Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FixIO


  • Please log in to reply

#1
mdrav65

mdrav65

    New Member

  • Member
  • Pip
  • 4 posts
I found FixIO on your site in a thread from superdan54 to Michelle (8/30) to address the exact same issue on a friends W2K laptop and it worked. Icons restored and desktop looks good. But I got the impression that there might be more "cleaning up" needed. If so please advise. What was the cause of this? The resulting file from FixIO is below. Thanks for your help and for being such an awesome resource.


running from ---
C:\fixio\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

같같같같같같같같같같같같같같같같같같같같같같같같같같
existing bad files:
-----------------------------------------------------
iexplore_dbg.exe present
XMLLIBUI.exe present


existing important bad keys:
-----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger"="C:\\WINNT\\explorer32dbg.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"Debugger"="C:\\WINNT\\iexplore_dbg.exe"



Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------

(end of file)
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi mdrav65 and welcome to Geekstogo!


Can you please post a HiJackthis and let me see if there is anything left to clean :)


Thanks,

:tazz:

Excal
  • 0

#3
mdrav65

mdrav65

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
As requested....and on behalf of my friend, thanks so much for your time. And thanks for making me look like a genius. :-)

Logfile of HijackThis v1.99.1
Scan saved at 12:53:32 PM, on 9/2/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINNT\System32\WScript.exe
C:\WINNT\System32\ezSP_Px.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINNT\System32\intell32.exe
C:\WINNT\System32\outpostupdate.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FBABBBEE-A14B-483C-922A-2BE0956EE0F4} - C:\WINNT\System32\olob.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\System32\intell32.exe
O4 - HKLM\..\Run: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: STOPzilla - C:\WINNT\SYSTEM32\IS3WLHandler.dll
O21 - SSODL: Adobe Acrobat 5.0 - {4CA16B1E-88AF-3E98-C91B-C3DE00DE16E4} - c:\program files\adobe\acrobat 5.0\reader\wddzkw5.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
oh boy, you still have a lot of things going on in this log....

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
mdrav65

mdrav65

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
My friend is out of town with his laptop but as soon as he gets back and gives me his laptop I will do as instructed.

Thanks again for your assitance.
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
OK, I will be waiting :)

:tazz:

Excal
  • 0

#7
mdrav65

mdrav65

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Unfortunately my friend is content with having his PC up and running and appears to be in no rush to shore up his laptop against another attack - which clearly is inevitable. Sorry for the delay. I'll keep hounding him though. Thanks for your patience.
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
yikes, well good luck to him.

:tazz:

Excal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP