Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

remove spy trap.


  • Please log in to reply

#1
Rechkalov7

Rechkalov7

    Member

  • Member
  • PipPip
  • 97 posts
Greetings,




my question is how can i remove pesttrap from my computer, i made a few scans with Ewido and have deleted it but it always seems to come back. What can i do to remove it? This program is very tenacious, it comes back every time i reboot.


Thanks.
  • 0

Advertisements


#2
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Welcome to GTG! :whistling:

Let's try this:

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
GREETINGS,


Hope this will help.

[indent=1]Logfile of HijackThis v1.99.1
Scan saved at 17:42:01, on 2006-09-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
c:\ann.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKLM\..\Run: [eippcaxA] C:\WINDOWS\eippcaxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [npta8cbd] RUNDLL32.EXE w0ff523e.dll,n 002a8cbb0000000a0ff523e
O4 - HKLM\..\Run: [sys011596194087-] C:\WINDOWS\sys011596194087-.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [ewcij.exe] C:\WINDOWS\System32\ewcij.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [orfi] C:\PROGRA~1\FICHIE~1\orfi\orfim.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.2...xinst_int16.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{27690447-B631-4C69-9CCB-8A61347EDA6A}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE51421-A029-4AE5-B5D1-183AAA79B826}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\eippcax.exe (file missing)



Thanks.
  • 0

#4
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...;DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.


  • 0

#6
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Greetings again,


here's the result with the sp1a french version( your link wasn,t good since my version is in french).

Logfile of HijackThis v1.99.1
Scan saved at 19:08:19, on 2006-09-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {5D8AEFF1-F539-96AC-1222-6DED8BAA89A4} - startman.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKLM\..\Run: [eippcaxA] C:\WINDOWS\eippcaxA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [npta8cbd] RUNDLL32.EXE w0ff523e.dll,n 002a8cbb0000000a0ff523e
O4 - HKLM\..\Run: [sys011596194087-] C:\WINDOWS\sys011596194087-.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [dmgnf.exe] C:\WINDOWS\System32\dmgnf.exe
O4 - HKLM\..\Run: [MON76234] StartCpl.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] driver64.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [orfi] C:\PROGRA~1\FICHIE~1\orfi\orfim.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [FLKPT] ATLIEHELPER.exe
O4 - HKCU\..\Run: [AliceSD] SetupExeDll.exe
O4 - HKCU\..\Run: [abrek] trycrt.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.2...xinst_int16.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{27690447-B631-4C69-9CCB-8A61347EDA6A}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE51421-A029-4AE5-B5D1-183AAA79B826}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\eippcax.exe (file missing)



Thanks.
  • 0

#7
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Good job, let's continue.. :whistling:

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C:) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
Right-click Here and choose "Save As" (or "Save Target As") in order to download Alcra Plus Remover.
  • Save it in the same folder you made earlier (c:\BFU)
=====================================

Run Brute Force Uninstaller

Go to Start » My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Beside the white box field, click the folder icon: Posted Image : select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
=====================================

1. Click Start > Run > type: sc stop "Network Monitor" > OK
2. Click Start > Run > type: sc delete "Network Monitor" > OK

3. Click Start > Run > type: sc stop "Windows Overlay Components" > OK
4. Click Start > Run > type: sc delete "Windows Overlay Components" > OK

=====================================



Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - URLSearchHook: (no name) - {5D8AEFF1-F539-96AC-1222-6DED8BAA89A4} - startman.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.2...xinst_int16.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{27690447-B631-4C69-9CCB-8A61347EDA6A}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE51421-A029-4AE5-B5D1-183AAA79B826}: NameServer = 85.255.116.99,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.99 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.99 85.255.112.152
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\eippcax.exe (file missing)

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Locate and delete the following folder(s), if present :
C:\Program Files\Network Monitor

=====================================

Locate and delete the following file(s), if present :
C:\WINDOWS\eippcax.exe

=====================================

Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure Run fixit is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

NOTE : Do not be alarmed if your computer takes longer than usual to load -- this is normal

FixWareOut will produce a logfile, located here - C:\fixwareout\report.txt. Post it on your next reply.


====

Post:

Fixwareout log
New Hijackthis log
  • 0

#8
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


thank you mister, but, i made all you told me untill the to scan hijack this and do a system scan only , you told me to to place a checkmark on entries, the problem is that those entries are not on the list i've got. What am i supposed to do now?


Thanks for your help.
  • 0

#9
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts

thank you mister, but, i made all you told me untill the to scan hijack this and do a system scan only , you told me to to place a checkmark on entries, the problem is that those entries are not on the list i've got. What am i supposed to do now?



Don't worry about that.. just continue with the rest of the instructions..
  • 0

#10
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Greetings,


here's the result of the fixWareout.exe



Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74AAC11824A0-41B9-0844-F06C-BD7E27CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C758D1840AC0-DDB8-3564-131E-EF790C79{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}80EBE6C0129F-EBAB-ED04-00FE-1C71B98A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA8485E9AB8D-9778-8F54-0DE3-1EDCAFD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2366809096AE-C77B-16E4-1216-6B1E39E2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}86D75BEFED61-DCD8-FD74-81F9-B2A91088{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1E9AD8A0CBB-5938-8A54-8D70-B03175CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\bhtmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmthb.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
C:\WINDOWS\SYSTEM32\NTSYSTEM.EXE
* csr.exe C:\WINDOWS\System32\CSNBY.EXE

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSNBY.EXE 51 246 2006-09-13
C:\WINDOWS\SYSTEM32\DMTHB.EXE 61 967 2002-08-29

Other suspects.
Directory of C:\WINDOWS\system32
{88019A2B-9F18-47DF-8DCD-16DEFEB57D68}.exe
{2E93E1B6-6121-4E61-B77C-EA6909086632}.exe
{97C097FE-E131-4653-8BDD-0CA0481D857C}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.



Thanks.
  • 0

Advertisements


#11
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
You didn't post a new Hijackthis log..

Just post a new one later.. for the mean time, do this:

---

I want you to set Windows to show hidden files and folders, click here to learn how.

=====================================

Locate and delete the following file(s), if present : C:\WINDOWS\SYSTEM32\NTSYSTEM.EXE
C:\WINDOWS\System32\CSNBY.EXE
C:\WINDOWS\system32\{88019A2B-9F18-47DF-8DCD-16DEFEB57D68}.exe
C:\WINDOWS\system32\{2E93E1B6-6121-4E61-B77C-EA6909086632}.exe
C:\WINDOWS\system32\{97C097FE-E131-4653-8BDD-0CA0481D857C}.exe

=====================================

Then submit a fresh hijackthis log please. :whistling:

Edited by Jag11, 16 September 2006 - 05:35 AM.

  • 0

#12
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


won't this make my computer vulnerable to attacks even more? I mean why should i uncheck this? Just a question.
  • 0

#13
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


mmm i'm not sure i want to do this, when i tried to uncheck this , i had an open box message telling me this could damage my computer and make it unusable.

Thanks.
  • 0

#14
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,



please send me an answer as soon as you can, i think i'm just going to reformat my hard drive. My computer is getting slower every day. I removed my anti-virus for a new one, free version named avg. The computer has never been so slow. Could you help me out? And could you explain why i should uncheck the the option of hyding the files, it just doesn't make sense to me. It's like asking me to turn around , bend over close my eyes and trust a stranger. As competent as you seem to be.


Thanks.
  • 0

#15
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello,

Don't worry about that.. I will not ask you to do something that will wreck your machine. :whistling:

I'm asking you to unhide system files and folders so that you will have no problems to find those files I asked you to delete.. Because some malware files like to hide themselves so if you don't unhide files, then you will not see them.

And.. we'll reset that to the default settings when we're already done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP