strange prog running
#1
Posted 18 April 2004 - 11:00 AM
#2
Posted 18 April 2004 - 11:31 AM
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.
Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.
Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
#3
Posted 18 April 2004 - 01:17 PM
Logfile of HijackThis v1.97.7
Scan saved at 3:16:00 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\realtime.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Mph8.exe
C:\WINNT\System32\Bio9fQ88.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hjt[1].zip\HijackThis.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Cjo9g.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
#4
Posted 18 April 2004 - 01:52 PM
#5
Posted 18 April 2004 - 01:56 PM
#6
Posted 18 April 2004 - 02:06 PM
http://home.iprimus....peperuninst.exe
Then please reboot, and post a new log.
#7
Posted 18 April 2004 - 02:19 PM
#8
Posted 18 April 2004 - 02:23 PM
Logfile of HijackThis v1.97.7
Scan saved at 4:22:54 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\realtime.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hjt[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
#9
Posted 18 April 2004 - 02:25 PM
http://www.geekstogo...?showtopic=1031
I guess that is your entire log. Are you still having any problems?
#10
Posted 18 April 2004 - 02:42 PM
#11
Posted 18 April 2004 - 02:48 PM
If everything seems to be working okay you can delete the Hijack This folder.
How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).
Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.
Link to SpywareBlaster: http://www.javacools...areblaster.html
VERY IMPORTANT:
It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
Try Winsock fix to repair your Internet:
http://www.spychecke...nsockxpfix.html
#12
Posted 18 April 2004 - 04:15 PM
Yeah - and vacation week has only just begun!!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users