craf32.exe O4 - HKLM\..\RunOnce: [apico.exe] C:\WINDOWS\system32\apico.exe O4 - HKLM\..\RunOnce: [atlxp32.exe] C:\WINDOWS\system32\atlxp32.exe O4 - HKLM\..\RunOnce: [d3km32.exe] C:\WINDOWS\d3km32.exe O4 - HKLM\..\RunOnce: [ipyg.exe] C:\WINDOWS\ipyg.exe O4 - HKLM\..\RunOnce: [msro.exe] C:\WINDOWS\system32\msro.exe O4 - HKLM\..\RunOnce: [sdkoq32.exe] C:\WINDOWS\system32\sdkoq32.exe O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe O4 - HKLM\..\RunOnce: [apils.exe] C:\WINDOWS\system32\apils.exe O4 - HKLM\..\RunOnce: [javavq32.exe] C:\WINDOWS\javavq32.exe O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\ipko.exe O4 - HKLM\..\RunOnce: [appng32.exe] C:\WINDOWS\system32\appng32.exe O4 - HKLM\..\RunOnce: [ipfv32.exe] C:\WINDOWS\ipfv32.exe O4 - HKLM\..\RunOnce: [ieot.exe] C:\WINDOWS\system32\ieot.exe O4 - HKLM\..\RunOnce: [sdkbv32.exe] C:\WINDOWS\sdkbv32.exe O4 - HKLM\..\RunOnce: [addyg32.exe] C:\WINDOWS\system32\addyg32.exe O4 - HKLM\..\RunOnce: [crdi.exe] C:\WINDOWS\system32\crdi.exe O4 - HKLM\..\RunOnce: [apium.exe] C:\WINDOWS\system32\apium.exe O4 - HKLM\..\RunOnce: [sysho32.exe] C:\WINDOWS\sysho32.exe O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe O4 - HKLM\..\RunOnce: [adduj.exe] C:\WINDOWS\system32\adduj.exe O4 - HKLM\..\RunOnce: [d3id32.exe] C:\WINDOWS\d3id32.exe O4 - HKLM\..\RunOnce: [crtl32.exe] C:\WINDOWS\system32\crtl32.exe O4 - HKLM\..\RunOnce: [apiyn32.exe] C:\WINDOWS\apiyn32.exe O4 - HKLM\..\RunOnce: [apily.exe] C:\WINDOWS\apily.exe O4 - HKLM\..\RunOnce: [mfcat32.exe] C:\WINDOWS\system32\mfcat32.exe O4 - HKLM\..\RunOnce: [ipnv32.exe] C:\WINDOWS\system32\ipnv32.exe O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\system32\atltf32.exe O4 - HKLM\..\RunOnce: [sysxp.exe] C:\WINDOWS\sysxp.exe O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe O4 - HKLM\..\RunOnce: [netkd.exe] C:\WINDOWS\system32\netkd.exe O4 - HKLM\..\RunOnce: [d3nb32.exe] C:\WINDOWS\system32\d3nb32.exe O4 - HKLM\..\RunOnce: [netsd.exe] C:\WINDOWS\system32\netsd.exe O4 - HKLM\..\RunOnce: [addvw.exe] C:\WINDOWS\addvw.exe O4 - HKLM\..\RunOnce: [crik.exe] C:\WINDOWS\system32\crik.exe O4 - HKLM\..\RunOnce: [apinn.exe] C:\WINDOWS\system32\apinn.exe O4 - HKLM\..\RunOnce: [mshy.exe] C:\WINDOWS\mshy.exe O4 - HKLM\..\RunOnce: [ipms32.exe] C:\WINDOWS\ipms32.exe O4 - HKLM\..\RunOnce: [javanm.exe] C:\WINDOWS\javanm.exe O4 - HKLM\..\RunOnce: [mfcsg32.exe] C:\WINDOWS\mfcsg32.exe O4 - HKLM\..\RunOnce: [d3bt32.exe] C:\WINDOWS\d3bt32.exe O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINDOWS\ipgn.exe O4 - HKLM\..\RunOnce: [appik32.exe] C:\WINDOWS\appik32.exe O4 - HKLM\..\RunOnce: [d3jt.exe] C:\WINDOWS\system32\d3jt.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - http://www.thomsononeanalytics.com/p...tchPrintNT.cab O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Thank you |
#2
|
|||
|
|||
Hi,
ControlAltDel End the process : netyx.exe Close all browser windows, run only HijackThis and tick : O2 - BHO: Class - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0. dll (file missing) O4 - HKLM\..\Run: [crrq32.exe] C:\WINDOWS\system32\crrq32.exe O4 - HKLM\..\Run: [netyx.exe] C:\WINDOWS\netyx.exe O4 - HKLM\..\RunOnce: [netzu.exe] C:\WINDOWS\system32\netzu.exe O4 - HKLM\..\RunOnce: [adddd.exe] C:\WINDOWS\system32\adddd.exe O4 - HKLM\..\RunOnce: [apigp32.exe] C:\WINDOWS\system32\apigp32.exe O4 - HKLM\..\RunOnce: [d3xn.exe] C:\WINDOWS\d3xn.exe O4 - HKLM\..\RunOnce: [winzf.exe] C:\WINDOWS\system32\winzf.exe O4 - HKLM\..\RunOnce: [sysll32.exe] C:\WINDOWS\system32\sysll32.exe O4 - HKLM\..\RunOnce: [sdkmu.exe] C:\WINDOWS\sdkmu.exe O4 - HKLM\..\RunOnce: [msiy32.exe] C:\WINDOWS\msiy32.exe O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\apien.exe O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\system32\appst32.exe O4 - HKLM\..\RunOnce: [d3ra.exe] C:\WINDOWS\system32\d3ra.exe O4 - HKLM\..\RunOnce: [netwv32.exe] C:\WINDOWS\system32\netwv32.exe O4 - HKLM\..\RunOnce: [craf32.exe] C:\WINDOWS\craf32.exe O4 - HKLM\..\RunOnce: [apico.exe] C:\WINDOWS\system32\apico.exe O4 - HKLM\..\RunOnce: [atlxp32.exe] C:\WINDOWS\system32\atlxp32.exe O4 - HKLM\..\RunOnce: [d3km32.exe] C:\WINDOWS\d3km32.exe O4 - HKLM\..\RunOnce: [ipyg.exe] C:\WINDOWS\ipyg.exe O4 - HKLM\..\RunOnce: [msro.exe] C:\WINDOWS\system32\msro.exe O4 - HKLM\..\RunOnce: [sdkoq32.exe] C:\WINDOWS\system32\sdkoq32.exe O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe O4 - HKLM\..\RunOnce: [apils.exe] C:\WINDOWS\system32\apils.exe O4 - HKLM\..\RunOnce: [javavq32.exe] C:\WINDOWS\javavq32.exe O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\ipko.exe O4 - HKLM\..\RunOnce: [appng32.exe] C:\WINDOWS\system32\appng32.exe O4 - HKLM\..\RunOnce: [ipfv32.exe] C:\WINDOWS\ipfv32.exe O4 - HKLM\..\RunOnce: [ieot.exe] C:\WINDOWS\system32\ieot.exe O4 - HKLM\..\RunOnce: [sdkbv32.exe] C:\WINDOWS\sdkbv32.exe O4 - HKLM\..\RunOnce: [addyg32.exe] C:\WINDOWS\system32\addyg32.exe O4 - HKLM\..\RunOnce: [crdi.exe] C:\WINDOWS\system32\crdi.exe O4 - HKLM\..\RunOnce: [apium.exe] C:\WINDOWS\system32\apium.exe O4 - HKLM\..\RunOnce: [sysho32.exe] C:\WINDOWS\sysho32.exe O4 - HKLM\..\RunOnce: [atlxw32.exe] C:\WINDOWS\atlxw32.exe O4 - HKLM\..\RunOnce: [adduj.exe] C:\WINDOWS\system32\adduj.exe O4 - HKLM\..\RunOnce: [d3id32.exe] C:\WINDOWS\d3id32.exe O4 - HKLM\..\RunOnce: [crtl32.exe] C:\WINDOWS\system32\crtl32.exe O4 - HKLM\..\RunOnce: [apiyn32.exe] C:\WINDOWS\apiyn32.exe O4 - HKLM\..\RunOnce: [apily.exe] C:\WINDOWS\apily.exe O4 - HKLM\..\RunOnce: [mfcat32.exe] C:\WINDOWS\system32\mfcat32.exe O4 - HKLM\..\RunOnce: [ipnv32.exe] C:\WINDOWS\system32\ipnv32.exe O4 - HKLM\..\RunOnce: [atltf32.exe] C:\WINDOWS\system32\atltf32.exe O4 - HKLM\..\RunOnce: [sysxp.exe] C:\WINDOWS\sysxp.exe O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe O4 - HKLM\..\RunOnce: [netkd.exe] C:\WINDOWS\system32\netkd.exe O4 - HKLM\..\RunOnce: [d3nb32.exe] C:\WINDOWS\system32\d3nb32.exe O4 - HKLM\..\RunOnce: [netsd.exe] C:\WINDOWS\system32\netsd.exe O4 - HKLM\..\RunOnce: [addvw.exe] C:\WINDOWS\addvw.exe O4 - HKLM\..\RunOnce: [crik.exe] C:\WINDOWS\system32\crik.exe O4 - HKLM\..\RunOnce: [apinn.exe] C:\WINDOWS\system32\apinn.exe O4 - HKLM\..\RunOnce: [mshy.exe] C:\WINDOWS\mshy.exe O4 - HKLM\..\RunOnce: [ipms32.exe] C:\WINDOWS\ipms32.exe O4 - HKLM\..\RunOnce: [javanm.exe] C:\WINDOWS\javanm.exe O4 - HKLM\..\RunOnce: [mfcsg32.exe] C:\WINDOWS\mfcsg32.exe O4 - HKLM\..\RunOnce: [d3bt32.exe] C:\WINDOWS\d3bt32.exe O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINDOWS\ipgn.exe O4 - HKLM\..\RunOnce: [appik32.exe] C:\WINDOWS\appik32.exe O4 - HKLM\..\RunOnce: [d3jt.exe] C:\WINDOWS\system32\d3jt.exe Click "Fix checked". Download Pocket Killbox from HERE. Unzip it and run it. Tick "Delete on reboot". In "Paste full path of file..", copy/paste : C:\WINDOWS\netyx.exe Click "Delete file" (the white cross). Let the computer reboot and post a new log, please. |
#3
|
|||
|
|||
Hi Thanks for your help I followed your instructions howeverthe netyx.exe process was not running and the following files where not showing in HJT so I could not fix them.
O4 - HKLM\..\Run: [crrq32.exe] C:\WINDOWS\system32\crrq32.exe O4 - HKLM\..\Run: [netyx.exe] C:\WINDOWS\netyx.exe O4 - HKLM\..\RunOnce: [syset.exe] C:\WINDOWS\syset.exe O4 - HKLM\..\RunOnce: [apien.exe] C:\WINDOWS\apien.exe O4 - HKLM\..\RunOnce: [ienr32.exe] C:\WINDOWS\system32\ienr32.exe O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\system32\appst32.exe I ran P Killbox and rebooted and IE came back on boot with the blank/search page also I am getting pop ups now . New log below ![]() Logfile of HijackThis v1.99.0 Scan saved at 12:46:19 AM, on 8/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\winrk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BT Yahoo!\Help\bin\mpbtn.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R3 - Default URLSearchHook is missing O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - HKLM\..\Run: [crrq32.exe] C:\WINDOWS\system32\crrq32.exe O4 - HKLM\..\Run: [netyx.exe] C:\WINDOWS\netyx.exe O4 - HKLM\..\Run: [msao32.exe] C:\WINDOWS\system32\msao32.exe O4 - HKLM\..\Run: [winrk.exe] C:\WINDOWS\system32\winrk.exe O4 - HKLM\..\RunOnce: [ieib.exe] C:\WINDOWS\ieib.exe O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\iphj32.exe O4 - HKLM\..\RunOnce: [winel.exe] C:\WINDOWS\winel.exe O4 - HKLM\..\RunOnce: [iemx32.exe] C:\WINDOWS\iemx32.exe O4 - HKLM\..\RunOnce: [sdkpq.exe] C:\WINDOWS\system32\sdkpq.exe O4 - HKLM\..\RunOnce: [javanc32.exe] C:\WINDOWS\javanc32.exe O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\system32\netep32.exe O4 - HKLM\..\RunOnce: [addjm32.exe] C:\WINDOWS\addjm32.exe O4 - HKLM\..\RunOnce: [sdkkz.exe] C:\WINDOWS\system32\sdkkz.exe O4 - HKLM\..\RunOnce: [netoj32.exe] C:\WINDOWS\system32\netoj32.exe O4 - HKLM\..\RunOnce: [appbu.exe] C:\WINDOWS\system32\appbu.exe O4 - HKLM\..\RunOnce: [mfclc.exe] C:\WINDOWS\system32\mfclc.exe O4 - HKLM\..\RunOnce: [netzu.exe] C:\WINDOWS\system32\netzu.exe O4 - HKLM\..\RunOnce: [atlrl32.exe] C:\WINDOWS\system32\atlrl32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - http://www.thomsononeanalytics.com/p...tchPrintNT.cab O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netzu.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE |
#4
|
|||
|
|||
Sorry forgot to metion I am getting a box with a message saying
WINDOWS SECURITY CENTRE WARNING: Windows firewall detected suspicious network activity on your computer etc. |
#5
|
|||
|
|||
Hi,
Yes, in the first log, we didn't see the service which generates all that. But now, yes. ----------- 1- Start -> run -> type: services.msc Double click : Network Security Service Stop and disable it. 2- Download cwsserviceremove. Only unzip it. 3- Download About:Buster. Unzip it and run it. Check for updates and download them. But don't click "Start" yet. 4- ControlAltDel End the process : winrk.exe Reboot in safe mode. 1- Run only HijackThis and tick : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zxelk.dll/sp.html#44768 R3 - Default URLSearchHook is missing O2 - BHO: Class - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll O4 - HKLM\..\Run: [crrq32.exe] C:\WINDOWS\system32\crrq32.exe O4 - HKLM\..\Run: [netyx.exe] C:\WINDOWS\netyx.exe O4 - HKLM\..\Run: [msao32.exe] C:\WINDOWS\system32\msao32.exe O4 - HKLM\..\Run: [winrk.exe] C:\WINDOWS\system32\winrk.exe O4 - HKLM\..\RunOnce: [ieib.exe] C:\WINDOWS\ieib.exe O4 - HKLM\..\RunOnce: [iphj32.exe] C:\WINDOWS\iphj32.exe O4 - HKLM\..\RunOnce: [winel.exe] C:\WINDOWS\winel.exe O4 - HKLM\..\RunOnce: [iemx32.exe] C:\WINDOWS\iemx32.exe O4 - HKLM\..\RunOnce: [sdkpq.exe] C:\WINDOWS\system32\sdkpq.exe O4 - HKLM\..\RunOnce: [javanc32.exe] C:\WINDOWS\javanc32.exe O4 - HKLM\..\RunOnce: [netep32.exe] C:\WINDOWS\system32\netep32.exe O4 - HKLM\..\RunOnce: [addjm32.exe] C:\WINDOWS\addjm32.exe O4 - HKLM\..\RunOnce: [sdkkz.exe] C:\WINDOWS\system32\sdkkz.exe O4 - HKLM\..\RunOnce: [netoj32.exe] C:\WINDOWS\system32\netoj32.exe O4 - HKLM\..\RunOnce: [appbu.exe] C:\WINDOWS\system32\appbu.exe O4 - HKLM\..\RunOnce: [mfclc.exe] C:\WINDOWS\system32\mfclc.exe O4 - HKLM\..\RunOnce: [netzu.exe] C:\WINDOWS\system32\netzu.exe O4 - HKLM\..\RunOnce: [atlrl32.exe] C:\WINDOWS\system32\atlrl32.exe O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netzu.exe Click "Fix checked". Make sure that you can see the hidden files and delete : C:\WINDOWS\system32\netzu.exe C:\WINDOWS\system32\winrk.exe and all these I highlighted in bold. Empty the recycle bin. 2- Run TWICE About:Buster. ("Start", now) 3- Open the unzipped cwsserviceremove folder, double click the reg file and merge it with the registry. Reboot in normal mode and post a new log, please. |
#6
|
|||
|
|||
Hi new log below
Logfile of HijackThis v1.99.0 Scan saved at 12:43:16 PM, on 8/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\ipvm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BT Yahoo!\Help\bin\mpbtn.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R3 - Default URLSearchHook is missing O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll O2 - BHO: Class - {F9611D23-F7B8-A44B-E962-46EE65E5DBA4} - C:\WINDOWS\sysom32.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - HKLM\..\Run: [winfz32.exe] C:\WINDOWS\system32\winfz32.exe O4 - HKLM\..\Run: [ipvm.exe] C:\WINDOWS\ipvm.exe O4 - HKLM\..\RunOnce: [apixv.exe] C:\WINDOWS\system32\apixv.exe O4 - HKLM\..\RunOnce: [atlxa.exe] C:\WINDOWS\system32\atlxa.exe O4 - HKLM\..\RunOnce: [mfchr32.exe] C:\WINDOWS\mfchr32.exe O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe O4 - HKLM\..\RunOnce: [nettx32.exe] C:\WINDOWS\system32\nettx32.exe O4 - HKLM\..\RunOnce: [netye.exe] C:\WINDOWS\netye.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - http://www.thomsononeanalytics.com/p...tchPrintNT.cab O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netzu.exe (file missing) O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE |
#7
|
|||
|
|||
It created new files.
- Start->run->type : services.msc Verify that the service Network Security Service is really stopped and disabled. - Keep About:Buster ready. - Download Pocket Killbox from HERE. Only unzip it. - ControlAltDel End the process : ipvm.exe Reboot in safe mode. Run HijackThis and tick : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xlgso.dll/sp.html#44768 R3 - Default URLSearchHook is missing O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll O2 - BHO: Class - {F9611D23-F7B8-A44B-E962-46EE65E5DBA4} - C:\WINDOWS\sysom32.dll O4 - HKLM\..\Run: [winfz32.exe] C:\WINDOWS\system32\winfz32.exe O4 - HKLM\..\Run: [ipvm.exe] C:\WINDOWS\ipvm.exe O4 - HKLM\..\RunOnce: [apixv.exe] C:\WINDOWS\system32\apixv.exe O4 - HKLM\..\RunOnce: [atlxa.exe] C:\WINDOWS\system32\atlxa.exe O4 - HKLM\..\RunOnce: [mfchr32.exe] C:\WINDOWS\mfchr32.exe O4 - HKLM\..\RunOnce: [javapr32.exe] C:\WINDOWS\javapr32.exe O4 - HKLM\..\RunOnce: [nettx32.exe] C:\WINDOWS\system32\nettx32.exe O4 - HKLM\..\RunOnce: [netye.exe] C:\WINDOWS\netye.exe O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netzu.exe (file missing) Click "Fix checked". Close HijackThis. - Run it again -> config->misc tools->delete an NT service in the box, type : NSS ->ok - Run again About:Buster TWICE. - Run Killbox and paste the full file path of each of the below files in the box and tick "Delete on Reboot". Next click on the button with the red circle and an X in the middle ("Delete file"). You will get a message saying "File will be deleted on next reboot" Click "Yes" and another : " Files will be removed on reboot. Do you want to reboot now ?" . Click "No" Click "Yes" after the last file and post a new log when you have rebooted. C:\WINDOWS\system32\winfz32.exe C:\WINDOWS\ipvm.exe C:\WINDOWS\system32\apixv.exe C:\WINDOWS\system32\atlxa.exe C:\WINDOWS\mfchr32.exe C:\WINDOWS\javapr32.exe C:\WINDOWS\system32\nettx32.exe C:\WINDOWS\netye.exe C:\WINDOWS\xlgso.dll C:\WINDOWS\ipvm.dll C:\WINDOWS\sysom32.dll Let the computer reboot and post a new log, please. |
#8
|
|||
|
|||
Hi got to the stage below and can't find "delete an NT service"
have found Config > Misc Tools - Run it again -> config->misc tools->delete an NT service in the box, type : NSS ->ok |
#9
|
|||
|
|||
Ha! You need the last version (1.99.1) of HijackThis:
http://www.spywareinfo.com/~merijn/ |
#10
|
|||
|
|||
Hi ok started again
NSS was not started but was at Auto so I disabled it. killed ipvm.exe process ran HJT in safe and fixed all but below files were not there. O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll O2 - BHO: Class - {F9611D23-F7B8-A44B-E962-46EE65E5DBA4} - C:\WINDOWS\sysom32.dll O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netzu.exe (file missing) ran buster twice 1st time it deleted some files 2nd time it found none. ran killbox and did as advised still got prob Log below Logfile of HijackThis v1.99.1 Scan saved at 3:43:54 PM, on 8/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\BT Yahoo!\Help\bin\mpbtn.exe C:\WINDOWS\system32\atljd32.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\HJT\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {76F53757-9FEA-7D69-1396-53BBD24BD3EB} - C:\WINDOWS\system32\javail32.dll O2 - BHO: Class - {A44A72AD-BA94-291C-E676-DC6544A2D511} - C:\WINDOWS\system32\ntdj32.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\Help\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\system32\iesq.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - http://www.thomsononeanalytics.com/p...tchPrintNT.cab O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netzu.exe" /s (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE |
#11
|
|||
|
|||
Ok. It resists.
- Keep About:Buster and CWSServiceRemove ready - Download CWSchredder -Alone- Only update it. - Go here and download CleanUp!, install it but do not run it yet. -------- ControlAltDel End the process : atljd32.exe --------- Reboot in safe mode. - Start->run->services.msc Stop and disable : Network Security Service - Run HijackThis and tick : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gvgtw.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {76F53757-9FEA-7D69-1396-53BBD24BD3EB} - C:\WINDOWS\system32\javail32.dll O2 - BHO: Class - {A44A72AD-BA94-291C-E676-DC6544A2D511} - C:\WINDOWS\system32\ntdj32.dll O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe O4 - HKLM\..\RunOnce: [iesq.exe] C:\WINDOWS\system32\iesq.exe O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netzu.exe" /s (file missing) Click "Fix checked". - Delete the files : C:\WINDOWS\system32\atljd32.exe C:\WINDOWS\system32\iesq.exe Empty the recycle bin. - Double-click on cwsserviceremove.reg you downloaded earlier. When it asks you to merge the information to the registry click "Yes". - Run again About:Buster TWICE. - Run CWShredder (Fix->next). - Open CleanUp! Click on Options and uncheck all preferences except for "Scan Local Drives for Temporary Files". Click OK and click on CleanUp! Let it work. Reboot in normal mode. Launch this online scan. Copy its final report. Now, in this thread : - post a new HijackThis log - copy/paste the BitDefender report, please. |
#12
|
|||
|
|||
Urgent
Hi followed your instructions got to reboot in normal mode then
tried to start IE but it says ieexplore.exe has been moved or changed , nearest match c:\windows\servicepackfiles\i386\iexplore.exe |
#13
|
|||
|
|||
The normal path is : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Is it there ? |
#14
|
|||
|
|||
no the only .exe file in that folder is iedw.exe
|
#15
|
|||
|
|||
Have you deleted it ?
I verified the version : 6.0.2900.2180 Go to : c:\windows\servicepackfiles\i386\ Right click : iexplore.exe and choose "Copy" Now, go to : C:\Program Files\Internet Explorer\ right click in the folder and choose "Paste". |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Please Help with this Trojan - search page About:blank | sunnysthename | Malware Removal | 6 | January 12th, 2005 05:55 PM |
can't get rid of easy-search.biz start page | magnafide | Malware Removal | 5 | November 5th, 2004 07:19 PM |
about:blank start-up page | Rryanc | Malware Removal | 1 | September 2nd, 2004 04:13 PM |
About:Blank is not a blank start up page... some generic search engine | JustMe602 | Malware Removal | 31 | June 3rd, 2004 09:18 AM |
Homepage keeps changing to about:blank search page! help plz | Nordhauser | Malware Removal | 2 | May 18th, 2004 07:15 PM |
All times are GMT +1. The time now is 04:16 PM.