Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer's virtually useless!


  • Please log in to reply

#16
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm!!!!!!!!!

Here,have mine! :tazz:

Attached Files


  • 0

Advertisements


#17
Graceeee

Graceeee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
THANKS! It's on my desktop now, and I'll proceed w/ the rest of your instructions!!!!!!!!!
  • 0

#18
Graceeee

Graceeee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi: Here are the 2 latest logs. The computer's still REALLY slow, and pop-ups are still reported. I'm signing off for tonight. THANKS THANKS THANKS FOR YOUR HELP!

Logfile of HijackThis v1.99.1
Scan saved at 11:09:48 PM, on 8/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ovngfgf.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp\EPXActiveX.ocx Trojan-Dropper.Win32.Agent.or

C:\Documents and Settings\Owner\Local Settings\Temp\installer.exe Trojan-Dropper.Win32.PurityScan.q

C:\Documents and Settings\Owner\Local Settings\Temp\sysnet.exe Trojan-Downloader.Win32.Agent.oa

C:\if.exe Trojan-Dropper.Win32.Agent.mm

C:\Program Files\Aprps\CxtPls.dll Trojan-Downloader.Win32.Apropo.ag

C:\Program Files\Aprps\CxtPls.exe Trojan-Downloader.Win32.Apropo.ag

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx Trojan-Dropper.Win32.Agent.or

C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MARKETING32.exe Trojan-Downloader.Win32.Adload.a

C:\WINDOWS\system32\__delete_on_reboot__ovngfgf.exe Trojan.Win32.Agent.gp

C:\WINDOWS\Temp\auf0.exe Trojan-Downloader.Win32.Apropo.ag
  • 0

#19
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
If you havent allready,from the l2mfix-> Run Option 4 and post those results!

Download dsrfix.zip
http://www.atribune....oads/dsrfix.zip

Save it to your desktop-> Unzip dsrfix.zip and extract it to your desktop

This will create a new folder on your desktop named dsrfix-> Do Not open that folder yet!

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Highlight the list below and press Ctrl+C to Copy!

C:\if.exe
C:\WINDOWS\Temp\auf0.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\__delete_on_reboot__ovngfgf.exe
C:\WINDOWS\System32\ovngfgf.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx
C:\Documents and Settings\Owner\Local Settings\Temp\sysnet.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MARKETING32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\installer.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp\EPXActiveX.ocx
C:\Program Files\Aprps\CxtPls.dll
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\Aprps


Open Killbox-> Click File-> Click Paste from Clipboard-> Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Restart into Safe Mode again!

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...torial=62#winxp

Click Start-> Run-> Copy&Paste the 2 commands in bold print into the Open Box and Click OK!

sc stop SvcProc

sc delete SvcProc


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Now open the folder dsrfix on your desktop-> Double-Click on dsrfix.bat

A window will pop up briefly then close, this is normal.

Now lets to a complete Temp File Dump!

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\Windows\Temp

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Restart Normal and post a fresh HijackThis log along with the Results of WinPFind!

As soon as those logs are posted-> Open Internet Explorer and Click Tools-> Windows Update!

Get Windows Current on all available Updates!

Edited by Cretemonster, 16 August 2005 - 04:08 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP