Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dang...another computer! [RESOLVED]

Started by EmilyPam , May 24 2005 10:46 AM

  • This topic is locked This topic is locked

#1
EmilyPam
Posted 24 May 2005 - 10:46 AM

EmilyPam

    Member

  • Member
  • PipPip
  • 75 posts
Morning everyone....

I have the Dr. Temp folder in my Winnt area! I have ran everything that I could but it won't leave!

Thanks in advance for all your help!

Em

Here's the log

Logfile of HijackThis v1.99.1
Scan saved at 11:41:11 AM, on 5/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hijack This\HijackThis.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115056631785
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\atlqy32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

Advertisements

#2
Guest_usetobe_*
Posted 28 May 2005 - 05:49 AM

Guest_usetobe_*
  • Guest
Hi Emily,

Is this another one or is it part of what we have already fixed?

Edited by usetobe, 28 May 2005 - 05:51 AM.

  • 0

#3
EmilyPam
Posted 31 May 2005 - 07:03 AM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
:tazz: Hiya Usetobe

It's another computer....the other one is working just fine

Emily
  • 0

#4
Guest_usetobe_*
Posted 31 May 2005 - 07:05 AM

Guest_usetobe_*
  • Guest
Hi Emily,

Please post a fresh HJT log
  • 0

#5
EmilyPam
Posted 31 May 2005 - 07:14 AM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Okay....here is the freshest log....

Thanks in advance for your help!

Em

Logfile of HijackThis v1.99.1
Scan saved at 8:12:32 AM, on 5/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Hijack This\HijackThis.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115056631785
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\atlqy32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#6
Guest_usetobe_*
Posted 31 May 2005 - 02:14 PM

Guest_usetobe_*
  • Guest
Hi emily,

This one is quite easy,

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Service: Remote Procedure Call (RPC) Helper .
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Then reboot into SAFE MODE.

Run HJT and click on MISC TOOLS. Then click on Delete an NT Service.

In the popup box copy and paste the following

11Fßä#·ºÄÖ`I

IT IS IMPORTANT THAT THERE IS A SPACE BEFORE THE FIRST NUMBER 1 OR IT WILL NO WORK

Now rescan with HJT and check the following

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\atlqy32.exe (file missing)

Reboot pc normally and then rescan with HJT and post the log back
  • 0

#7
EmilyPam
Posted 01 June 2005 - 07:59 AM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi usetobe....I have a problem

When I typed in services.msc an error message came up.

It says MMC cannot open the file C:WINNT\System32\services.msc

This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.

After I got this error message I searched the computer for the file and it was there and when I clicked on it, it gave this error message again. I am also logged under administrator rights. So I dont know what to do now.

Thanks, Em
  • 0

#8
Guest_usetobe_*
Posted 01 June 2005 - 08:10 AM

Guest_usetobe_*
  • Guest
Hi emily,

Before we can go any further, i notice that there are no sercice packs installed on this pc.

The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#9
EmilyPam
Posted 01 June 2005 - 03:34 PM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Okay, I couldn't get the update page to load! It was just a blank web page! I finally got it....somehow...lol. I updated, rebooted, and here is my freshest log.

Thanks in advance again...Em :tazz:

P.S. I also tried to do that run that you asked me to do earlier and it still gave me that error message.

Logfile of HijackThis v1.99.1
Scan saved at 4:30:47 PM, on 6/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\msiexec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115056631785
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\atlqy32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  • 0

#10
Guest_usetobe_*
Posted 02 June 2005 - 02:59 AM

Guest_usetobe_*
  • Guest
Hi Emily,

Can you reboot into safe mode by tapping the F8 key on startup and see if you can do it.

Start>run>type services.msc ok

Let me know

Edited by usetobe, 03 June 2005 - 10:40 AM.

  • 0

Advertisements

#11
EmilyPam
Posted 02 June 2005 - 08:21 AM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hiya Use........ :tazz:

Nope...didn't work

Em
  • 0

#12
Guest_usetobe_*
Posted 02 June 2005 - 11:19 AM

Guest_usetobe_*
  • Guest
Hi eM,

Lets try this one then :tazz:

Click on start>control panel>double click administrative tools>double click computer management> click + sign next to services and applications, thern click on services....does that give you a list of services in right hand window?
  • 0

#13
EmilyPam
Posted 02 June 2005 - 02:41 PM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
It didn't let me...

I went to the control panel, i tried it from there and i clicked on computer managent and it gave me that error message! I even tried from right clicking the start button, explore, control panel, admin tools, computer management

I even clicked on the properties of computer management, find target, clicked on that and it gave me the error message

I right clicked the computer management, run as, and check to see if i could change the settings.

I am logged under Administrator, but that button was checked on the other user's name. When I went to click it off, it took but then I opened it back up and it had reset itself back to that other's user name

What's up w/that! lol

Em :tazz:
  • 0

#14
Guest_usetobe_*
Posted 03 June 2005 - 06:48 AM

Guest_usetobe_*
  • Guest
Hi EM,

Let me know if you can do this

Start>run>type msconfig then ok....do you get new box up?

Run HJT and click on Misc tools

Then click on Delete an NT Service.

In the popup box paste the following

11Fßä#·ºÄÖ`I

MAKE SURE THERE IS A SPACE IN FRONT OF THE FIRST NUMBER 1

Reboot, rescan with HJT and submit new log
  • 0

#15
EmilyPam
Posted 03 June 2005 - 07:35 AM

EmilyPam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hiya Use....

Okay when I typed up msconfig....the boxed popped up but what do i do w/it now? lol

I ran the HJT and followed your directions and I got this message....

The service 11Fßä#·ºÄÖ`I is enabled/or running. Disable it first, using HighJackthis itself (from the scan results) or the Services.msc window

Thanks....Em
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP