Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer [RESOLVED]


  • This topic is locked This topic is locked

#16
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Tampabelle,

I downloaded all the programs,
(or at least the ones I hadn't downloaded yet).

I was supposed to search for tvhfmym.exe in apt -
it wasn't there.
I was supposed to look for it in windows explorer, too
but it wasn't there.
So I couldn't Kill3 or delete.

I rebooted into safe mode.

I ran nailfix.
I ran hijackthis.

The only items that were present that I could place a checkmark
by and delete were:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

These (the rest) were not present.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab

I fixed only the 2 checked items.

I ran dsrfix.
I enabled the hidden files and folders.

I tried to remove (uninstall)
Only
ComcastSupport
was present.

These were not in the list ...
SurfSide Kick 3
Tioga

I looked for
C:\Program Files\SurfSideKick 3
with windows explorer... it was not there.

I looked for these files... they were not there.
C:\WINDOWS\cfgmgr52.dll
c:\windows\system32\tvhfmym.exe

I searched everything for this file.. it was not there.
rtimodem.exe

I ran cleanup with the custom cleanup you described..

I stopped my computer.
I tried to start it in normal mode... it took a very long time with
a black screen.
I hit the power.
I started it again in normal mode.
This time it came up.

I ran another hijack this log.. it is posted below.
I saw some of the things you asked me to delete.
I swear they were not present to check when run in safe mode.

Ewido popped up and said it found the aspi subdir again.

Let me know what's next.
Thanks for your help.
Ellen

P.S. Am I giving you too much feedback regarding how it went?


--------------hijack this log ----------
Logfile of HijackThis v1.99.1
Scan saved at 6:39:26 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\virusfix\hijackthis\HijackThis.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\r?ndll.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
provided by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program
Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display
Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation
Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program
Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net
(file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...n/QuickTimeInst
aller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...ite.cab?1093579
114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.installen...gine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://content.konti...current/kdx.cab
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and
Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security
suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security
suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard -
C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard -
C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -
C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook
Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#17
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Ellen,


Lets try this in the normal mode.



Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#18
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Tampabelle,

I "checked" and "fixed" all the items you requested.
They were all present in the normal-mode highjackthis scan.

BUT


I could not run panda's activescan.
I tried 4 times.
I even rebooted as the message said below.
Here is the error I got each time..

----------------------------------------------
Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat

the process. If the error occurs again, restart your system and try againPossible causes of this

error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk

space, privileges etc.,...
------------------------

(Note: there is 6G free on my c: drive)

Let me know what's next,
and, of course, thanks.
Ellen

Here is the hijackthis log
----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:51:39 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\virusfix\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#19
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi ellen,

Lets try this one more time.

Please close Microsoft Anti-Spyware as it may interfere with the fix. It should be displaying an icon in the system tray. Right click on it and then click on Exit.

Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC in Normal Mode.

There are three sites for on line scans listed in my signature (at the bottom of this message), apart from Panda. Please try a scan at Trendmicro / Bitdefender / kaspersky, which ever works.

Please post back a fresh HJT log and the scan report.

Also let me know how your PC is behaving now
  • 0

#20
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Tampabelle,

I'm sorry I couldn't finish your instructions last night
I didn't realize the KesPerSky scan would take so long.

I did remove the items through a normal-mode hijackthis,
and did download the scan
and did start it off,
but something happened and the screen went blank
(a keystroke didn't bring it back)
so it was late and I just decided to try today.

As far as how my computer is,
it is MUCH BETTER! I haven't seen winfixer in days,
I am back using InternetExplorer and not Firefox,
since scans like KesPerSky require it,
and except for the occasional popup, I haven't seen anything bad.
I am a HAPPY CAMPER.

I'll post the logs you requested (hopefully) tonight.

Ellen
  • 0

#21
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Sure Ellen, post them here, when they are ready.
  • 0

#22
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK!
Here is the kaspersky log, and below it, a new hijackthis log.
Am I supposed to try to delete the files that kaspersky found?
What else? Let me know.

My computer is behaving well.
I am happy.

Ellen

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 11, 2005 21:02:36
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/08/2005
Kaspersky Anti-Virus database records: 134769
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 82418
Number of viruses found: 9
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 8636 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.aa
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLI34HIB\!update-2295[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.aa
C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\081745E1.dll Infected: Backdoor.Win32.Ruledor.c
C:\Program Files\Norton AntiVirus\Quarantine\1EB94101.exe Infected: Trojan-Dropper.Win32.Delf.av
C:\Program Files\Norton AntiVirus\Quarantine\7A4F7A8C.exe/WISE0006.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\Program Files\Norton AntiVirus\Quarantine\7A4F7A8C.exe Infected: Trojan-Downloader.Win32.VB.ah
C:\Program Files\Norton AntiVirus\Quarantine\7A597881.exe/WISE0006.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\Program Files\Norton AntiVirus\Quarantine\7A597881.exe Infected: Trojan-Downloader.Win32.VB.ah
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP623\A0064676.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP623\A0064676.exe/data0030 Infected: Trojan.Win32.Krepper.y
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP623\A0064676.exe Infected: Trojan.Win32.Krepper.y
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP642\A0074476.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP642\A0075450.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077473.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077482.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077483.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077521.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077521.exe Infected: Trojan-Downloader.NSIS.Agent.i
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077567.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP643\A0077592.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077682.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077718.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077722.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077757.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077784.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077800.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0077897.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP644\A0078264.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP645\A0078318.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP646\A0078416.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP646\A0078418.dll/WISE0006.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP646\A0078418.dll Infected: Trojan-Downloader.Win32.VB.ah
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP646\A0082522.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP647\A0085709.dll Infected: Trojan-Dropper.Win32.Delf.av
C:\WINDOWS\cprxto3.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cprxto3.exe Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\system32\ast_.dll.tcf/WISE0006.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\system32\ast_.dll.tcf Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\system32\nostalgia.dll Infected: Trojan-Dropper.Win32.Agent.og
C:\WINDOWS\system32\nostalgia1.dll Infected: Trojan-Dropper.Win32.Agent.og

Scan process completed.

----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:05:24 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\virusfix\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/mywork/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display

Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation

Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -

res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} -

http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} -

http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net

(file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...n/QuickTimeInst

aller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...ite.cab?1093579

114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -

http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -

http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://content.konti...current/kdx.cab
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and

Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard -

C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard -

C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook

Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Ellen,


I can see picture you raring to have a go at those infections !!! lol, yes we will delete some of the items identified by Kaspersky scan. Some of the items like the system restore items will be fixed automatically later as they dont pose any risk right now.


Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - CWShredder Service. Right click on it and then click on properties. In the Startup Type choose the option Disable. Close the window.

Run Hijack This and click on scan. The following items need to be fixed -

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Run Hijack This again. Click on config ---> Misc Tools ---> Delete an NT Service. Type in CWShredder Service and hit enter.

Reboot the PC in Safe Mode.

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\Aprps

Files
C:\WINDOWS\cprxto3.exe
C:\WINDOWS\system32\ast_.dll.tcf
C:\WINDOWS\system32\nostalgia.dll
C:\WINDOWS\system32\nostalgia1.dll


Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log
  • 0

#24
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, all done,
Here is the latest HijackThis log.
Thanks,
Ellen


Logfile of HijackThis v1.99.1
Scan saved at 10:08:19 PM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Comcast\BBClient\Programs\RegCon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\virusfix\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/mywork/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#25
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Ellen,

Your HJT log looks clean !!!! How is your PC behaving now ????


(BTW, your start page is set to C:/mywork/homepage.html !! Do you want the same start page or do you want to change it???)
  • 0

Advertisements


#26
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Tampabelle,

Yes, that homepage is a bunch of links that I like.
So I want to keep it.

My computer is behaving well.
I haven't seen any sign of malware for a while now.
It's great!
Thanks so much.
Especially for sticking with me for so long.

My computer did crash 2 times this afternoon.
I have a feeling we removed something that we shouldn't have.
The event error was:

Faulting application regcon.exe, version 4.3.0.0, faulting module uiutl.dll, version 4.3.0.120, fault address 0x00006c0f.

and then

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

and then my latest fun application Google Earth, crashed with:

Hanging application GoogleEarth.exe, version 3.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Not sure what this is all about, but I don't think it's serious..
What do you think?

Good to know about my HJT log! Yippee! It's about time.
I can't believe we finally got rid of those bad guys.

Ellen
  • 0

#27
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Ellen,


Click on Start ---> Run. Type sfc /scannow.


Note the space between sfc and /scannow.

This will check for for windows files and replace them in any have been altered.

Let me know how it goes.
  • 0

#28
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The program finished and didn't say anything.
Maybe it's okay afterall.
I haven't had any trouble and I've been on the computer a lot today.

Tampabelle, you've been an amazing help.
This was a wonderful experience.
I am going to donate thru PayPal now.
Thanks very very much.

Ellen
  • 0

#29
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Ellen,

Thanx for your contribution. It is an encouragement for me to continue this fight against malware.


So your PC is fine now and no "crashing issues"??? I would hate it to leave you with any problems.
  • 0

#30
ecrawfor

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Everythings great.
Thanks very much.

The only question I have left is - I now have a whole slew of programs running/scanning/updating their virus-to-check-for lists, etc.etc.etc. What set of things should I run to keep winfixer (and others) away FOREVER!!!???

Ellen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP