This topic is lockedHow is your computer running now?
trojan.desktophijack and related [resolved]
Started by
glennc007
, Jul 07 2005 03:22 PM
#31
Posted 15 July 2005 - 11:27 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
How is your computer running now?
#32
Posted 18 July 2005 - 07:37 AM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
Still just a blue screen, no icons, no start/taskbar, no right-click-ability on the desktop.
Pls advise. Thx
G
Pls advise. Thx
G
#33
Posted 18 July 2005 - 01:42 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Please go here: Jotti Virus Scan
Click the "browse" button and locate this file:
C:\WINDOWS\System32\wininet.dll
Click "Open", then click the "Submit" button. Copy the results and paste them here.
***
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
Click the "browse" button and locate this file:
C:\WINDOWS\System32\wininet.dll
Click "Open", then click the "Submit" button. Copy the results and paste them here.
***
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.
dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
#34
Posted 18 July 2005 - 02:00 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
I couldn't figure any way to launch IE directly on the infected machine - when I double clicked on the app in program files it said the file could not be found. So, I copied the wininet.dll file to the C:\ root dir temporarily and then I could upload it via another computer on our LAN. Hope that wasn't a bad idea.
Here is the jotti results:
Service load: 0% 100%
File: wininet.dll
Status: OK
MD5 6619e2ad00065da8a89182a5a4e93eef
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
I did the wininet.bat. Here is the files.txt:
Volume in drive C has no label.
Volume Serial Number is 4807-D18E
Directory of C:\Program Files\Common Files\Adaptec Shared\System
04/23/1999 10:22 PM 459,024 Wininet.dll
1 File(s) 459,024 bytes
Directory of C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps
12/13/2001 08:50 PM 3,960 H
1 File(s) 3,960 bytes
Directory of C:\WINDOWS\system32
07/11/2005 06:11 PM 599,040 wininet.dll
1 File(s) 599,040 bytes
Total Files Listed:
3 File(s) 1,062,024 bytes
0 Dir(s) 21,909,299,200 bytes free
Here is the jotti results:
Service load: 0% 100%
File: wininet.dll
Status: OK
MD5 6619e2ad00065da8a89182a5a4e93eef
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
I did the wininet.bat. Here is the files.txt:
Volume in drive C has no label.
Volume Serial Number is 4807-D18E
Directory of C:\Program Files\Common Files\Adaptec Shared\System
04/23/1999 10:22 PM 459,024 Wininet.dll
1 File(s) 459,024 bytes
Directory of C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps
12/13/2001 08:50 PM 3,960 H
1 File(s) 3,960 bytes
Directory of C:\WINDOWS\system32
07/11/2005 06:11 PM 599,040 wininet.dll
1 File(s) 599,040 bytes
Total Files Listed:
3 File(s) 1,062,024 bytes
0 Dir(s) 21,909,299,200 bytes free
#35
Posted 18 July 2005 - 02:07 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Please make absolutly sure that wininet.dll doesn't get to the other computers.
It's important all steps be done exactly otherwise you may lose Internet access. Please copy the instructions below and paste them into notepad or print them out!
If you do not understand something, please let me know before continuing!
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
***
Go to your C:\Windows\system32-folder and rename the bad wininet.dll to wininet.old
Then on top in the menu, choose tab 'view' > 'refresh'
Look if there is a new wininet.dll created in your system32-folder.
If not...
Go to your C:\Program Files\Common Files\Adaptec Shared\System\-folder and rightclick on that wininet.dll and choose copy.
Go back to your C:\Windows\system32-folder, rightclick anywhere in that folder and choose paste.
REBOOT
That must solve the problem. Because your explorer wont load, you'll need to perform everything via taskmanager (ctrl-alt-del) > applications > new task > browse'.
It's important all steps be done exactly otherwise you may lose Internet access. Please copy the instructions below and paste them into notepad or print them out!
If you do not understand something, please let me know before continuing!
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
***
Go to your C:\Windows\system32-folder and rename the bad wininet.dll to wininet.old
Then on top in the menu, choose tab 'view' > 'refresh'
Look if there is a new wininet.dll created in your system32-folder.
If not...
Go to your C:\Program Files\Common Files\Adaptec Shared\System\-folder and rightclick on that wininet.dll and choose copy.
Go back to your C:\Windows\system32-folder, rightclick anywhere in that folder and choose paste.
REBOOT
That must solve the problem. Because your explorer wont load, you'll need to perform everything via taskmanager (ctrl-alt-del) > applications > new task > browse'.
#36
Posted 18 July 2005 - 02:18 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
OK. completed that. no change to desktop.
??????
??????
#37
Posted 18 July 2005 - 02:19 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
Was I supposed to delete wininet.old?
#38
Posted 18 July 2005 - 02:20 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
You're fast 
After reboot.. delete the C:\Windows\System32\wininet.old.
Also delete C:\Windows\System32\oleadm.dll
After reboot.. delete the C:\Windows\System32\wininet.old.
Also delete C:\Windows\System32\oleadm.dll
#39
Posted 18 July 2005 - 02:35 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
OK. Deleted wininet.old. Still no change in desktop after another reboot. Aargh.....
Note: olead.dll was not found.
Note: olead.dll was not found.
#40
Posted 18 July 2005 - 02:40 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
I mean oleadm.dll was not found,
#41
Posted 18 July 2005 - 02:48 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
We'll need to transport some files from the computer you are now using, to your infected computer.
Download smitRem.zip and save the file to your desktop.
The tool has been updated, see if that helps
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.
On your infected computer, boot again in safe mode and open your task manager again.
Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.
In your Task Manager, click 'applications' (first tab).
Click the New Task button.
Cick browse.
Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)
Search for that smitrem folder.
Right click on the smitrem folder and choose: Copy
Now browse again via Task Manager to My Documents or Program Files.
Right click somewhere in there, right click and choose: Paste
Now open the smitrem folder you just copied and pasted and click the file: RunThis.bat
Then click open.
In the window where it says 'Create new task', click OK.
Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.
When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.
Reboot to normal mode and post a hijackthis log in your next reply
Download smitRem.zip and save the file to your desktop.
The tool has been updated, see if that helps
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.
On your infected computer, boot again in safe mode and open your task manager again.
Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.
In your Task Manager, click 'applications' (first tab).
Click the New Task button.
Cick browse.
Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)
Search for that smitrem folder.
Right click on the smitrem folder and choose: Copy
Now browse again via Task Manager to My Documents or Program Files.
Right click somewhere in there, right click and choose: Paste
Now open the smitrem folder you just copied and pasted and click the file: RunThis.bat
Then click open.
In the window where it says 'Create new task', click OK.
Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.
When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.
Reboot to normal mode and post a hijackthis log in your next reply
#42
Posted 18 July 2005 - 03:07 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
Logfile of HijackThis v1.99.1
Scan saved at 5:04:23 PM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\mac disk\lsdiorw\lsdiorw2.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AVE122001_CD.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup155.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\mac disk\lsdiorw\lsdiorw2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Scan saved at 5:04:23 PM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\mac disk\lsdiorw\lsdiorw2.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AVE122001_CD.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup155.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - C:\Program Files\mac disk\lsdiorw\lsdiorw2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
#43
Posted 18 July 2005 - 03:23 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
This log means it rebooted ok?
(checking the log now)
(checking the log now)
#44
Posted 18 July 2005 - 03:23 PM
glennc007
- Topic Starter
-
- Member
-
- 41 posts
Member
Still have blue screen no icons, etc etc.
#45
Posted 18 July 2005 - 03:29 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
There's nothing in the log. Can you have the replaces wininet.dll checked at jotti's?
* Please rightclick this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
For some time it will look like nothing is happening. Just keep waiting.
Once it's done it will create a log. A window will come up telling you when it's saved.
* Please rightclick this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
For some time it will look like nothing is happening. Just keep waiting.
Once it's done it will create a log. A window will come up telling you when it's saved.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
