Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random poups! Need aid! [RESOLVED]

Started by fak , May 03 2005 07:56 PM

  • This topic is locked This topic is locked

#1
fak
Posted 03 May 2005 - 07:56 PM

fak

    Member

  • Member
  • PipPip
  • 11 posts
Thanks in advance.
I have been troubled by random popups for weeks. loadingwebsite.com, spotresults.com, interclick.com, revenue.net, spywareremover.com and more.
they pop up every ten mins or when I use searching engines.
I have Ad-aware, SpySubtract, Spybot S&D, MS Antispyware CWShredder and WinPatrol installed and updated, scan daily and still can't solve the problem.
Those pests cause nuisance whenever I go online and keep swarming my desktop with stupid icons. Also there's icont.exe and iconu.exe in my windows folder, I deleted them but they keep coming back. Please help

Logfile of HijackThis v1.99.1
Scan saved at 9:34:36, on 4/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\MiniServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\c0o\hl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSONreg] c:\Program Files\Bridgewell\epsonreg\notification.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 反向連結 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 網頁的快取快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 類似網頁 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7CB3B6-0428-4044-B08D-AB035FF73886}: NameServer = 210.0.255.216 210.0.128.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MINIServer (MiNiService) - Unknown owner - C:\WINDOWS\MiniServer.exe
O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
fak
Posted 07 May 2005 - 06:45 AM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello? Is someone there willing to help?
  • 0

#3
Michelle
Posted 09 May 2005 - 02:42 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First, download, install, and run CleanUp! (so the scan won't take as long because cleanup will clear temporary files) *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, backup it up or move it to a permanent folder prior to running Cleanup!

Please download ewido security suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log.
  • 0

#4
fak
Posted 10 May 2005 - 06:23 AM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks bananafanafo! Will try it right away
  • 0

#5
fak
Posted 10 May 2005 - 08:29 PM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi there.
Sorry for late reply but I gotta catch some sleep.
Here is my ewido log, activescan log and hijackthis log

---------------------------------------------------------
ewido security suite - 扫描记录
---------------------------------------------------------

+ 创建于: 0:43:31, 11/5/2005
+ 记录-校验码: 9342F56

+ 数据库日期: 10/5/2005
+ 扫描器版本: v3.0

+ 持续时间: 79 min
+ 已扫描的文件: 83797
+ 速度: 17.64 文件/秒
+ 感染的文件: 31
+ 删除的文件: 31
+ 隔离的文件: 31
+ 无法打开的文件: 0
+ 无法清除的文件: 0

+ 合并: 是
+ 加密: 是
+ 文件库: 是

+ 已扫描的项目:
C:\

+ 扫描结果:
C:\Documents and Settings\l\Cookies\l@366[1].txt -> Spyware.Tracking-Cookie -> 可恢复的删除
C:\Documents and Settings\l\Cookies\l@3[1].txt -> Spyware.Tracking-Cookie -> 可恢复的删除
C:\Program Files\Microsoft AntiSpyware\Quarantine\84FC4072-251B-42E3-AF2E-8063EF\F7C9E20C-8BC8-4FB3-AF5F-D52BC5 -> Spyware.BetterInternet -> 可恢复的删除
C:\Program Files\Microsoft AntiSpyware\Quarantine\B3A458CD-F0B7-458B-8A9C-31DA8A\ABE47A28-282D-4CD8-8508-E97C61 -> Spyware.BetterInternet -> 可恢复的删除
C:\RECYCLER\S-1-5-21-1935655697-2147082687-854245398-500\Dc1.exe -> Trojan.Stervis.c -> 可恢复的删除
C:\WINDOWS\iconu.exe -> Spyware.Zestyfind -> 可恢复的删除
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\agmfd.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\ckfview.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\clmodem.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\d60mlgd1160.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\dn6m01j1e.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\f4l0le3m1h.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\irpol5731.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\jkcht.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\jtl0073me.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\k8620ijoe8oc0.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\k8lq0i35e8.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\kfdes.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\kqdycl.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\l46o0ej3eho.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\mlmdd.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\mMg_hook.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\n8r2li9o18.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\nishrui.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\rxr20.dll -> Spyware.Look2Me.ab -> 可恢复的删除
C:\WINDOWS\system32\sbsfsdo.exe -> Trojan.Agent.cp -> 可恢复的删除
C:\WINDOWS\system32\SVCH0ST.EXE -> Backdoor.GrayBird.p -> 可恢复的删除
C:\WINDOWS\system32\wincoreak.dll -> Spyware.Coreak -> 可恢复的删除
C:\WINDOWS\system32\winrulesak.dll -> TrojanDownloader.Agent.bt -> 可恢复的删除
C:\WINDOWS\system32\winupdak.dll -> Spyware.Ezula -> 可恢复的删除


::报告结束
  • 0

#6
fak
Posted 10 May 2005 - 08:30 PM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kqdsl1.dll
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cache277
Virus:Trj/Vundo.A Disinfected C:\Documents and Settings\l\appsetup.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\l\Local Settings\Temp\bw2.com
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\l\Local Settings\Temp\upd203.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[1].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[2].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[3].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\EXQX07K7\upd203[1].exe
Adware:Adware/nCase No disinfected C:\WINDOWS\icont.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kqdsl1.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\nuvdpw.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\pmrfproc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\sworage.dll
  • 0

#7
fak
Posted 10 May 2005 - 08:36 PM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:23:10, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSONreg] c:\Program Files\Bridgewell\epsonreg\notification.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 反向連結 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 網頁的快取快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 類似網頁 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ws2_64.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7CB3B6-0428-4044-B08D-AB035FF73886}: NameServer = 210.0.255.216 210.0.128.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MINIServer (MiNiService) - Unknown owner - C:\WINDOWS\MiniServer.exe (file missing)
O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
Michelle
Posted 11 May 2005 - 12:15 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below service:

System Startup Service (or SvcProc)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Run HiJackThis. Click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

SvcProc

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click NO.

Then, I need you to download LSPFix.exe from here: http://www.cexx.org/lspfix.htm
Disconnect from the Internet, close all Internet Explorer Windows, and run the program. Check the "I know what I'm doing" Button and remove all traces of ws2_64.dll (be careful ONLY to remove this file!) Reboot and post a new HiJackThis log.

Edited by bananafanafo, 11 May 2005 - 12:17 AM.

  • 0

#9
fak
Posted 11 May 2005 - 09:50 AM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Excuse me?
What should I do if I can't find that System Startup Service (or SvcProc) in service.msc?

Edited by fak, 11 May 2005 - 09:58 AM.

  • 0

#10
Michelle
Posted 11 May 2005 - 10:14 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do this part and if it says it needs to be disabled first, then it is in services.msc and it will either be System Startup Service or SvcProc. :tazz:

Run HiJackThis. Click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

SvcProc

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click NO.
  • 0

Advertisements

#11
fak
Posted 12 May 2005 - 10:23 PM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for late reply.
Here's my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:59, on 13/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSONreg] c:\Program Files\Bridgewell\epsonreg\notification.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 反向連結 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 網頁的快取快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 類似網頁 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7CB3B6-0428-4044-B08D-AB035FF73886}: NameServer = 210.0.255.216 210.0.128.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MINIServer (MiNiService) - Unknown owner - C:\WINDOWS\MiniServer.exe (file missing)
O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#12
Michelle
Posted 12 May 2005 - 10:44 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to copy all of the Killbox instructions below and paste them into Notepad and save

it.

* Please download the Killbox by Option^Explicit.

*In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by

highlighting ALL of them then press CTRL + C

C:\WINDOWS\system32\kqdsl1.dll
C:\WINDOWS\cache277
C:\Documents and Settings\l\Local Settings\Temp\bw2.com
C:\Documents and Settings\l\Local Settings\Temp\upd203.exe
C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[1].exe
C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[2].exe
C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\A9K16R03\AppWrap[3].exe
C:\Documents and Settings\l\Local Settings\Temporary Internet Files\Content.IE5\EXQX07K7\upd203[1].exe
C:\WINDOWS\icont.exe
C:\WINDOWS\system32\nuvdpw.exe
C:\WINDOWS\system32\pmrfproc.dll
C:\WINDOWS\system32\sworage.dll

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click

"No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it

manually.

After your computer reboots, post a new HiJackThis log and let me know how it's running!
  • 0

#13
fak
Posted 15 May 2005 - 03:29 AM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for late reply, as I was not at home for days.
Here's my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:28:24, on 15/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSONreg] c:\Program Files\Bridgewell\epsonreg\notification.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 反向連結 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 網頁的快取快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 類似網頁 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7CB3B6-0428-4044-B08D-AB035FF73886}: NameServer = 210.0.255.216 210.0.128.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MINIServer (MiNiService) - Unknown owner - C:\WINDOWS\MiniServer.exe (file missing)
O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#14
Michelle
Posted 15 May 2005 - 09:55 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below service, if not found continue to the next section with HiJackThis:

MINIServer (MiNiService)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Run HiJackThis. Click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

MiNiService

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click YES

After reboot, post a new HiJackThis log.
  • 0

#15
fak
Posted 16 May 2005 - 08:36 AM

fak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, here's my latest HijackThis log, doctor :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 22:36:03, on 16/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitSpirit\BitSpirit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\l\桌面\HijackThis thingy\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSONreg] c:\Program Files\Bridgewell\epsonreg\notification.exe
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 反向連結 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 網頁的快取快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 類似網頁 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\All Users\Documents\New Area 43\DSLite2\DSLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7CB3B6-0428-4044-B08D-AB035FF73886}: NameServer = 210.0.255.216 210.0.128.241
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus 自動防護服務 (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by fak, 16 May 2005 - 08:37 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP