Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

prositefinder, abi network.. [RESOLVED]


  • This topic is locked This topic is locked

#1
elementonenull

elementonenull

    New Member

  • Member
  • Pip
  • 7 posts
hey guys this is my first post here, im trying to get rid of this junk.. like most of the other posts.
Heres my hijackthis log.
Thanks in advance :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 1:23:59 PM, on 7/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\pkdual.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AAACC41-5220-54D8-D2D2-C4B4B06FC4BE} - C:\Program Files\inscdm\ivvnmpkivn.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [fqrrbxj] c:\windows\system32\pkdual.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122361585905
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe

Edited by elementonenull, 27 July 2005 - 01:31 PM.

  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi elementonenull and welcome to Geeks To Go :tazz:

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hello.
This has turned into something bigger, for some reason when i was updating my SP (wich btw, the site told me i should get the SP2) the installation processes died 75% thru (computer froze) and now im unable to remove my messed up SP2, again the processes dies after it deletes the files and it supposelly doin the clean up.
I have all the other stuff still such as nail.exe and the other junk, plus the CPU usage stays at 100% all the time.

Thanks for u reply

edit:
This is what i get now when i go to the update site.

The site cannot continue because one or more of these Windows services is not running:

Automatic Updates (allows the site to find, download and install high-priority updates for your computer)
Background Intelligent Transfer Service (BITS) (helps updates download more quickly and without problems if the download process is interrupted)
Event Log (keeps a record of updating activities to help with troubleshooting, if needed)


using the services tool. all those are running.
I tried downloading the IT SP2 one, but it must be me not knowing what to do because all it does is, uncompresses itself in a folder on my C: drive and the it erases itself.

Edited by elementonenull, 28 July 2005 - 02:40 AM.

  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello :tazz:

Please try this.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#5
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hello
well, as soon as i open hijackthis, it shuts itselft down.
the hijackthis window stays open for a few seconds then it closes.
..

thanks
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi elementonenull :tazz:

Can you just check something for me please.

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.

  • 0

#7
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for running the Windows Validation Assistant. It appears that your Windows Product Key is valid.

This is a strong indicator that your operating system is genuine, however the Windows Validation Assistant cannot make a final determination.


To verify that you received a genuine Certificate of Authenticity and software CD, compare your anti-piracy features in the next section.

---->
i went thru the rest of the process about the holograms and stuff.
it said that it was valid.

thank u again :tazz:

edit: i just re-read ur post again. and it did not ask me to accent anything nor to install anything.

Edited by elementonenull, 29 July 2005 - 12:26 PM.

  • 0

#8
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Let's go this way and see what happens.

http://www.geekstogo..._Log-t2852.html

repost your log after these steps.

Edited by John_L, 29 July 2005 - 10:20 PM.

  • 0

#9
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hello
well, after goin thru the process, i almost got to the end. I got to where i had to install the SP1a, where my computer froze again, rebooted it self, and now it wont start up.
I get the blue screen saying:
unable to un-mount device

now i cant do anything but re install xp.
I just moved to Calgary, i forgot my cds at home (california).



my next step will be to mount my hd on a computer and move all my junk out of the my documents, my pictures and all that. To remind myself that i shall not place my important stuff on the my documents folder.

Then wait, for my cds to get here, or .. find some other way to get em.

(god)
  • 0

#10
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Ok after consulting with others there is just no way to fix this without disks, sorry :tazz:

If and when you get them, come on back and we will see if we can continue with this.
  • 0

Advertisements


#11
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i got the cds,
i got another disk running so i could use that one to gain acces to my other one.
I needed to get stuff out of my documents and all that.
I could get all the other users except my own, all it says its access denied. Im assuming thats because of the password protection on the account, but i cannot start windows in that disk by itselft, its says NTLR missing.
Would you happen to have an idea on how to get all those files? i just need to move/copy the desktop with My Documents, so i can re install windows without loosing all my junk.
I thought about just renaming it to something else, but that still wont give me access to the folder.
they are at c:\doments and setttings\element\
  • 0

#12
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Well I'm glad you seemed to get somewhere with this, good for you. :tazz:

Try this link and let me know how you get on.

http://www.computerh...es/ch000465.htm

Have a good day ;)
  • 0

#13
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
I have a couple fellows looking at this problem with me, which program did you use to access your files, so you could get them off?
  • 0

#14
elementonenull

elementonenull

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hello:
Well, what i decided to go with a new xp install.
I had a 30g hd, so i mounted XP on it and had the 200g (the one with the problem) as a slave, moved what i could from there, and the folders with the access denied part, i went into Safe Mode, went to the folder, changed the ownership to the admin, and moved them all to the root.
Then i wipped out my windows, program files, and temp directories.
XP cd went in the cd-rom, and a new fresh install is now working.
this version of XP (came when i bought a laptop) has the SP2 already on it, so all i did was update the little things that needed to be updated.

Is there something else i should do to keep it safe? (besides getting a antivirus, wich im planning on installing tomorrow, AVG i belive)


thank you very much for taking your time to read my problem. Althought i ended up goin another way, i learned quite a bit with your posts.
  • 0

#15
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello elementonenull :tazz:

Glad to hear you managed to sort that out, sometimes computers can be a pain in the butt.

Anyways here is something i give to users when we are done, hope this helps some, it's quite in depth and should offer all the protection you need.

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free ;)

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Sygate Kerio

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Rav Online Scan Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein and dvk01)

Good luck and safe surfing :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP