Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJack This Log


  • Please log in to reply

#1
romold

romold

    Member

  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.98.2
Scan saved at 1:06:56 PM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\addar32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ntlw.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\adstlvifi.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Click Here download the latest version of Hijack This (1.99.0). It's better able to catch the latest threats.

-=jonnyrotten=- :tazz:
  • 0

#3
romold

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
New HijackThis log
Thank you

Logfile of HijackThis v1.99.0
Scan saved at 7:53:49 PM, on 1/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\addar32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ntlw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKLM\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nonstopsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll
O4 - HKLM\..\Run: [addar32.exe] C:\WINDOWS\system32\addar32.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKLM\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKLM\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKLM\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKLM\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKLM\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKLM\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKLM\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKLM\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKLM\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKLM\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [C434F953] C:\WINDOWS\system32\adstlvifi.exe
O4 - HKCU\..\Run: [5C78B9F6] C:\WINDOWS\system32\tmfdtrac.exe
O4 - HKCU\..\Run: [9A61317E] C:\WINDOWS\system32\extpv.exe
O4 - HKCU\..\Run: [0F324A66] C:\WINDOWS\system32\i32sipc.exe
O4 - HKCU\..\Run: [FA203CDE] C:\WINDOWS\system32\aamcfgod.exe
O4 - HKCU\..\Run: [D8039A66] C:\WINDOWS\system32\dpti25.exe
O4 - HKCU\..\Run: [BC0DF273] C:\WINDOWS\system32\skmpl.exe
O4 - HKCU\..\Run: [8C7721EB] C:\WINDOWS\system32\ctxpatl.exe
O4 - HKCU\..\Run: [CB70CADE] C:\WINDOWS\system32\iltesrv.exe
O4 - HKCU\..\Run: [073D88C6] C:\WINDOWS\system32\pifconf.exe
O4 - HKCU\..\Run: [DDE00266] C:\WINDOWS\system32\api3ops.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\sdkcc.dll
C:\WINDOWS\system32\addar32.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\ntlw.exe
C:\WINDOWS\sdkcc.dll
C:\WINDOWS\system32\addar32.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\windows\system32\kalvcav32.exe
C:\WINDOWS\system32\tmfdtrac.exe
C:\WINDOWS\system32\extpv.exe
C:\WINDOWS\system32\i32sipc.exe
C:\WINDOWS\system32\aamcfgod.exe
C:\WINDOWS\system32\dpti25.exe
C:\WINDOWS\system32\skmpl.exe
C:\WINDOWS\system32\ctxpatl.exe
C:\WINDOWS\system32\iltesrv.exe
C:\WINDOWS\system32\pifconf.exe
C:\WINDOWS\system32\api3ops.exe
C:\WINDOWS\system32\wuclient.exe
C:\WINDOWS\system32\adstlvifi.exe
C:\WINDOWS\system32\tmfdtrac.exe
C:\WINDOWS\system32\extpv.exe
C:\WINDOWS\system32\i32sipc.exe
C:\WINDOWS\system32\aamcfgod.exe
C:\WINDOWS\system32\dpti25.exe
C:\WINDOWS\system32\skmpl.exe
C:\WINDOWS\system32\ctxpatl.exe
C:\WINDOWS\system32\iltesrv.exe
C:\WINDOWS\system32\pifconf.exe
C:\WINDOWS\system32\api3ops.exe

Reboot normally and post a new log.

-=jonnyrotten=- :tazz:
  • 0

#5
romold

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
new HiJackThis log


Logfile of HijackThis v1.99.0
Scan saved at 11:41:10 AM, on 1/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\avwados.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\avwados.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKCU\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe (file missing)
  • 0

#6
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Reboot into safe mode and remove the following entries with Hijack This.

R3 - URLSearchHook: (no name) - {56689BBD-6407-B2C6-6417-7C5AB3680D87} - C:\WINDOWS\system32\avwados.exe
O2 - BHO: (no name) - {E5CE442C-2593-EF03-7AA2-92CD1F3D4D6F} - C:\WINDOWS\sdkcc.dll (file missing)
O4 - HKLM\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvcav32.exe
O4 - HKCU\..\Run: [C1CDB676] C:\WINDOWS\system32\avwados.exe
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\system32\ntlw.exe (file missing)

Now delete the following files found in bold:

C:\WINDOWS\system32\avwados.exe
C:\windows\system32\kalvcav32.exe

Reboot normally and post a new log.

-=jonnyrotten=- :tazz:
  • 0

#7
romold

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
new log

Logfile of HijackThis v1.99.0
Scan saved at 8:17:49 PM, on 1/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Lookin good, How's it running?

-=jonnyrotten=- :tazz:
  • 0

#9
romold

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Its working better thank you. I have one other problem I am trying to fix. I can not log in to hotmail on this computer, we have two. I have looked at other post to find a fix with no luck. I have reset browser options also with no luck. The last thing I did was to download firefox to try to eliminate possibilities and it does work I can sign in to hotmail with firefox but not IE Explorer . any ideas.

THANK YOU
  • 0

#10
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Can you access MSN.com, Microsoft.com, or login to MSN Messenger?

-=jonnyrotten=- :tazz:
  • 0

#11
romold

romold

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
yes but I just tryed to sign in to ebay and it would't let me. Security and privacy are set to default.
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Try lowering the security settings and see if that will help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP