Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Controlling my internet address & removing it


  • This topic is locked This topic is locked

#31
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Hi Kc, This do NOT download before, but I tried it again and
here is the [B]SPeHjFix Log;
This little program looks like it worked well.

(4/1/05 7:42:45 PM) SPSeHjFix started v1.1.1
(4/1/05 7:42:45 PM) OS: WinXP (5.1.2600)
(4/1/05 7:42:45 PM) Language: english
(4/1/05 7:43:16 PM) Disinfection started
(4/1/05 7:43:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} (file missing: deleted)
(4/1/05 7:43:16 PM) BHO-Key: HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} (file missing: deleted)
(4/1/05 7:43:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} (file missing: deleted)
(4/1/05 7:43:16 PM) BHO-Key: HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} (file missing: deleted)
(4/1/05 7:43:16 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972} (file missing: deleted)
(4/1/05 7:43:16 PM) BHO-Key: HKCR\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} (file missing: deleted)
(4/1/05 7:43:16 PM) UBF: 4
(4/1/05 7:43:16 PM) UBB: 3
(4/1/05 7:43:16 PM) UBR: 14
(4/1/05 7:43:16 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
(4/1/05 7:43:16 PM) Stealth-String not found
(4/1/05 7:43:16 PM) Temp-Files delete on Reboot
(4/1/05 7:43:16 PM) File added to delete: c:\progra~1\yahoo!\compan~1\installs\cpn0\ycomp5_5_7_0.dll
(4/1/05 7:43:16 PM) File added to delete: error
(4/1/05 7:43:16 PM) File added to delete: c:\docume~1\cuddles\locals~1\temp\~df2345.tmp
(4/1/05 7:43:16 PM) Reboot
(4/1/05 7:43:55 PM) Disinfection started
(4/1/05 7:43:55 PM) UBF: 4
(4/1/05 7:43:55 PM) UBB: 0
(4/1/05 7:43:55 PM) UBR: 14
(4/1/05 7:43:55 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
(4/1/05 7:43:55 PM) Stealth-String not found
(4/1/05 7:43:55 PM) Not infected->END
  • 0

Advertisements


#32
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
You asked me to;
Clean out all temp files in Mozilla, Internet Explorer.

I can NOT find Mozilla,

You can also set the memory limit to about 20 MB at the Settings.
:tazz: Where ;)

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

I ran ''cleanmgr'' but where are the TIF files to be deleted?
  • 0

#33
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Did you delete all the files with killbox

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#34
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I downloaded a anti-virus program called ''Avast''. I needed some preventive programs. :tazz:

This is my Avast log;

04/01/2005 21:04
Scan of all local drives
File C:\Program Files\gopkilxg\gopkilxg.exe is infected by Win32:Ruledor [Trj] - Deleted
File C:\WINDOWS\inst\3p1.exe.tcf is infected by Win32:Ad-Agent [Adw] - Deleted
File C:\WINDOWS\isrvs\desktop.exe is infected by Win32:Oneclick-B [Adw] - Deleted
File C:\WINDOWS\system32\ActiveScan\imscan.dll is infected by Win32:Kuang2 - Deleted
File C:\WINDOWS\system32\Cache\CSv13P108.exe is infected by Win32:Ruledor [Trj] - Deleted
File C:\WINDOWS\system32\cewgkl.exe is infected by Win32:Trojano-1052 [Trj] - Deleted
File C:\WINDOWS\system32\chkynth.exe is infected by Win32:Trojano-1052 [Trj] - Deleted
File C:\WINDOWS\system32\dsktrf.dll is infected by Win32:Adan-007 [Adw] - Deleted
File C:\WINDOWS\system32\gfufp.dll is infected by Win32:Adan-006 [Adw] - Deleted
File C:\WINDOWS\system32\gpqpd.dll is infected by Win32:Adan-006 [Adw] - Deleted
File C:\WINDOWS\system32\rjnzx.dll is infected by Win32:Adan-006 [Adw] - Deleted

Number of searched folders: 2957
Number of tested files: 43684
Number of infected files: 11
  • 0

#35
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Please how did you get on with the killbox files

Post a new HJT.log

Kc :tazz:
  • 0

#36
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Kc please help me with with new error;

Error says-- Tile is from Veritas Update Manager---
Istallation Package, S Guard.dll cant find path-
C:\Docum~\local~\owner\~Vertias 4258um\
I searched on my computer for; SGuard.dll but I did NOT find it.
Error also says to; "Please type in correct path"??
I searched on my computer for; SGuard.dl but I did NOT find it.
And I searched to find path C:\Docu~..... but it did Not find this path

Heres what it said in my HJT Log;

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

What does the "/r" switch mean?
And what does the ~~~ mean?

The updater keeps updating and its is time consuming to close.
Do you have any suggestions on fixing it? :tazz:
  • 0

#37
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Please post a new HJT.Log

Kc :tazz:
  • 0

#38
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
In the safe mode, [COLOR=red]All KillBox files were DELETED!
except for one of them disappeared as I was copying.


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dppk.exe<--Delete this file [COLOR=red]<----NOT found.
C:\Documents and Settings\Cuddles\Local Settings\Temp\dnyyzic.tmp<Delete this file [COLOR=red]<----NOT found.
C:\Program Files\AIM\Sysfiles\WxBug.EXE<--Delete this file[COLOR=red]<----NOT found

C:\Program Files\Media Access<--Delete the whole folder [COLOR=red] not found
C:\Program Files\gopkilxg<--Delete the whole folder <-------[COLOR=red] DELETED!

Empty your recycle bin
C:\RECYCLER\S-1-5-21-166745521-3779935395-2167395947-500\Dc1\AdDestroyerInner.EXE.tcf [COLOR=red] <---- not be found.
[COLOR=red]Im assuming all the above paths were to be deleted by going into ''My Computer''.

Here is my HJT Log;

Logfile of HijackThis v1.99.1
Scan saved at 8:14:52 AM, on 4/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cuddles\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\System32\shdoclc.dll/dnserror.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#39
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I just scanned with Trend Micro and Panda. Both reported NO VIRUSES!

ran CCleaner, the Tab called "Isues" It wouldnt let me copy.
It showed paths with ([B][COLOR=red]~~)
I did not want to ''FIX IT, unless you could see what it showed.

Can you please tell me where CCleaner Logs can be located :tazz:
  • 0

#40
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

You are running HijackThis from the Desktop; please create a new folder C:\HJT and move HijackThis.exe into the new folder

CWShredder Download the Program.
Run CWShredder to fix your CWS problem.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\System32\shdoclc.dll/dnserror.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

Click on Fix Checked when finished and exit HijackThis.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Please update A.S.A.P
You are being infected faster than I can clean your system

Kc :tazz:
  • 0

Advertisements


#41
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
I checked, Fixed all of these :tazz:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
res://C:\WINDOWS\System32\shdoclc.dll/dnserror.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/.../search/ie.html

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
Click on Fix Checked when finished and exit HijackThis.

Here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 1:13:26 AM, on 4/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

You wanted me to use About Buster a few days ago, this evening it workedHres the Reoprt;
Here is the Buster report;

Logfile of HijackThis v1.99.1
Scan saved at 1:13:26 AM, on 4/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Heres is my anti virus program Avast Log;
Sometimes I delete it or very seldom store itin a vault.
Here is my anti-viruse Avast Report';

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Friday, April 01, 2005 9:18:54 PM
* VPS: 0511-1, 03/17/2005
*

C:\WINDOWS\System32\rmmpkm.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dppk.exe [L] Win32:Qoologic-B [Trj] (0)
http://82.179.166.69/11082/ [L] Win32:Mhtplo-25 [Trj] (0)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\DPPK.EXE [L] Win32:Qoologic-B [Trj] (0)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dppk.exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\DPPK.EXE [L] Win32:Qoologic-B [Trj] (0)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dppk.exe [L] Win32:Qoologic-B [Trj] (0)
C:\Documents and Settings\Corey\Local Settings\Temporary Internet Files\Content.IE5\4T0LW3MT\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUME~1\Corey\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
C:\Documents and Settings\Cuddles\Local Settings\Temporary Internet Files\Content.IE5\IL0DWP2Z\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)

*
* Task stopped: Saturday, April 02, 2005 6:34:17 PM
* Run-time was 21 hour(s), 15 minute(s), 23 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, April 02, 2005 6:54:33 PM
* VPS: 0513-2, 04/01/2005
*

C:\Documents and Settings\Corey\Local Settings\Temporary Internet Files\Content.IE5\ODEZOPUN\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...
C:\DOCUME~1\Corey\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUME~1\Corey\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...

*
* Task stopped: Sunday, April 03, 2005 12:30:34 AM
* Run-time was 5 hour(s), 36 minute(s), 1 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Sunday, April 03, 2005 12:31:22 AM
* VPS: 0513-2, 04/01/2005
*

C:\Documents and Settings\Cuddles\Local Settings\Temporary Internet Files\Content.IE5\2HY1SB21\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...

*
* Task stopped: Sunday, April 03, 2005 3:14:38 AM
* Run-time was 1 hour(s), 43 minute(s), 16 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Sunday, April 03, 2005 3:15:57 AM
* VPS: 0513-2, 04/01/2005
*

C:\Documents and Settings\Cuddles\Local Settings\Temporary Internet Files\Content.IE5\IL0DWP2Z\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully deleted...

*
* Task stopped: Sunday, April 03, 2005 6:10:20 AM
* Run-time was 2 hour(s), 54 minute(s), 23 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Sunday, April 03, 2005 7:46:51 AM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Sunday, April 03, 2005 8:00:42 AM
* Run-time was 13 minute(s), 51 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Sunday, April 03, 2005 8:31:33 AM
* VPS: 0513-2, 04/01/2005
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, April 04, 2005 4:02:20 PM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Monday, April 04, 2005 9:06:36 PM
* Run-time was 5 hour(s), 4 minute(s), 16 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, April 04, 2005 9:19:08 PM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Monday, April 04, 2005 9:42:42 PM
* Run-time was 23 minute(s), 34 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, April 04, 2005 9:44:14 PM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Monday, April 04, 2005 9:51:03 PM
* Run-time was 6 minute(s), 49 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, April 04, 2005 9:57:50 PM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Monday, April 04, 2005 10:18:18 PM
* Run-time was 20 minute(s), 28 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, April 04, 2005 10:19:29 PM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Monday, April 04, 2005 11:57:22 PM
* Run-time was 1 hour(s), 37 minute(s), 53 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, April 05, 2005 12:07:42 AM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Tuesday, April 05, 2005 12:13:30 AM
* Run-time was 5 minute(s), 48 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, April 05, 2005 12:15:03 AM
* VPS: 0513-2, 04/01/2005
*


*
* Task stopped: Tuesday, April 05, 2005 12:16:35 AM
* Run-time was 1 minute(s), 32 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, April 05, 2005 12:52:59 AM
* VPS: 0513-2, 04/01/2005
*

C:\Documents and Settings\Cuddles\Local Settings\Temporary Internet Files\Content.IE5\2HY1SB21\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully moved to chest...
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully moved to chest...

*
* Task stopped: Tuesday, April 05, 2005 1:04:02 AM
* Run-time was 11 minute(s), 3 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, April 05, 2005 1:53:52 AM
* VPS: 0513-2, 04/01/2005
*

C:\Documents and Settings\Cuddles\Local Settings\Temporary Internet Files\Content.IE5\63QN6LA5\i282[1].exe [L] Win32:Qoologic-B [Trj] (0)
C:\DOCUME~1\Cuddles\LOCALS~1\Temp\tp7543.exe [L] Win32:Qoologic-B [Trj] (0)
File was successfully moved to chest...


These files you asked me to delete. Tonight looked again and..?
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dppk.exe<--Delete this file (
still NOT FOUND)

C:\Documents and Settings\Cuddles\Local Settings\Temp\dnyyzic.tmp<Delete this file [B]( did NOT FIND THIS dppk.exe,) ( but I deleted every temp file with this ~ mark.
C:\Program Files\AIM\Sysfiles\WxBug.EXE<--Delete this file
(FOUND TONIGHT, DELETED IT). ;)

C:\Program Files\Media Access<--Delete the whole folder
C:\Program Files\gopkilxg<--Delete the whole folder
  • 0

#42
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
A ver good morning to you, Kc
I am very pleased to inform you that I setup and installed the Firewall on my Linksys router. I also found a cause of my problem was a port was open on my other computer but now I closed it.
Please help me continue finishing removing my Mareware, viruses ..etc.?
With warm appreciationy,
Classy2 :tazz:
  • 0

#43
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Sorry for my delay in replying to you.

Please post a new HJT.Log and a panda.log.

Kc
  • 0

#44
Classy2

Classy2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts
Kc,
Did you mean a HJT in safe mode???
Waitin here to here from you.
  • 0

#45
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Classy2

Allways post a HJT.Log in normal mode

Thanks

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP