I am having trouble with Trojan-Spy.html.smitfraud.c virus and need to help me to remove it from my computer.
I do not have Hijackthis. where do i get it?
Please advise me how to resolve the problem. Thank you very much in advance.
JK
help me with trojan-spy.HTML.smitfraud.c [RESOLVED]
Started by
jknieser
, Jul 27 2005 11:32 AM
-
This topic is locked
#1
Posted 27 July 2005 - 11:32 AM
jknieser
-
- Member
-
- 7 posts
New Member
I am having trouble with Trojan-Spy.html.smitfraud.c virus and need to help me to remove it from my computer.
I do not have Hijackthis. where do i get it?
Please advise me how to resolve the problem. Thank you very much in advance.
JK
#2
Posted 27 July 2005 - 11:50 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Hi lknieser and welcome to the Geeks to Go Forums.
My name is Trevuren and I will be helping you with your log.
1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"
3. Please follow all the instructions which can be found here, then post your HJT log.
http://www.geekstogo..._Log-t2852.html
Trevuren
My name is Trevuren and I will be helping you with your log.
1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"
3. Please follow all the instructions which can be found here, then post your HJT log.
http://www.geekstogo..._Log-t2852.html
Trevuren
#3
Posted 27 July 2005 - 01:46 PM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
Thanks in advance
here is my Highjack this log
look forward to hearing from ya soon
JK
Logfile of HijackThis v1.99.1
Scan saved at 3:38:23 PM, on 7/27/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\GoogleDCC\GoogleDCC.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFah.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFahCore_65.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ganm\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\netware\nwws2sap.dll' missing
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
here is my Highjack this log
look forward to hearing from ya soon
JK
Logfile of HijackThis v1.99.1
Scan saved at 3:38:23 PM, on 7/27/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\GoogleDCC\GoogleDCC.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFah.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFahCore_65.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ganm\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\netware\nwws2sap.dll' missing
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
#4
Posted 27 July 2005 - 02:12 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Download CW-Shredder at the link below: (don't run it yet)
http://cwshredder.ne.../CWShredder.exe
Download 'SpSeHjfix'. >>> http://www.derbilk.de/SpSeHjfix112.zip
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
Make sure you know how to boot into - SafeMode
Reboot into safe mode.
Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.
Now run the Shredder - Hit The FIX button!
Reboot and repeat the process above.
Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
http://cwshredder.ne.../CWShredder.exe
Download 'SpSeHjfix'. >>> http://www.derbilk.de/SpSeHjfix112.zip
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
Make sure you know how to boot into - SafeMode
Reboot into safe mode.
Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.
Now run the Shredder - Hit The FIX button!
Reboot and repeat the process above.
Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
#5
Posted 27 July 2005 - 03:24 PM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
i did as you said in your post but when i tried to use shreder it couldn't find it (shreder that is) and then i booted back up into regular windows and i can't get on the internet right now i am on my other computer.
plz help
JK
plz help
JK
#6
Posted 27 July 2005 - 06:44 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Do a search for CWShredder through your Windows search function.
Trevuren
Trevuren
#7
Posted 28 July 2005 - 07:08 AM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
Ok i did the search and it is there But it can't find the dll file. i downloaded it onto my other computer and tranferd it over the LAN but it still won't find the dll
it says:
The dyamic link libary WININET.dll could not be found in the specified path
and also i still can't get on the internet still
Plz Hlp
JK
it says:
The dyamic link libary WININET.dll could not be found in the specified path
and also i still can't get on the internet still
Plz Hlp
JK
Edited by jknieser, 28 July 2005 - 07:13 AM.
#8
Posted 28 July 2005 - 08:41 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Malicious .DLL file(s) has/have disrupted the LSP chain on your computer. This can be seen by the (010) entry(ies) in your HJT log. We must fix this problem as a priority.
1. Backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Then on the file menu choose ‘export’ in XP.
2. Download the LSPfix.txt and read the readme file.
3. Download LSPfix.zip or LSPfix.exe
4. Close all windows except LSPfix
5. Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.
6. Put a check mark in the box “I know what I am doing”
7. Click ‘Finish’
7. REBOOT to complete the task.
8. Now RUN HJT, click Scan and POST a new log file in this thread using “Add Reply”. Try out your internet and include the result in your reply.
Regards,
Trevuren
1. Backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Then on the file menu choose ‘export’ in XP.
2. Download the LSPfix.txt and read the readme file.
3. Download LSPfix.zip or LSPfix.exe
4. Close all windows except LSPfix
5. Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.
6. Put a check mark in the box “I know what I am doing”
7. Click ‘Finish’
7. REBOOT to complete the task.
8. Now RUN HJT, click Scan and POST a new log file in this thread using “Add Reply”. Try out your internet and include the result in your reply.
Regards,
Trevuren
#9
Posted 28 July 2005 - 12:35 PM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
Here is my latest highjackthis log.
my internet and dll files are still missed up. it also looks like something is wrong with RUN DLL. it doesn't look like to much is happening. not much progress is going on. the virus or what ever it is is just chilling there and won't move.
Plz responed soon
JK
Logfile of HijackThis v1.99.1
Scan saved at 2:23:16 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
my internet and dll files are still missed up. it also looks like something is wrong with RUN DLL. it doesn't look like to much is happening. not much progress is going on. the virus or what ever it is is just chilling there and won't move.
Plz responed soon
JK
Logfile of HijackThis v1.99.1
Scan saved at 2:23:16 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
#10
Posted 28 July 2005 - 01:36 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
We are nearly finished cleaning up this mess, then we can try and get you back online.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Trevuren
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
- We need to make sure all hidden files are showing so please:
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
- Please RUN HijackThis, click the SCAN button to produce a log.
- Place a check mark beside each one of the following items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: http://www.neededware.com - Now with all the items selected, and all windows closed except for HJT, DELETE them by clicking the FIX checked button and EXIT the program.
- Place a check mark beside each one of the following items:
- Reboot Your System in Safe Mode
How To Start To Safe Mode In Windows 2000- Turn the computer on
- When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key.
- The Windows 2000 Advanced Options Menu will appear.
- Choose the Safe mode option. (it is usually the first item in the list).
- Use the arrow keys to select it if it is not selected by default.
- Press Enter. The computer will start in Safe mode.
- When finished troubleshooting, close all programs and restart the computer as you normally would.
- Using Windows Explorer, locate the following files/folders (with all their content), and DELETE them (if they are present):
C:\WINNT\System32\exp.exe
C:\Documents and Settings\All Users\Application Data\msst<===Folder
C:\WINNT\System32\iyxxjav.exe
C:\WINNT\System32\intel32.exe
- Exit Explorer, and REBOOT BACK INTO NORMAL MODE
- Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Trevuren
#11
Posted 28 July 2005 - 03:08 PM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
Ok, did everything. The same errors come up but here's the Log:
Logfile of HijackThis v1.99.1
Scan saved at 4:59:41 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 4:59:41 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
#12
Posted 28 July 2005 - 08:09 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
1. Were these proxies set by you or with your approval?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
2. Do you want all these in your trusted zone?
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
Regards,
Trevuren
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
2. Do you want all these in your trusted zone?
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
Regards,
Trevuren
#13
Posted 29 July 2005 - 02:58 PM
jknieser
- Topic Starter
-
- Member
-
- 7 posts
New Member
Trevuren,
Hey thank you so much for all of your help! I have decided to reformat my computer and upgrade to windows XP I was looking for an excuse and this is it. sorry if I wasted any of your time. but the virus appears to be too deep at least for now to remove it as fast we need it to be removed. so thank you again
and God bless
JK
Hey thank you so much for all of your help! I have decided to reformat my computer and upgrade to windows XP I was looking for an excuse and this is it. sorry if I wasted any of your time. but the virus appears to be too deep at least for now to remove it as fast we need it to be removed. so thank you again
and God bless
JK
#14
Posted 29 July 2005 - 03:00 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Good Luck and Safe Surfing
Trevuren
Trevuren
#15
Posted 29 July 2005 - 03:00 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
