Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr Watson's malpractice

Started by mwidick , Mar 13 2005 09:16 PM

  • This topic is locked This topic is locked

#1
mwidick
Posted 13 March 2005 - 09:16 PM

mwidick

    New Member

  • Member
  • Pip
  • 9 posts
Ok,
This is my nightmare.
Computer will only run in safe mode.
Crashes and I get theDr, Watson Message. I havepicture files andmusic files we want to backup to CD but can not get it to open any desk top folders under normal use.
Iwill love you forever if you get this working again.
Mark W

This is my log.Logfile of HijackThis v1.99.1
Scan saved at 9:42:49 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E366BB1-818C-CAF9-EC1B-9788483C2FA9} - C:\WINDOWS\system32\ntvg32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [d3pb32.exe] C:\WINDOWS\system32\d3pb32.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\tgjljeen.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.micro...eb/ikcntrls.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O21 - SSODL: mtklef - {109A2C31-7AB9-4916-AC9B-AA97F5855BDE} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\FaxSetup.log:piczo.exe (file missing)
  • 0

Advertisements

#2
mwidick
Posted 14 March 2005 - 07:05 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
A little more information. I have run a Housecall scan. It apparently will not remove infections the way I have it configured. I do not seem to be finding the way to enable this function. I guess they want me to purchase the associated removal software? Norton anitvirus and ad aware find viruses every time I run them with new critters showing up each time. Also the computor is my son's who was home on spring break from FSU (GO Noles!!!). I expect that most of this stuff came from the University links. Once all is well and Dad is a hero again perhaps you can help point out how to stop this again. Eternal thanks to the first responder to this note.
MarkW
  • 0

#3
mwidick
Posted 15 March 2005 - 05:08 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is a new log file after trying solo to clean up with recommended stuff. Please Help.



Logfile of HijackThis v1.99.1
Scan saved at 5:57:40 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E366BB1-818C-CAF9-EC1B-9788483C2FA9} - C:\WINDOWS\system32\ntvg32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iefa.exe] C:\WINDOWS\system32\iefa.exe
O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\tgjljeen.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.micro...eb/ikcntrls.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O21 - SSODL: mtklef - {109A2C31-7AB9-4916-AC9B-AA97F5855BDE} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  • 0

#4
mwidick
Posted 15 March 2005 - 05:12 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the Panda Scan log


Incident Status Location

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefa.exe
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\istinstall_??????.exe
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Lycos
Adware:Adware/PortalScan No disinfected C:\Program Files\Common Files\slmss
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Virus:Bck/Webber.P Disinfected Operating system
Spyware:Spyware/Heterofind No disinfected C:\spe
Virus:Trj/Downloader.ABR Disinfected Operating system
Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
Virus:Trj/HideProc.B Disinfected C:\Documents and Settings\Dad\Local Settings\Temp\1.tmp
Virus:Trj/HideProc.B Disinfected C:\Documents and Settings\Dad\Local Settings\Temp\2.tmp
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Owner\Application Data\wtta.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe
Virus:Trj/HideProc.B Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\1.tmp
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Belt.ini
Virus:Bck/Agent.K Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\F3F3.tmp
Adware:Adware/Comet No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr400B\Bin\comutil.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI15.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI15.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI20EE.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI20EE.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI22DE.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI22DE.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI34E1.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI34E1.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI386E.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI386E.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI3CF9.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI3CF9.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4DA4.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4DA4.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4DF.tmp\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI4DF.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI589A.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI5D67.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI6E59.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI751C.tmp\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THIA8C.tmp\multimpp.inf
Spyware:Spyware/LocalNRD No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THIB2A.tmp\localNrd.inf
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\80RPIJRU\msn.com.4oo[1].htm
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CF5BI6JH\AM_1.0.140[1].exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CF5BI6JH\AproposClientInstaller[1].exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H3F97T7S\!update-1312[1].0000
Virus:Trj/Downloader.ATD Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KF736WPD\189_150_ni[1].abc
Adware:Adware/eZula No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KHU34XMV\ezw-101[1].0000
Virus:Trj/WmvDownloader.B Disinfected C:\Documents and Settings\Owner\Shared\Hentai Anime p*** XXX - Judy Jetson licks Ariel the Little Mermaid's clit for some reason they're on a Star Trek ship disney dizney cartoon sex 757x600.wmv
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\happpeen\hdedccahtl\clpenllef.exe
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\happpeen\jcbdepnl\pjpcnpjr.exe
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\plg0\cxtpls.dll
Adware:Adware/SearchAid No disinfected C:\Program Files\Internet Explorer\tgjljeen.exe
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx
Virus:Trj/Downloader.AEE Disinfected C:\WINDOWS\Downloaded Program Files\counter.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\Downloaded Program Files\start.INF
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\dyjhl.dll
Virus:Trj/Downloader.ATD Disinfected C:\WINDOWS\system32\basesrv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefa.exe
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\joegw.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\lsfji.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\nsknq.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ntvg32.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\TSKMGR~1.EXE
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysvm.exe.bak
Virus:Trj/HideProc.B Disinfected C:\WINDOWS\Temp\1.tmp
Adware:Adware/Envolo No disinfected C:\WINDOWS\Temp\AutoUpdate0\setup.inf
Virus:Bck/Agent.K Disinfected C:\WINDOWS\Tqvgsv.exe
Virus:Bck/Agent.K Disinfected C:\WINDOWS\uxvthkp.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winfy32.dll
  • 0

#5
don77
Posted 16 March 2005 - 08:02 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Mark and welcome,

Once all is well and Dad is a hero again perhaps you can help point out how to stop this again.

I know the pressure your under :tazz:

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops....ownload&id=3002[/url
http://www.mytechsup...rviceremove.zip


Download CW-Shredder at the link below:
http://cwshredder.ne...CWSshtreder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++



Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Service: Workstation NetLogon Service


When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.

2. Reboot into SafeMode.<---MAKE SURE YOU KNOW HOW TO DO THIS!!

3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

PROCESSES TO BE STOPPED

piczo.exe
d3pb32.exe

If you find the files, click on them, and then click End Process => Exit the Task Manager.


4. [b]CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hpviz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hpviz.dll/sp.html#28129
O2 - BHO: (no name) - {2E366BB1-818C-CAF9-EC1B-9788483C2FA9} - C:\WINDOWS\system32\ntvg32.dll
O4 - HKLM\..\Run: [d3pb32.exe] C:\WINDOWS\system32\d3pb32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\tgjljeen.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O21 - SSODL: mtklef - {109A2C31-7AB9-4916-AC9B-AA97F5855BDE} - (no file)
O23 - Service: Workstation NetLogon Service ( 6Q '8) - Unknown owner - C:\WINDOWS\FaxSetup.log:piczo.exe (file missing)



5. Delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\system32\ntvg32.dll
C:\WINDOWS\system32\d3pb32.exe
c:\ied_s7m.cab
c:\x.cab
c:\counter.cab
piczo.exe

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Reboot into normal mode.

12. Download the Hoster from here http://members.aol.c...bee/hoster.zip. Press "Restore Original Hosts" and press "OK". Exit Program.

13. Download and run this online virus scan:
[url="http://housecall.trendmicro.com/housecall/start_corp.asp"]http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you check "AutoClean"

then reboot and post a fresh Hijack This log to see how we did

Edited by don77, 17 March 2005 - 09:48 PM.

  • 0

#6
mwidick
Posted 16 March 2005 - 09:25 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I am having a few problems.
1. I can only run effectively in safe mode. Can I do all the tasks in that mode?
2. I do not find "folder Options" in tools in Internet Explorer
3. xphidden never asks "merge?"
4. Can't find "service: Workstation NetLogon Service" Just many similar sounding titles
5. I do not know how to Reboot into a URL
Thanks
John's Dad
  • 0

#7
mwidick
Posted 17 March 2005 - 03:57 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
One more thing. Where is the autoclean button in housecall?
  • 0

#8
mwidick
Posted 18 March 2005 - 11:49 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Trythispost for my newest HiJackLog
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:33:20 AM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.micro...eb/ikcntrls.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  • 0

#9
don77
Posted 19 March 2005 - 06:07 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looks better, Just a few minor cleanups,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT,
Move HJT into this new folder please,

Next,
Please restart HJT put a check next to the following, close all open windows and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R3 - Default URLSearchHook is missing

Restart your computer and post back a fresh log please,
Let us know how the computer is running,

I m heading out for a few days will try and check back in a couple times over the 4 days,
  • 0

#10
mwidick
Posted 19 March 2005 - 12:41 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, things are better but not quite perfect. ;)
I can now open folders and the compuer has not crashed today :) :)
But, I cannot burn to my cdrive and explorer will open but wont access the internet unless in safe mode...... :tazz: Also, the power on button is not working forcing me to use one of the "smart keys" to launch this laptop computer. I push the internet smart key. Perhaps this is altering the way I log on. The computer does access the internet in safe mode. I suppose the swithch is a mechnical issue. But I never underestimate the ability of software to mess things up. By the way, is it possible for lowlies like me to properly interpret a HiJackLog and proceed reaonably safely? ;)
Thanks for you efforts.
Mark


Logfile of HijackThis v1.99.1
Scan saved at 1:26:20 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0A835609-C0D0-4EFE-934F-1FAD5C5AB860} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.micro...eb/ikcntrls.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  • 0

#11
don77
Posted 07 April 2005 - 08:35 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Mark
Very Very sorry for overlooking your post :tazz:

If your still having issues please post back a fresh HJT log,

Some of the items you mention sound like they could be hardware related,

If you have sense reolved these issues please let us know, Thanks and again I m very sorry for the late reply,

Don
  • 0

#12
mwidick
Posted 07 April 2005 - 08:52 PM

mwidick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the reply. I seem to have got things fixed. Thanks so much for the help. I again am super Dad.
Mark :tazz:
  • 0

#13
don77
Posted 07 April 2005 - 08:56 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Glad to hear it Mark AKA super Dad,

I m closing this topic should you have any further problems or need it reopened for any reason please pm a Mod or Trusted Helper

Don
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP