Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help: Look2me.topconverting, command Service, Alexa Related, Smitfraud


  • Please log in to reply

#31
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi agriarianmonk,

look i'm not able to do the online scan, the virus is blocking me.

and also the guys from the company asked me to disable the internet connection on that PC, because it looks like its interfering on the speed of the network.

So what can we do? should I post just the hijack This Log and the AVG report?

Please give me instructions because i dont know what else to do.
  • 0

Advertisements


#32
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
do this and then try doing the online scan again:

Download the Hoster Here

Unzip Hoster to your desktop

Open up the Hoster program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program

  • 0

#33
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Look I'm not able to do the online scan needer the jotti submit.

Every time I try to do it the pages are not available (I know is the trojan causing this) or somethimes I can see the page but there is nothing writed on the icons and every time I connect the pc to the internet the trojan downloder downlods a new trojan to the PC.

So there is no other way to do this? Beause I dont want to enable the WAN untill I get rid of those virus.

Please inform me if you have onother solution.

thanks
  • 0

#34
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
are you able to view other pages without a problem?

another question: how up to date is your antivirus subscription?

please let me know and post a new hijackthis log so i can see what's going on.

Edited by agrarianmonk, 19 October 2006 - 02:39 PM.

  • 0

#35
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi,

Some times I'm able to see other pages without problems and some times I'm unable to see any page.

About my anti virus, I use symantec and it is updated.

So, has your instructions this is the hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:47 AM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\compaq\hpdiags\hpdiags.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\cluster\resrcmon.exe
C:\WINNT\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.43.4:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.100....ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://192.168.100....ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.100....stall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.100....html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.100..../RemoveCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OKSIJEN
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AF4895B-CA3F-4791-859C-1E80B3331301}: NameServer = 213.137.128.73,213.137.128.74
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: RPCRT3.dll
O20 - Winlogon Notify: WLogon - srvc.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: Microsoft information dll service (msidll) - Unknown owner - C:\WINNT\system\msidll.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINNT\lsass.exe (file missing)
O23 - Service: Secure Path Agent (SecurePathAgent) - Hewlett Packard Corporation - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#36
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
Download and save F-Secure's Blacklight (blbeta.exe) to your desktop.
## It's IMPORTANT that it's saved on the Desktop

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\blbeta.exe" /expert

*Note that you must have local administrative privileges to run the program.

- Accept the user agreement.
- Click Scan.

BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this.

When it finishes, click Next. You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste the log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Edited by agrarianmonk, 20 October 2006 - 08:11 AM.

  • 0

#37
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is the Blacklight Log file:

10/20/06 16:22:41 [Info]: BlackLight Engine 1.0.47 initialized
10/20/06 16:22:41 [Info]: OS: 5.0 build 2195 (Service Pack 4)
10/20/06 16:22:41 [Note]: 7019 4
10/20/06 16:22:41 [Note]: 7005 0
10/20/06 16:22:41 [Note]: 7006 0
10/20/06 16:22:41 [Note]: 7011 2300
10/20/06 16:22:41 [Note]: 7026 0
10/20/06 16:22:41 [Note]: 7026 0
10/20/06 16:22:44 [Note]: FSRAW library version 1.7.1020
10/20/06 16:23:00 [Note]: 7007 0

When the scan finnished nothing was found.
  • 0

#38
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
ok, I see the problem. I'll have instructions for you in a bit.
  • 0

#39
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
Open HijackThis and click on 'Do a System Scan Only'. Check the boxes next to all the entries listed below (if present).

O20 - Winlogon Notify: WLogon - srvc.dll (file missing)

Now close all windows other than HiJackThis, then click Fix checked.. Close HijackThis.


1. Go to Start > Run and type Services.msc then hit Ok
Scroll down and find the below service:

Microsoft information dll service (msidll)

2. When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

3. Repeat 1-2 for the following services:

Microsoft sdk core (sdk)
Windows NT Logon Application (WINLOGON)

4. Open HiJackThis, click on None of the above, just start the program. Now, click on the Config button (bottom right), click on Misc Tools, then click on Delete an NT Service. A window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

sdk

5. Click OK.

6. It should pull up information about the service, then ask if you want to reboot. Click NO.

7. Repeat 4-6 for the following:

WINLOGON
msidll



8. Download & launch KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy

C:\WINNT\lsass.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\system\msidll.exe

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

After reboot, try the online scan again and post the contents of the online scan and a new hijackthis log.

if you can't access the online scan, just post a new hijackthis log.
  • 0

#40
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Ok I will be online.
  • 0

Advertisements


#41
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
instructions are posted above here (in post 39):

http://www.geekstogo...s...st&p=815316

in case you missed them :whistling:

Edited by agrarianmonk, 20 October 2006 - 11:39 AM.

  • 0

#42
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi there,

Hi followed your instructions till step 8: download and launch KillBox v2.0.0.175.

But I couldnt do nothing because the following files were not in the locations:

C:\WINNT\lsass.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\system\msidll.exe

So I close the KillBox.

Then I tryed to do the on line scan at the f-secure site but it didnt work, so I run the Hijack This and this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 6:17:24 PM, on 10/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\compaq\hpdiags\hpdiags.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\cluster\resrcmon.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.43.4:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.100....ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://192.168.100....ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.100....stall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.100....html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.100..../RemoveCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OKSIJEN
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AF4895B-CA3F-4791-859C-1E80B3331301}: NameServer = 213.137.128.73,213.137.128.74
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: RPCRT3.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Secure Path Agent (SecurePathAgent) - Hewlett Packard Corporation - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

I have to leave now. I can load more instructions and I will follow them tomorow.

Thanks.
  • 0

#43
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
Can you try Kaspersky or Panda again?

At the moment, I don't see anything wrong with your log, so I want an online scan just to be sure.

Let me know if they don't work. Also let me know if you're having any other problems.
  • 0

#44
shayras

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi sorry for the delay, manday and tuesday were free days to me.

But I will Try Kaspersky or Panda Again and then I will notify you.

And about your question, if I'm having onother problem, I will say yes because i discovered a trojans on onother PC, and I dont know how they went inside the PC.

The names are: HKTL_GSERVICE.A and BKDR_IROFFER.AT

I have already removed the second one but the other one stills there and I'm fllowing some steps provided on trend micro web site to remove it.

So has you see there are other problems.
  • 0

#45
agrarianmonk

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts

I will say yes because i discovered a trojans on onother PC


I'm not exactly sure if its related to the infection that was present on this PC, although it could be. You should post a HJT log for that other PC as a new topic in the Malware forum if you continue to have problems with it.

Are you having any problems with this computer? Let me know in your next post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP