Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W32.DesktopHijacker & C:\WINDOWS\System32\msblank.


  • This topic is locked This topic is locked

#1
wvu420

wvu420

    Member

  • Member
  • PipPip
  • 14 posts
Afternoon everyone.

I've been having problems with W32.DesktopHijacker for about two weeks now. Recently, my Homepage has been replaced with C:\WINDOWS\System32\msblank.html and the address bar shows the hiarchy of my computer (Desktop, My Computer, My Documents, etc.) and I recieve strange dialog boxe saying, "Windows Firewall has detected suspicious network activity...Would you like to learn how to protect your computer?"

I have and regularly run Adware SE, Ewido, CWShredder, Hijack this, and was previously subscribed to Norton Antivirus.

Here's an up to date HijackThis Log, Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:49:08 PM, on 9/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\scottt connolly\My Documents\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {04D675BA-7B81-C4D4-07B1-85667D6EDF26} - BoundRec.dll (file missing)
R3 - URLSearchHook: (no name) - {B592BD16-7839-B953-6591-FCBDB4280647} - JAguAr.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {13589181-4F0D-4553-B9F8-B4B72172C139} - (no file)
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\bewbk.dat (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\canib.dat (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\gervrd.dat (file missing)
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\nibsii.dat (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [a] C:\WINDOWS\System32\itjlap.exe
O4 - HKLM\..\Run: [QM2O] C:\documents and settings\scottt connolly\local settings\temp\QM2O.exe
O4 - HKLM\..\Run: [1kzW] C:\documents and settings\scottt connolly\local settings\temp\1kzW.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hb] C:\documents and settings\scottt connolly\local settings\temp\Hb.exe
O4 - HKLM\..\Run: [playole] C:\WINDOWS\playole.exe
O4 - HKLM\..\Run: [abrftp] C:\WINDOWS\java\Packages\abrftp.exe
O4 - HKLM\..\Run: [runun] C:\WINDOWS\Registration\runun.exe
O4 - HKLM\..\Run: [*ftpabr] C:\WINDOWS\system\ftpabr.exe
O4 - HKLM\..\Run: [*netutil] C:\WINDOWS\java\Packages\netutil.exe
O4 - HKLM\..\Run: [*nutdisk] C:\WINDOWS\msagent\nutdisk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125339227\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [br0ken] Dest068.exe
O4 - HKLM\..\Run: [killall] EXE32EXE.exe
O4 - HKLM\..\Run: [Preliminary] driver32.exe
O4 - HKLM\..\Run: [scanSYS] sbin.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [M0vFRfimV] rictyle.exe
O4 - HKCU\..\Run: [StartPage] C:\Documents and Settings\scottt connolly\Desktop\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ftbar] backorif.exe
O4 - HKCU\..\Run: [sbin] Brong32.exe
O4 - HKCU\..\Run: [StatusCheck] slamm.exe
O4 - HKCU\..\Run: [TorontoMail] nmdllw.exe
O4 - HKCU\..\Run: [NukeSpan] AppMasterCenter.exe
O4 - HKCU\..\Run: [Dest068] xsetup.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F2C7DF6-A0B5-4C17-9364-EECBB775380A}: NameServer = 195.95.218.50,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAC0EED5-7FC5-40AC-9D90-A7C62190B532}: NameServer = 195.95.218.50,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6EAE242-E9E5-40CB-966D-9A0C734530A5}: NameServer = 195.95.218.50,85.255.112.8
O20 - Winlogon Notify: binac - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\canib.dat (file missing)
O20 - Winlogon Notify: msvcdns - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\sndcvsm.dat (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi wvu420, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
  • Click HERE for the update.
  • Apply the update.
  • REBOOT YOUR SYSTEM
  • Post a fresh Hijack This log
Regards,

Trevuren
.
  • 0

#3
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry, it took forever to install the SP1...like an hour. Thanks again for your quick response.
Here's my Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:02:44 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLHostManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125339227\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\scottt connolly\My Documents\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {04D675BA-7B81-C4D4-07B1-85667D6EDF26} - BoundRec.dll (file missing)
R3 - URLSearchHook: (no name) - {B592BD16-7839-B953-6591-FCBDB4280647} - JAguAr.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {13589181-4F0D-4553-B9F8-B4B72172C139} - (no file)
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\bewbk.dat (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\canib.dat (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\gervrd.dat (file missing)
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\nibsii.dat (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [a] C:\WINDOWS\System32\itjlap.exe
O4 - HKLM\..\Run: [QM2O] C:\documents and settings\scottt connolly\local settings\temp\QM2O.exe
O4 - HKLM\..\Run: [1kzW] C:\documents and settings\scottt connolly\local settings\temp\1kzW.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hb] C:\documents and settings\scottt connolly\local settings\temp\Hb.exe
O4 - HKLM\..\Run: [playole] C:\WINDOWS\playole.exe
O4 - HKLM\..\Run: [abrftp] C:\WINDOWS\java\Packages\abrftp.exe
O4 - HKLM\..\Run: [runun] C:\WINDOWS\Registration\runun.exe
O4 - HKLM\..\Run: [*ftpabr] C:\WINDOWS\system\ftpabr.exe
O4 - HKLM\..\Run: [*netutil] C:\WINDOWS\java\Packages\netutil.exe
O4 - HKLM\..\Run: [*nutdisk] C:\WINDOWS\msagent\nutdisk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125339227\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [br0ken] Dest068.exe
O4 - HKLM\..\Run: [killall] EXE32EXE.exe
O4 - HKLM\..\Run: [Preliminary] driver32.exe
O4 - HKLM\..\Run: [scanSYS] sbin.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [M0vFRfimV] rictyle.exe
O4 - HKCU\..\Run: [StartPage] C:\Documents and Settings\scottt connolly\Desktop\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ftbar] backorif.exe
O4 - HKCU\..\Run: [sbin] Brong32.exe
O4 - HKCU\..\Run: [StatusCheck] slamm.exe
O4 - HKCU\..\Run: [TorontoMail] nmdllw.exe
O4 - HKCU\..\Run: [NukeSpan] AppMasterCenter.exe
O4 - HKCU\..\Run: [Dest068] xsetup.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F2C7DF6-A0B5-4C17-9364-EECBB775380A}: NameServer = 195.95.218.50,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAC0EED5-7FC5-40AC-9D90-A7C62190B532}: NameServer = 195.95.218.50,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6EAE242-E9E5-40CB-966D-9A0C734530A5}: NameServer = 195.95.218.50,85.255.112.8
O20 - Winlogon Notify: binac - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\canib.dat (file missing)
O20 - Winlogon Notify: msvcdns - C:\DOCUME~1\SCOTTT~1\LOCALS~1\Temp\sndcvsm.dat (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your info is being re-routed through Kiev in the Ukraine. We must take care of that first

Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Regards,

Trevuren

  • 0

#5
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Again sorry it took so long, I had an exam today. I dowloaded and ran SilentRunner, but the Windows Script Host is coming up "Can't find script engine 'VBScript' for script 'C:\Documents and Settings\scott connolly\Desktop\SilentRunners.vbs'", but there's no choice, only an "OK" icon.

What gives?
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
What happens when you click on OK?


Trevuren
  • 0

#7
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Absolutely nothing, no text file. Should I try reinstalling it from the website?
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Yes try it

2. If you don't succeed, download this zipped file that I am attaching to this post. UnZip the contents to its own folder and try and run the program. This will tell us if you are in fact able to run VBS scripts.

Trevuren
  • 0

#9
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I'm having trouble creating a log...should it be under Save as?

Edited by wvu420, 06 September 2005 - 06:03 PM.

  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Bad example I gave you to download, sorry.

1. Download this zip file and run the program.

2. In the type box that will appear, type ViewBar.dll and press Enter and let the program fly. I don't need to see the report. This is just a test.


Trevuren
  • 0

Advertisements


#11
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I searched for ViewBar.dll in "Find in registry", it didn't seem to pick anything up. Where should I go from here?

Thanks again.
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Have you re-downloaded the SilentRunners file again and tried it out?

Trevuren
  • 0

#13
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yeah, same message about the script...no textfile.
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Copy everything in the code box below (starting with REGEDIT4) and paste it into Notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as fixware.reg on your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""


2. Double-click fixware.reg and when asked if you want to merge with the registry click YES.

3. After the merged successfully prompt, please reboot your computer.

4. After reboot, please download RKFiles from HERE
  • Unzip RKfiles.zip to the desktop
  • Double-click RKFiles.bat to run it. It may take a while.
  • When it is finished a window should appear with a log.
5. Please copy the contents of the log and paste them here
  • Note: the log with be saved at c:\log.txt
Regards,

Trevuren

  • 0

#15
wvu420

wvu420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here we go, thanks for your patience.

C:\Documents and Settings\scottt connolly\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\ntfsnlpa.exe: UPX!
C:\WINDOWS\system32\rdsndin.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP