Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am I getting scammed ?


  • Please log in to reply

#1
med8581

med8581

    New Member

  • Member
  • Pip
  • 3 posts
I followed all instructions given on your site:

- downloaded and ran "Cleanup"
- downloaded and ran "Ad-Aware"
- downloaded and ran "CWShredder"
- ran "Spybot"
- ran virus scan at TrendMicro
- tried to install Windows Updates, but ran into problems with that
- downloaded and ran "HijackThis"

I think I still have problems, so I have posted my log from "HijackThis" for you to look over. Pleases let me know if I need to do anything else. Thank you very, very much.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:20 PM, on 7/14/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\systemp.exe
C:\WINNT\System32\hkeyman.exe
C:\WINNT\smctrlw.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\UPDD\TBSysTry.exe
C:\WINNT\System32\fpapli.exe
C:\WINNT\System32\svcsysreg.exe
C:\WINNT\System32\mszx23.exe
C:\Program Files\aier\taet.exe
C:\WINNT\System32\n?lookup.exe
C:\Program Files\Navman\GPS100 series USB driver\GPSFinder.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program_Files\Virus Removal\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f525.mail....d=35rvpco3do9pn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {12CB8E8A-64B6-09D6-202A-79D9064BF9DA} - C:\WINNT\crvv32.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\System32\hkeyman.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TBSysTry] C:\Program Files\UPDD\TBSysTry.exe
O4 - HKLM\..\Run: [scroller] fpapli.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [2.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.tmp.exe 4 10001
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINNT\System32\svcsysreg.exe
O4 - HKLM\..\Run: [AutoLoaderww3G1JMSdQLd] "C:\WINNT\System32\penrcl.exe"
O4 - HKLM\..\Run: [StatusCheck] uio.exe
O4 - HKLM\..\Run: [DTOURS] vxdman.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINNT\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [34763] xwiz.exe
O4 - HKCU\..\Run: [MsNetHelper] slamm.exe
O4 - HKCU\..\Run: [Serviceprocess] SysEntry.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Dane] C:\Program Files\aier\taet.exe
O4 - HKCU\..\Run: [Lbqasxh] C:\WINNT\System32\n?lookup.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: GPSPort v2_1.lnk = C:\Program Files\Navman\GPS100 series USB driver\GPSFinder.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 195.95.218.173
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D721167-163E-44C9-A15E-2B90844B9536}: NameServer = 69.50.188.180,85.255.112.5
O20 - Winlogon Notify: drct16 - C:\WINNT\SYSTEM32\drct16.dll
O21 - SSODL: systemp - {CEBC0134-F7B0-4C1A-884A-C5C7A07A6261} - systemp.dll (file missing)
O21 - SSODL: IE40 - {66F8C8C4-0061-72EF-1A3C-4AC994405A56} - c:\program files\internet explorer\winhhblex32.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINNT\svchost.exe

Edited by med8581, 14 July 2005 - 01:42 PM.

  • 0

Advertisements


#2
med8581

med8581

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have run every program imaginable to remove viruses and all that stuff and I run something, cut off the computer, run it again, only to get new stuff found !!! I have been running stuff for 2 days now and feel that I am getting nowhere fast !!! Could someone please tell me what is going on ? I am wondering if I am getting new stuff when I run these remover programs !?? As anyone else experienced this before ??? Also, I posted my HiJackThis log yesterday and I have gotten no replys (that is why I keep looking at the solutions posted to the stuff I know is on the computer and doing what that post says), and I was wondering if this was because everyone is so busy or because my problems aren't posted correctly or what !?!?!?

Please, please help me because I have a desktop computer at home that is my son's that I believe is going to have the same problems !!!! Thank you so very much !!!!
  • 0

#3
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP