Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Whats happening?! 2


  • Please log in to reply

#1
Michelle_uk

Michelle_uk

    New Member

  • Member
  • Pip
  • 5 posts
hi, I've been searching around this forum for a solution but i can't seem to find anything that matches exatly to my problem, and to be honest i'm not really sure what it is im looking for:

I keep getting these problems:

on Computer starting up...

Kern32 has encountered a problem and needs to close. We are sorry for the inconvenience.

crsrs.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

Machine Debug Manager has encountered a problem and needs to close. We are sorry for the inconvenience.

ON Connecting to internet...

snss.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

msnmsgr.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

pupdate.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

protopro.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

Multiple IE windows appear: Address’s:

http://63.246.131.130/car.html
http://tsg-clan.com/.../filelib/j.html
http://63.246.131.130/index.htm x 4
http://63.246.131.130/secur.html




Logfile of HijackThis v1.99.0
Scan saved at 00:13:06, on 20/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\WINDOWS\System32\servicelog.exe
C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\msnms.exe
C:\WINDOWS\System32\dllmanager.exe
C:\windows\system32\cddrv32.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\WINDOWS\System32\GSICON.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\WINDOWS\System32\WinDat.exe
C:\WINDOWS\System32\WinSound1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\system\Firewall.exe
C:\WINDOWS\System32\lssrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msnmsgr.exe
C:\WINDOWS\sitebar.exe
C:\sysbat32.exe
C:\mscmd32.exe
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\paino.exe
C:\WINDOWS\taskmsg.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\WINDOWS\m.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\mp.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\WINDOWS\System32\crsss.exe
C:\windows\temp\7gnkCKfA3.exe
C:\windows\temp\7rXa.exe
C:\windows\temp\rZGtnF7j.exe
C:\WINDOWS\System32\ccTrust3.exe
C:\WINDOWS\System32\sepate.exe
C:\WINDOWS\System32\msa.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\System32\wupdmgr32.exe
C:\WINDOWS\System32\snss.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\System32\pupdate.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\System32\snss.exe
C:\WINDOWS\System32\Saw2F5.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RirZR.exe
C:\WINDOWS\System32\sepate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Marie\Desktop\M'SHELLY\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/3100/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/3100/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=c:\windows\system32\cddrv32.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Marie\Local Settings\Temp\KF.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\Run: [Sound System] WinSound1.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zpyiuv.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\Firewall.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\Run: [USB Device] servicelog.exe
O4 - HKLM\..\Run: [msnmsgs.exe] C:\WINDOWS\sitebar.exe
O4 - HKLM\..\Run: [Adobe] C:\sysbat32.exe
O4 - HKLM\..\Run: [msnmsg.exe] C:\mscmd32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paino.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\taskmsg.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [REERGRUNRNT] C:\WINDOWS\m.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [REGRUNSB] C:\WINDOWS\mp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [7gnkCKfA3] C:\windows\temp\7gnkCKfA3.exe
O4 - HKLM\..\Run: [7rXa] C:\windows\temp\7rXa.exe
O4 - HKLM\..\Run: [rZGtnF7j] C:\windows\temp\rZGtnF7j.exe
O4 - HKLM\..\Run: [f78c8bf9d645] C:\WINDOWS\System32\ccTrust3.exe
O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\System32\IpuFmd.exe
O4 - HKLM\..\Run: [MSN Updater] msnms.exe
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkls32.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\Run: [Microoft Timing] pupdate.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\RunServices: [USB Device] servicelog.exe
O4 - HKLM\..\RunServices: [System Information Manager] Msbb.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [MSN Updater] msnms.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [Microoft Timing] pupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Windows Update Manager for NT] wupdmgr32.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [USB Device] servicelog.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunOnce: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [Sound System] WinSound1.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\Run: [USB Device] servicelog.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [MSN Updater] msnms.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [Microoft Timing] pupdate.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunOnce: [USB Device] servicelog.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [dlite] dllmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.2...oxInst_int4.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C: .mht!http://69.50.191.52/3100/b.chm::/b.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...ie/bridge-c.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094441013171
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe



Thanks for the help!
  • 0

Advertisements


#2
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Hi Michelle, you have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.


Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#3
Michelle_uk

Michelle_uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Yarnouth

I've already done the ad-aware thing that it says to do in the hyjackthis forum, and the i got spybot to work and ive run the cwshredder, all before i posted. i have boradband but this problem seem to be seriously affecting it and i can't seem to run those online scans...

thanks
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please post a new log and we can help you get back online :tazz:

-=jonnyrotten=- ;)
  • 0

#5
Michelle_uk

Michelle_uk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.0
Scan saved at 11:27:32, on 27/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\WINDOWS\System32\windowsxp.exe
C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\msnms.exe
C:\WINDOWS\System32\sys32snd.exe
C:\WINDOWS\System32\dllmanager.exe
C:\windows\system32\dvraudio.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\WINDOWS\System32\WinDat.exe
C:\WINDOWS\System32\WinSound1.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\system\Firewall.exe
C:\WINDOWS\System32\lssrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msnmsgr.exe
C:\WINDOWS\sitebar.exe
C:\sysbat32.exe
C:\mscmd32.exe
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\paino.exe
C:\WINDOWS\taskmsg.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\WINDOWS\m.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\mp.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\windows\temp\7gnkCKfA3.exe
C:\windows\temp\7rXa.exe
C:\WINDOWS\System32\ccTrust3.exe
C:\WINDOWS\System32\sepate.exe
C:\WINDOWS\System32\msa.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\System32\crsss.exe
C:\windows\ldO.exe
C:\windows\hKC.exe
C:\WINDOWS\System32\spoolnt.exe
C:\windows\temp\7gnkCKfA3.exe
C:\windows\temp\7rXa.exe
C:\windows\hKC.exe
C:\windows\ldO.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\snss.exe
C:\WINDOWS\System32\sepate.exe
C:\WINDOWS\System32\KzgPM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\RirZR.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\snss.exe
C:\program Files\internet Explorer\iexplore.exe
C:\Documents and Settings\Marie\Desktop\M'SHELLY\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=c:\windows\system32\dvraudio.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Marie\Local Settings\Temp\81.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\Run: [Sound System] WinSound1.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zpyiuv.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\Firewall.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\Run: [msnmsgs.exe] C:\WINDOWS\sitebar.exe
O4 - HKLM\..\Run: [Adobe] C:\sysbat32.exe
O4 - HKLM\..\Run: [msnmsg.exe] C:\mscmd32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paino.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\taskmsg.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [REERGRUNRNT] C:\WINDOWS\m.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [REGRUNSB] C:\WINDOWS\mp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [7gnkCKfA3] C:\windows\temp\7gnkCKfA3.exe
O4 - HKLM\..\Run: [7rXa] C:\windows\temp\7rXa.exe
O4 - HKLM\..\Run: [f78c8bf9d645] C:\WINDOWS\System32\ccTrust3.exe
O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\System32\RhqYr.exe
O4 - HKLM\..\Run: [MSN Updater] msnms.exe
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [Microoft Timing] pupdate.exe
O4 - HKLM\..\Run: [Windows Sound System] sndsys.exe
O4 - HKLM\..\Run: [ldO] C:\windows\ldO.exe
O4 - HKLM\..\Run: [hKC] C:\windows\hKC.exe
O4 - HKLM\..\Run: [USB Device] windowsxp.exe
O4 - HKLM\..\Run: [Dvraudio] c:\windows\system32\dvraudio.exe
O4 - HKLM\..\Run: [Start Upping] spoolnt.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkls32.exe
O4 - HKLM\..\Run: [7gnkCKfA3.exe] C:\windows\temp\7gnkCKfA3.exe
O4 - HKLM\..\Run: [7rXa.exe] C:\windows\temp\7rXa.exe
O4 - HKLM\..\Run: [hKC.exe] C:\windows\hKC.exe
O4 - HKLM\..\Run: [ldO.exe] C:\windows\ldO.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\RunServices: [System Information Manager] Msbb.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [MSN Updater] msnms.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [Microoft Timing] pupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Windows Sound System] sndsys.exe
O4 - HKLM\..\RunServices: [USB Device] windowsxp.exe
O4 - HKLM\..\RunServices: [Start Upping] spoolnt.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [USB Device] windowsxp.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunOnce: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [Sound System] WinSound1.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\Run: [USB Device] windowsxp.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [MSN Updater] msnms.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [Microoft Timing] pupdate.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Dvraudio] c:\windows\system32\dvraudio.exe
O4 - HKCU\..\Run: [Start Upping] spoolnt.exe
O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKCU\..\RunOnce: [USB Device] windowsxp.exe
O4 - HKCU\..\RunOnce: [dlite] dllmanager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.2...oxInst_int4.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C:.mht!http://69.50.191.52/3100/b.chm::/b.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...ie/bridge-c.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/...ne/ringtone.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094441013171
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAA4DC8-8CEC-46FD-B277-BD749494D5BB}: NameServer = 194.74.65.68 194.72.9.34
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe



thanky you!

it may have gotten bigger since the last time i was able to post... sorry about that!!
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Marie\Local Settings\Temp\81.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll

O4 - HKLM\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [Windows Database] WinDat.exe
O4 - HKLM\..\Run: [Sound System] WinSound1.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\zpyiuv.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\Firewall.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\Run: [msnmsgs.exe] C:\WINDOWS\sitebar.exe
O4 - HKLM\..\Run: [Adobe] C:\sysbat32.exe
O4 - HKLM\..\Run: [msnmsg.exe] C:\mscmd32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paino.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\taskmsg.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [REERGRUNRNT] C:\WINDOWS\m.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [REGRUNSB] C:\WINDOWS\mp.exe

O4 - HKLM\..\Run: [7gnkCKfA3] C:\windows\temp\7gnkCKfA3.exe
O4 - HKLM\..\Run: [7rXa] C:\windows\temp\7rXa.exe
O4 - HKLM\..\Run: [f78c8bf9d645] C:\WINDOWS\System32\ccTrust3.exe
O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\System32\RhqYr.exe
O4 - HKLM\..\Run: [MSN Updater] msnms.exe
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [Microoft Timing] pupdate.exe
O4 - HKLM\..\Run: [Windows Sound System] sndsys.exe
O4 - HKLM\..\Run: [ldO] C:\windows\ldO.exe
O4 - HKLM\..\Run: [hKC] C:\windows\hKC.exe
O4 - HKLM\..\Run: [USB Device] windowsxp.exe
O4 - HKLM\..\Run: [Dvraudio] c:\windows\system32\dvraudio.exe
O4 - HKLM\..\Run: [Start Upping] spoolnt.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkls32.exe
O4 - HKLM\..\Run: [7gnkCKfA3.exe] C:\windows\temp\7gnkCKfA3.exe
O4 - HKLM\..\Run: [7rXa.exe] C:\windows\temp\7rXa.exe
O4 - HKLM\..\Run: [hKC.exe] C:\windows\hKC.exe
O4 - HKLM\..\Run: [ldO.exe] C:\windows\ldO.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Windows Database] WinDat.exe
O4 - HKLM\..\RunServices: [Sound System] WinSound1.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] snss.exe
O4 - HKLM\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\RunServices: [System Information Manager] Msbb.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [MSN Updater] msnms.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [Microoft Timing] pupdate.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Windows Sound System] sndsys.exe
O4 - HKLM\..\RunServices: [USB Device] windowsxp.exe
O4 - HKLM\..\RunServices: [Start Upping] spoolnt.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [USB Device] windowsxp.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM\..\RunOnce: [dlite] dllmanager.exe

O4 - HKCU\..\Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\Run: [Windows Database] WinDat.exe
O4 - HKCU\..\Run: [Sound System] WinSound1.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] snss.exe
O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\Run: [USB Device] windowsxp.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe

O4 - HKCU\..\Run: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [MSN Updater] msnms.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [Microoft Timing] pupdate.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe

O4 - HKCU\..\Run: [Start Upping] spoolnt.exe
O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [MSN Updater] msnms.exe
O4 - HKCU\..\RunOnce: [USB Device] windowsxp.exe
O4 - HKCU\..\RunOnce: [dlite] dllmanager.exe

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.2...oxInst_int4.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C:.mht!http://69.50.191.52/3100/b.chm::/b.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...ie/bridge-c.cab

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab

O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

Reboot into safe mode
and delete:
C:\WINDOWS\System32\windowsxp.exe
C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\msnms.exe
C:\WINDOWS\System32\sys32snd.exe
C:\WINDOWS\System32\dllmanager.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\WINDOWS\System32\WinDat.exe
C:\WINDOWS\System32\WinSound1.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\sitebar.exe
C:\sysbat32.exe
C:\mscmd32.exe
C:\WINDOWS\paino.exe
C:\Program Files\Windows TaskAd <= entire folder
C:\WINDOWS\m.exe
C:\Program Files\Windows ControlAd <= entire folder
C:\WINDOWS\mp.exe
C:\WINDOWS\System32\ccTrust3.exe
C:\WINDOWS\System32\sepate.exe
C:\WINDOWS\System32\msa.exe
C:\Program Files\Windows ServeAd <= entire folder
C:\WINDOWS\System32\crsss.exe
C:\windows\ldO.exe
C:\windows\hKC.exe
C:\WINDOWS\System32\spoolnt.exe
C:\windows\hKC.exe
C:\windows\ldO.exe
C:\WINDOWS\EliteToolBar <= entire folder

Please make sure t o get the filenames exactly spelled and in the directory I listed. Some of these are pretending to be Windows files by having similar names.

Then (still in safe mode) use the Disk Cleanup Utility to empty all your Temp folders.

Reboot and post a new log.

I'm sure more will show up.

Regards,

Pieter

Edited by Metallica, 27 December 2004 - 09:37 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP