Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rdriv.sys HELP GET MY INTERNET BACK PLZ [RESOLVED]


  • This topic is locked This topic is locked

#16
Twitch83

Twitch83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok the firewall works and i turned it on you guys are awsome your like greenberet sneaking through the night and you snatch them viruses up like they was your buddies behind enemy lines you just sneak in there and grab em. your very mysterious... :tazz: ;) ;)
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
:tazz:

;) ;)

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\aim.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots do this:

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below service:

AOL Instant Messanger (note the "a" in Messanger)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Run HiJackThis. Click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

AIM

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click YES.

Post a new HiJackThis log.

Edited by bananafanafo, 07 June 2005 - 03:11 PM.

  • 0

#18
Twitch83

Twitch83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:05:20 PM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\Program Files\ewido\security

suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
C:\Program

Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active

Monitor\imonnt.exe
C:\Program

Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active

Monitor\imontray.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program

Files\Logitech\iTouch\iTouch.exe
C:\Program

Files\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft

Office\Office10\WINWORD.EXE
C:\Program Files\Norton

AntiVirus\navw32.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Documents and Settings\Edwayne F

Hutton\Desktop\test\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Windows\CurrentVer

sion\Internet Settings,ProxyOverride =

localhost
N3 - Netscape 7:

user_pref("browser.startup.homepage",

"http://www.soleasylum.net");

(C:\Documents and Settings\Edwayne F

Hutton\Application

Data\Mozilla\Profiles\default\1drnwezt.slt

\prefs.js)
N3 - Netscape 7:

user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscap

e%5CNetscape%5Csearchplugins%5CSBWeb_01.sr

c"); (C:\Documents and Settings\Edwayne F

Hutton\Application

Data\Mozilla\Profiles\default\1drnwezt.slt

\prefs.js)
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program

Files\Intel\Intel® Active

Monitor\imontray.exe
O4 - HKLM\..\Run: [PPMemCheck]

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol]

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher]

C:\Program

Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program

Files\Softex\OmniPass\scureapp.exe
O4 - Startup: Xfire.lnk = C:\Program

Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging

Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.

EXE/3000
O12 - Plugin for .spop: C:\Program

Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF:

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}

(Creative Software AutoUpdate) -

http://www.creative....ocx/15009/CTSUE

ng.cab
O16 - DPF:

{B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.c...load.yahoo.com/

dl/installs/suite/yautocomplete.cab
O16 - DPF:

{F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support

Package) -

http://www.creative....ocx/15010/CTPID

.cab
O20 - Winlogon Notify: OPXPGina -

C:\Program

Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite

control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard

- ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® Active Monitor

(imonNT) - Intel Corp. - C:\Program

Files\Intel\Intel® Active

Monitor\imonnt.exe
O23 - Service: Norton AntiVirus Firewall

Monitor Service (NPFMntor) - Symantec

Corporation - C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: Softex OmniPass Service

(omniserv) - Unknown owner - C:\Program

Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZipm12.exe
  • 0

#19
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hmm I don't know what happened there, but I need you to post another HiJackThis log without all the spaces. It's too hard to analyze that way. :tazz:
  • 0

#20
Twitch83

Twitch83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:51:06 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Norton AntiVirus\navw32.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Documents and Settings\Edwayne F Hutton\Desktop\test\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.soleasylum.net"); (C:\Documents and Settings\Edwayne F Hutton\Application Data\Mozilla\Profiles\default\1drnwezt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Edwayne F Hutton\Application Data\Mozilla\Profiles\default\1drnwezt.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#21
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It looks good! How is it running now?
  • 0

#22
Twitch83

Twitch83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
;) awsome thank you so much its almost sad i have nothing else you guys can fix lol gonna miss the great work you guys do. Will donate some money today or tomorrow promise! :tazz: thank you so much :tazz: you are truly gods of computers, and keep up the good work ;)
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're very welcome! I'm happy to help ;) That's very sweet of you, thank you! ;)

Congratulations your log is clean! Great job on the clean up :tazz:

I recommend checking the http://www.microsoft.com website periodically for critical updates to install.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.

Edited by bananafanafo, 08 June 2005 - 12:15 PM.

  • 0

#24
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP