Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack Log posted PLEASE help....Jeidred wont move

Started by Grandmaster_Toad , Aug 21 2004 09:20 PM

  • Please log in to reply

#1
Grandmaster_Toad
Posted 21 August 2004 - 09:20 PM

Grandmaster_Toad

    New Member

  • Member
  • Pip
  • 3 posts
Here is my log. I have run adaware, xoft, and spybot. I currently have N.A.V. for virus protection.... I cant seem to get rid of jeired and its tv media folders Any help would be greatlt appreciated.

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
C:\Dtools\daemon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\nqorau.exe
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\B\My Documents\My Received Files\HijackThis.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - F:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\ Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - F:\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Dtools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dsidplesm] F:\WINDOWS\System32\nqorau.exe
O4 - HKLM\..\Run: [TV Media] F:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DR_S] F:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [TV Media] F:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Spyware-Cop] "F:\SPYWAR~1\Spyware-Cop.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: f:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\lspak.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
  • 0

Advertisements

#2
ditto
Posted 22 August 2004 - 08:59 AM

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey Grandmaster_Toad,

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of [lspak.dll]. Reboot.


Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - F:\Program Files\TV Media\TvmBho.dll
O4 - HKLM\..\Run: [dsidplesm] F:\WINDOWS\System32\nqorau.exe
O4 - HKLM\..\Run: [TV Media] F:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] F:\Program Files\TV Media\Tvm.exe

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
F:\Program Files\TV Media<----folder

Do you have any idea what this program is used for?
F:\Program Files\DR_S\DR_S.exe


Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<
  • 0

#3
Grandmaster_Toad
Posted 22 August 2004 - 09:58 AM

Grandmaster_Toad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
THANK YOU SO MUCH!! Up till now my efforts to get that thing off were unsuccessful. I had to run Hijack this 2 more times to get the required nasties off...but they are gone.
As to your question...i dont know what the Dr_S folder of file is. It isnt anything I have purposely installed.
Here is my new log (hopefully clean).
Hope I can help others in these forums as well.
Thanks again
Grandmaster_Toad

Logfile of HijackThis v1.98.1
Scan saved at 10:51:44 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
C:\Dtools\daemon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\NavNT\vptray.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Documents and Settings\B\My Documents\My Received Files\HijackThis.exe
F:\WINDOWS\System32\wuauclt.exe

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - F:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\ Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - F:\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Dtools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DR_S] F:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Spyware-Cop] "F:\SPYWAR~1\Spyware-Cop.exe" /s
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
  • 0

#4
Hemal
Posted 22 August 2004 - 04:59 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - F:\WINDOWS\mxTarget.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - F:\Pop-Up Stopper Pro\popuppro.dllO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DR_S] F:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Spyware-Cop] "F:\SPYWAR~1\Spyware-Cop.exe" /s

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<

by the way do you have Windows ME on a partion of your harddrive?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP