Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop Search [resolved]

Started by Iakovos_B , Mar 04 2005 11:55 AM

  • This topic is locked This topic is locked

#1
Iakovos_B
Posted 04 March 2005 - 11:55 AM

Iakovos_B

    New Member

  • Member
  • Pip
  • 3 posts
This is my first time on a forum like this, so if I'm in bad form I apologize. I can't seem to get Desktop Search off my computer. I tried manually deleting desktop.exe and ffisearch.exe from the registry with Regedit. I also tried removing it from the startup with msconfig, but it just keeps coming back. Please help. Here is my HijackThis Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 12:35:13, on 3/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\winnt\tsi32\tsircusr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\tppaldr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\System32\hkeyman.exe
C:\WINNT\system32\wsxsvc\wsxsvc.exe
C:\WINNT\system32\vmss\vmss.exe
C:\WINNT\Xhrmy.exe
C:\WINNT\system32\rcantvol.exe
C:\WINNT\isrvs\desktop.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\redml.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wisptis.exe
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.sbc.yaho....html?.pirf=yml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,c:\winnt\tsi32\tsircusr.exe
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe
O4 - HKLM\..\Run: [¢ª¸ï0/4»}¥ ãx‡5_C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [¢ª¸ï0ÓÈÜÅè]wø*8@ýžáC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINNT\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINNT\Xhrmy.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitepye32.exe
O4 - HKLM\..\Run: [53rO3Ee] rcantvol.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [K00EROKqR] redml.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC1FD99-BC11-4225-B2F4-2E547727E4D0}: NameServer = 192.168.0.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{81AEB5CC-8DDA-4628-B06B-93608AE43D11}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5CE1A6C-0D8F-4BBB-96F2-4B860ED1C8D3}: NameServer = 192.168.0.11
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink.com, Inc. - C:\WINNT\System32\TSIRCSRV.EXE

Thanks in advance.
  • 0

Advertisements

#2
Dragon
Posted 04 March 2005 - 03:56 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Hello

You have a Large Amount of Trojans and Viruses on Your Computer.

Download a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe first. Next, take a free Online Virus scan at http://www.housecall.trendmicro.com or http://www3.ca.com/v...virusscan.aspx.

After this, please follow this link http://castlecops.com/post106277.html and do as exactly as it says

next please post a fresh Hijack this log and we will clean up whatever is left.
  • 0

#3
Iakovos_B
Posted 05 March 2005 - 09:12 PM

Iakovos_B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK, this has been a pretty lenghty process. I had some difficulty with Trojan Hunter Guard locking up my computer. Once I disabled it, things went a little smoother. I ran Trojan Hunter, did the virus and security scans at housecall.trendmicro.com. I also ran Spybot. Desktop Search is gone from my now, but I'm still getting a lot of annoying popups.

Here is my new Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 22:04:02, on 3/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\winnt\tsi32\tsircusr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\tppaldr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\System32\hkeyman.exe
C:\WINNT\system32\avwguf03.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\wshrcl.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.sbc.yaho....html?.pirf=yml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,c:\winnt\tsi32\tsircusr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe
O4 - HKLM\..\Run: [¢ª¸ï0/4»}¥ ãx‡5_C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [¢ª¸ï0ÓÈÜÅè]wø*8@ýžáC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [53rO3Ee] avwguf03.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitepye32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [K00EROKqR] wshrcl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC1FD99-BC11-4225-B2F4-2E547727E4D0}: NameServer = 192.168.0.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{81AEB5CC-8DDA-4628-B06B-93608AE43D11}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA09BD10-8E68-4257-8469-DDBE45CE1190}: NameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5CE1A6C-0D8F-4BBB-96F2-4B860ED1C8D3}: NameServer = 192.168.0.11
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CWShredder Service - InterMute, Inc. - E:\My Downloads\CWShredder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink.com, Inc. - C:\WINNT\System32\TSIRCSRV.EXE

Again, thanks for the help. What else should I do?

Iakovos_B
  • 0

#4
Dragon
Posted 05 March 2005 - 10:00 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Hello

Please look over the Following Entries I have listed, run Hijack This again and check them and then, making sure you have No Internet Explorer Windows open, including this one, Press the "Fix Checked" Button with HijackThis.

Reboot If I have specified below, and Post a Fresh HijackThis log.

O4 - HKLM\..\Run: [¢ª¸ï0/4»}¥ ãx‡5_C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [¢ª¸ï0ÓÈÜÅè]wø*8@ýžáC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dbmjmnxx.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [53rO3Ee] avwguf03.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitepye32.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [K00EROKqR] wshrcl.exe
O18 - Filter: text/html - (no CLSID) - (no file)


After this, Reboot and Delete the following files:

C:\WINNT\system32\wshrcl.exe
C:\WINNT\system32\avwguf03.exe
C:\Program Files\ISTsvc
C:\WINNT\system32\wsxsvc
c:\windows\system\bles.exe
C:\WINNT\isrvs
C:\PROGRA~1\COMMON~1\tsa
C:\winnt\system32\elitepye32.exe



Note: Make sure you have Set Windows to show Hidden Files & Folders before you Start Sending Them to us For Analysis, or you're deleting them. This can be done by looking at the instructions at This Webpage http://www.xtra.co.n...1916458,00.html

To Delete These Files/Folders, You Will need to Boot into Safe Mode. This can be done by tapping F8 while your machine restarts.

Then post a fresh Hijack this log
  • 0

#5
Iakovos_B
Posted 08 March 2005 - 06:53 AM

Iakovos_B

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK, I did everything you told me to do, and now I'm not getting any popups. Thanks a million.

Here's the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 07:49:35, on 3/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
c:\winnt\tsi32\tsircusr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\ICO.EXE
C:\WINNT\tppaldr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\System32\hkeyman.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dial.sbc.yaho....html?.pirf=yml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,c:\winnt\tsi32\tsircusr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://desync.com/nsvplayx_vp6_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC1FD99-BC11-4225-B2F4-2E547727E4D0}: NameServer = 192.168.0.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{81AEB5CC-8DDA-4628-B06B-93608AE43D11}: NameServer = 192.168.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5CE1A6C-0D8F-4BBB-96F2-4B860ED1C8D3}: NameServer = 192.168.0.11
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: CWShredder Service - InterMute, Inc. - E:\My Downloads\CWShredder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink.com, Inc. - C:\WINNT\System32\TSIRCSRV.EXE

Iakovos_B
  • 0

#6
Dragon
Posted 08 March 2005 - 07:24 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
good job, your log is clean :tazz:

For Future Protection
Download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacools...areblaster.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
https://netfiles.uiu...rce.htm#IESPYAD

Both are very small free programs that you run once, and then just occasionally to check for updates.

And also see
So how did I get infected in the first place?
  • 0

#7
Michelle
Posted 28 March 2005 - 02:20 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
This topic has been resolved and is now closed. If the original poster has any other problems and needs it re-opened, please contact a staff member.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP