Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJack This Log

Started by romold , Jan 06 2005 01:10 PM

  • Please log in to reply

#1
romold
Posted 06 January 2005 - 01:10 PM

romold

    Member

  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.98.2
Scan saved at 1:06:56 PM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\addar32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ntlw.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\adstlvifi.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 06 January 2005 - 07:35 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Click Here download the latest version of Hijack This (1.99.0). It's better able to catch the latest threats.

-=jonnyrotten=- :tazz:
  • 0

#3
romold
Posted 06 January 2005 - 07:56 PM

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
New HijackThis log
Thank you

Logfile of HijackThis v1.99.0
Scan saved at 7:53:49 PM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\addar32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ntlw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKLM\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe
  • 0

#4
-=jonnyrotten=-
Posted 06 January 2005 - 10:18 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKLM\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\sdkcc.dll
C:\WINDOWS\system32\addar32.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\ntlw.exe
C:\WINDOWS\sdkcc.dll
C:\WINDOWS\system32\addar32.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\windows\system32\kalvcav32.exe
C:\WINDOWS\system32\tmfdtrac.exe
C:\WINDOWS\system32\extpv.exe
C:\WINDOWS\system32\i32sipc.exe
C:\WINDOWS\system32\aamcfgod.exe
C:\WINDOWS\system32\dpti25.exe
C:\WINDOWS\system32\skmpl.exe
C:\WINDOWS\system32\ctxpatl.exe
C:\WINDOWS\system32\iltesrv.exe
C:\WINDOWS\system32\pifconf.exe
C:\WINDOWS\system32\api3ops.exe
C:\WINDOWS\system32\wuclient.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\tmfdtrac.exe
C:\WINDOWS\system32\extpv.exe
C:\WINDOWS\system32\i32sipc.exe
C:\WINDOWS\system32\aamcfgod.exe
C:\WINDOWS\system32\dpti25.exe
C:\WINDOWS\system32\skmpl.exe
C:\WINDOWS\system32\ctxpatl.exe
C:\WINDOWS\system32\iltesrv.exe
C:\WINDOWS\system32\pifconf.exe
C:\WINDOWS\system32\api3ops.exe

Reboot normally and post a new log.

-=jonnyrotten=- :tazz:
  • 0

#5
romold
Posted 07 January 2005 - 11:44 AM

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
new HiJackThis log


Logfile of HijackThis v1.99.0
Scan saved at 11:41:10 AM, on 1/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\avwados.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\avwados.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKCU\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe (file missing)
  • 0

#6
-=jonnyrotten=-
Posted 07 January 2005 - 07:35 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Reboot into safe mode and remove the following entries with Hijack This.

R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\avwados.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll (file missing)
O4 - HKLM\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKCU\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe (file missing)

Now delete the following files found in bold:

C:\WINDOWS\system32\avwados.exe
C:\windows\system32\kalvcav32.exe

Reboot normally and post a new log.

-=jonnyrotten=- :tazz:
  • 0

#7
romold
Posted 07 January 2005 - 08:20 PM

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
new log

Logfile of HijackThis v1.99.0
Scan saved at 8:17:49 PM, on 1/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
-=jonnyrotten=-
Posted 08 January 2005 - 12:26 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Lookin good, How's it running?

-=jonnyrotten=- :tazz:
  • 0

#9
romold
Posted 08 January 2005 - 12:21 PM

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Its working better thank you. I have one other problem I am trying to fix. I can not log in to hotmail on this computer, we have two. I have looked at other post to find a fix with no luck. I have reset browser options also with no luck. The last thing I did was to download firefox to try to eliminate possibilities and it does work I can sign in to hotmail with firefox but not IE Explorer . any ideas.

THANK YOU
  • 0

#10
-=jonnyrotten=-
Posted 08 January 2005 - 01:57 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Can you access MSN.com, Microsoft.com, or login to MSN Messenger?

-=jonnyrotten=- :tazz:
  • 0

#11
romold
Posted 08 January 2005 - 04:10 PM

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
yes but I just tryed to sign in to ebay and it would't let me. Security and privacy are set to default.
  • 0

#12
coachwife6
Posted 10 January 2005 - 01:41 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Try lowering the security settings and see if that will help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP