This topic is lockedDid you download the windows update's you will just keep getting reinfected over and over.
Rerun ewido, and a virus scan
Post a new HJT.Log and any information from the virus scan's
Kc
Controlling my internet address & removing it
Started by
Classy2
, Mar 19 2005 02:34 AM
#76
Guest_thatman_*
Posted 24 April 2005 - 01:02 AM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Did you download the windows update's you will just keep getting reinfected over and over.
Rerun ewido, and a virus scan
Post a new HJT.Log and any information from the virus scan's
Kc
#77
Posted 24 April 2005 - 09:25 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
To my great technican, Kc,
I am sorry to inform you that Windows Update will not work!
Every page I read about me back to the UPDATE PAGE where it needs to scan but does nothing! Even the column on the left says; " Install now" is dimmed"
Im not sure if theres something else to try but I thought if I needd any patches I wouldnt be able to download them.
Here are Trojans that even though thier in vault, sometimes DELTED they keep reappearing.
Trojan horse
NAME--Win32:Qoologic-B
VPS version 0516-2, 04/19/2005
path cuddles\local settings\Temporary internet
C;\DOCUME~1Cuddles\LOCALS~1\Temp\tp7453.exe
FILE winup2date.dll
Path C:Windows\System32
Infection; Spyware.Small.et
How do I DELETE THESE PERMENATLY?
Trojan horse
NAME--Win32:Qoologic-B
VPS version 0516-2, 04/19/2005
path cuddles\local settings\Temporary internet
C;\DOCUME~1Cuddles\LOCALS~1\Temp\tp7453.exe
FILE winup2date.dll
Path C:Windows\System32
Infection; Spyware.Small.et
Here is my HJT Log ran in safe mode;
Logfile of HijackThis v1.99.1
Scan saved at 10:36:52 PM, on 4/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Trend Micro showed No viruses.
aIm beginning to think I will never be able to download from Microsoft Update.
Looking forward to your advice,
Classy
I am sorry to inform you that Windows Update will not work!
Every page I read about me back to the UPDATE PAGE where it needs to scan but does nothing! Even the column on the left says; " Install now" is dimmed"
Im not sure if theres something else to try but I thought if I needd any patches I wouldnt be able to download them.
Here are Trojans that even though thier in vault, sometimes DELTED they keep reappearing.
Trojan horse
NAME--Win32:Qoologic-B
VPS version 0516-2, 04/19/2005
path cuddles\local settings\Temporary internet
C;\DOCUME~1Cuddles\LOCALS~1\Temp\tp7453.exe
FILE winup2date.dll
Path C:Windows\System32
Infection; Spyware.Small.et
How do I DELETE THESE PERMENATLY?
Trojan horse
NAME--Win32:Qoologic-B
VPS version 0516-2, 04/19/2005
path cuddles\local settings\Temporary internet
C;\DOCUME~1Cuddles\LOCALS~1\Temp\tp7453.exe
FILE winup2date.dll
Path C:Windows\System32
Infection; Spyware.Small.et
Here is my HJT Log ran in safe mode;
Logfile of HijackThis v1.99.1
Scan saved at 10:36:52 PM, on 4/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Trend Micro showed No viruses.
aIm beginning to think I will never be able to download from Microsoft Update.
Looking forward to your advice,
Classy
#78
Guest_thatman_*
Posted 25 April 2005 - 07:06 AM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi Classy2
Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
Create a new folder called c:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into this new RKFiles folder.
Reboot into Safe Mode
Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).
Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
* Find this log, right-click and rename it RKFiles_log.txt so you can post it for me later.
Reboot back to Normal Mode.
Post the log and a new hijackthis log.
Kc
Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
Create a new folder called c:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into this new RKFiles folder.
Reboot into Safe Mode
Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).
Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
* Find this log, right-click and rename it RKFiles_log.txt so you can post it for me later.
Reboot back to Normal Mode.
Post the log and a new hijackthis log.
Kc
#79
Posted 25 April 2005 - 10:10 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
Kc,
You say to; Reboot into Safe Mode
Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).
Im confused because the only two places before windows loads;
Are in the bios OR At a prompt?
Are you telling my to type at the prompt, C: Open the C:\Antispyware\RKFiles folder
Please explain exactly where to open and run this .bat file.
I appologize,
Classy
You say to; Reboot into Safe Mode
Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).
Im confused because the only two places before windows loads;
Are in the bios OR At a prompt?
Are you telling my to type at the prompt, C: Open the C:\Antispyware\RKFiles folder
Please explain exactly where to open and run this .bat file.
I appologize,
Classy
#80
Posted 25 April 2005 - 10:23 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
I mean to say did you mean;
"Reboot in Safe Mode with a Command Prompt"
Classy
"Reboot in Safe Mode with a Command Prompt"
Classy
#81
Guest_thatman_*
Posted 26 April 2005 - 06:38 AM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi Classy2
Just boot into safemode
When in safemode double click on your C:\Drive
Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
Find this log, C:\Log.txt so you can post it for me.
Reboot into regular mode and post the log.txt
Kc
Just boot into safemode
When in safemode double click on your C:\Drive
Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
Find this log, C:\Log.txt so you can post it for me.
Reboot into regular mode and post the log.txt
Kc
Edited by thatman, 26 April 2005 - 06:39 AM.
#82
Posted 27 April 2005 - 10:14 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
Dear Kc
Please carefully read my letter.
Kc, Because you are very patient, and understand how make something technical understandable to me with great respect , Im asking if you consider to stay with me help me setup my firewall in the safest way possible.
I have read about setting up microfts firewall, they leave out things esp. where you have to type Information in box, like configuring a port. (microsoft leaves out info what to type here). Microsoft gives instructions to people who are somewhat familiar in this subject, Im NOT.
Kc Please read from the link below. Blank boxes to type in ip and USD.
Manually Configuring Windows Firewall in Windows XP Service Pack 2
I as understand the better I can techinically setup my firewall with the appropiate IP and USD, the more unlikely a hacker can get into my sytem.
After installing SP2 (in the past had no internet connection), will you please tell me your way (because I understand YOU)! me where to go and what to do TO CONNECT to the internet?
Please, will you stay with me and help me setup my firewall? I quote from Links, "Your firewall is as safe as you set it to be" and I ytrust YOU help me to keep hackers away from my computer. Or make it hard to get in.
Your long time devoted admirer,
Classy
Please carefully read my letter.
Kc, Because you are very patient, and understand how make something technical understandable to me with great respect , Im asking if you consider to stay with me help me setup my firewall in the safest way possible.
I have read about setting up microfts firewall, they leave out things esp. where you have to type Information in box, like configuring a port. (microsoft leaves out info what to type here). Microsoft gives instructions to people who are somewhat familiar in this subject, Im NOT.
Kc Please read from the link below. Blank boxes to type in ip and USD.
Manually Configuring Windows Firewall in Windows XP Service Pack 2
I as understand the better I can techinically setup my firewall with the appropiate IP and USD, the more unlikely a hacker can get into my sytem.
After installing SP2 (in the past had no internet connection), will you please tell me your way (because I understand YOU)! me where to go and what to do TO CONNECT to the internet?
Please, will you stay with me and help me setup my firewall? I quote from Links, "Your firewall is as safe as you set it to be" and I ytrust YOU help me to keep hackers away from my computer. Or make it hard to get in.
Your long time devoted admirer,
Classy
#83
Guest_thatman_*
Posted 27 April 2005 - 10:34 PM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi Classy2
Have you updated to XP_SP2 NOW
Dont waste your time with the windows firewall have a easyer one for you to use.
Zone Alarm FREE download and install this first.
http://www.zonelabs.com/store/content/c...!7551!7552
WinSockFix download this file no need to use it now. will tell you what it is later
http://downloads.sub.../WinsockFix.zip
http://www.spychecke...nsockxpfix.html.
Will be online for some time and will stay with you to help
Please post a new HJT.Log
Kc
Have you updated to XP_SP2 NOW
Dont waste your time with the windows firewall have a easyer one for you to use.
Zone Alarm FREE download and install this first.
http://www.zonelabs.com/store/content/c...!7551!7552
WinSockFix download this file no need to use it now. will tell you what it is later
http://downloads.sub.../WinsockFix.zip
http://www.spychecke...nsockxpfix.html.
Will be online for some time and will stay with you to help
Please post a new HJT.Log
Kc
#84
Posted 28 April 2005 - 12:28 AM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
Hi Kc,
In safe mode, I clicked RKFiles .bat.
It loaded 3 files, then said not to close dos window until it closes itself
Then it said checkng system files and I waited for 15 minutes, after nothing, I closed the window.
Do you think this ran properly?
Heres the RKfiles log file;
C:\Program Files\Antispyware\rkfiles ...thats all
I went to Windows update, Install and view history is still dimmed. And I waited for windows to scan my pc for prvious downloads but still nothing
My router was unpluged and probablly the setup for the IP and user was erassed. Do you think if I reset my router it would help with finding the host?
When opening this forum I get an error asking "do you want to work offline or try to connect".
Classy
Heres the HJT.Log
Logfile of HijackThis v1.99.1
Scan saved at 2:19:41 AM, on 4/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...&st=60&p=87648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: strings.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
In safe mode, I clicked RKFiles .bat.
It loaded 3 files, then said not to close dos window until it closes itself
Then it said checkng system files and I waited for 15 minutes, after nothing, I closed the window.
Do you think this ran properly?
Heres the RKfiles log file;
C:\Program Files\Antispyware\rkfiles ...thats all
I went to Windows update, Install and view history is still dimmed. And I waited for windows to scan my pc for prvious downloads but still nothing
My router was unpluged and probablly the setup for the IP and user was erassed. Do you think if I reset my router it would help with finding the host?
When opening this forum I get an error asking "do you want to work offline or try to connect".
Classy
Heres the HJT.Log
Logfile of HijackThis v1.99.1
Scan saved at 2:19:41 AM, on 4/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...&st=60&p=87648
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: strings.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
#85
Posted 28 April 2005 - 12:50 AM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
Kc,
Your post about keeping me company, was seperated and at the bottom.
What Im saying is yes, Id love your company anytime,although, I find night time quiet and impossible to be interupted by anything. I am flexible during the day if its better for you. I believe in compromising.
Please do let me know when you can be online,Id love to talk to you
I have a techinical question about my comupter. Can you tell a way to ask you privately, without invading on your privacy?
Sleepless in NY,
Classy
Your post about keeping me company, was seperated and at the bottom.
What Im saying is yes, Id love your company anytime,although, I find night time quiet and impossible to be interupted by anything. I am flexible during the day if its better for you. I believe in compromising.
Please do let me know when you can be online,Id love to talk to you
I have a techinical question about my comupter. Can you tell a way to ask you privately, without invading on your privacy?
Sleepless in NY,
Classy
#86
Posted 28 April 2005 - 04:03 AM
coachwife6
-
- Retired Staff
-
- 11,413 posts
SuperStar
C2: I am going to assist you with your log. Please tell me what problems you are having, and we will try to get it resolved.
#87
Posted 28 April 2005 - 07:21 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
Hi CW,
I feel Kc did everything possible to remove malware and try to get Windows Update to regonize my computer.
Maybe you can shed some new ideas and help protect me from any future hackers or hijackers.
Download the Hoster from here Press "Restore Original Hosts. and press "OK and Exit Program"".
I have 2 questions about the " Restore Orginal Host.
Q-- 1 my Host is editable" it asks if I want to make it "Read Only"?
Q--2. "Remove Block items from Host" (Removes 127.0.0.* entries)?
Kc was giving me all these programs because I can not get Update from Windows, esp. firewall SP2. I prresume SP2 is the best firewall package and they are always new making improvements to download from Windows Update.
I am presuming SP2 is the best firewall to have if it can be setup properly. I not familar with firewall with the technical terms. I quote " A Firewall is only as safe as its setup"
Can you please advise me which firewall youd use on your computer?
Or can FireZone can be set to be as good as SP2?
I also have a question about my computer and I wondering how can I ask it privately??
I have been working on cleaning up my system and then trying to get my host back.
Looking forward to learning from you,
Classy
I feel Kc did everything possible to remove malware and try to get Windows Update to regonize my computer.
Maybe you can shed some new ideas and help protect me from any future hackers or hijackers.
Download the Hoster from here Press "Restore Original Hosts. and press "OK and Exit Program"".
I have 2 questions about the " Restore Orginal Host.
Q-- 1 my Host is editable" it asks if I want to make it "Read Only"?
Q--2. "Remove Block items from Host" (Removes 127.0.0.* entries)?
Kc was giving me all these programs because I can not get Update from Windows, esp. firewall SP2. I prresume SP2 is the best firewall package and they are always new making improvements to download from Windows Update.
I am presuming SP2 is the best firewall to have if it can be setup properly. I not familar with firewall with the technical terms. I quote " A Firewall is only as safe as its setup"
Can you please advise me which firewall youd use on your computer?
Or can FireZone can be set to be as good as SP2?
I also have a question about my computer and I wondering how can I ask it privately??
I have been working on cleaning up my system and then trying to get my host back.
Looking forward to learning from you,
Classy
#88
Posted 29 April 2005 - 08:13 PM
coachwife6
-
- Retired Staff
-
- 11,413 posts
SuperStar
I don't know if thatman asked you this already, but is your version of Windows valid?
I want you to visit this page and see:
Windows validation
You should see this halfway down the page.
Click continue and tell me what it says,
I want you to visit this page and see:
Windows validation
You should see this halfway down the page.
This download is available to customers running genuine Microsoft Windows. Please click Continue to begin Windows validation.
Click continue and tell me what it says,
#89
Posted 30 April 2005 - 10:41 PM
Classy2
- Topic Starter
-
- Member
-
- 242 posts
Member
OK, I followed your instructions and the instructions on the page. It just asked the brand and name of my computer.
I did a lot of reading about other Firewalls, none seem to have everthing. For instance ZoneAlarm does not have mail protection. I was also interested in Sygate, it had an extra protection called ICP.
I am sad and frustrated. I have another Trojan. I thought Avast keeps Trojans out.
Do you know of any Anti-virus programs that do PREVENTION?
Classy
I did a lot of reading about other Firewalls, none seem to have everthing. For instance ZoneAlarm does not have mail protection. I was also interested in Sygate, it had an extra protection called ICP.
I am sad and frustrated. I have another Trojan. I thought Avast keeps Trojans out.
Do you know of any Anti-virus programs that do PREVENTION?
Classy
#90
Posted 30 April 2005 - 10:56 PM
coachwife6
-
- Retired Staff
-
- 11,413 posts
SuperStar
Please go to http://www.howtotell.com and click on "Windows Validation Assistant" - tell me what it says.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
