Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No firewall over two weeks,lots of maleware!

Started by Classy2 , Oct 17 2005 08:36 PM

Page 5 of 7
3
4
5
6
7

Please log in to reply

#61
Classy2

Posted 03 November 2005 - 07:06 PM

Member

Topic Starter
Member
242 posts

Ad-Aware SE Personal
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
AMUST Registry Cleaner
AOL Instant Messenger
AVG Free Edition
AZZ Cardfile
Canon PhotoRecord
Canon PIXMA iP3000
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CleanUp!
Coloreal
Compaq Advisor
ContextPlus
DLA
Easy Access Button Support
EasyCleaner
Easy-WebPrint
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Intel® 845G Chipset Graphics Driver Software
Kazaa Lite K++ v2.4.2
Kensington MouseWorks
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
LQfix 2.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Baseline Security Analyzer 2.0
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Works 6.0
Microsoft Works and Money 2002 Setup Launcher
Mozilla Firefox (1.0.7)
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.1
PC Inspector smart recovery
Python 2.2 combined Win32 extensions
QuickTime
RealPlayer
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SeeknClean
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Sygate Personal Firewall
The Sims Deluxe Edition
USB MP3 Player Win98 Drivers
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

#62
loophole

Posted 03 November 2005 - 07:17 PM

Malware Expert

Retired Staff
9,798 posts

Follow these directions carefully.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#63
Classy2

Posted 03 November 2005 - 07:58 PM

Member

Topic Starter
Member
242 posts

before running the lasst pogram Window installer would popup n disappear. After running the bat file you just told me to now Installer is The feature you r trying to use is on a CD ROM or other removable disk that is not available.. Insert Microsoft money 2002 System pack'disk
Today all day windows installer kept poping up n then disappeared for 5 minutes.

Log of AproposFix v1

************

Running from directory:
C:\Program Files\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CyPQ2A03eQED]
@="dojI:E7PQQPQQRQ Bo4\\c7cPQQPfSQzlqgrzvQHNHI3BWVQ2G7K3GHQ7EHCMHMMRHNH"
"Device"="\\\\.\\XmLfY9i9"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\ipsnxsxx.sys"
"DriverName"="ALGtapi"
"HideUninstallerName"="C:\\Program Files\\Reaonder\\ipcsmsno.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\danhvoas.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{EB758E61-824D-4B7C-8766-4CCCB4EE9760}"
"UninstallerParams"=""
"HDll"="C:\\WINDOWS\\system32\\lpkwsock.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.GH2"
"InstallationId"="{Xdef5cab-ac6b-1944-03a2-813c4ab01aaf}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Reaonder\\iphgasvc.exe"

************

Removing hidden service:
Service ALGtapi removed.

Removing hidden folder:
Deletion of folder Reaonder succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\ipsnxsxx.sys succeeded!
Deletion of file C:\WINDOWS\system32\slsdramp.exe succeeded!
Deletion of file C:\WINDOWS\system32\lpkwsock.dll succeeded!
Deletion of file C:\WINDOWS\system32\danhvoas.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CyPQ2A03eQED]
[-HKEY_LOCAL_MACHINE\Software\CyPQ2A03eQED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB758E61-824D-4B7C-8766-4CCCB4EE9760}]

Done!

Finished!

#64
Classy2

Posted 03 November 2005 - 08:09 PM

Member

Topic Starter
Member
242 posts

Im sorry loophole, im going now to copy HJT NOW in safe mode

#65
loophole

Posted 03 November 2005 - 08:17 PM

Malware Expert

Retired Staff
9,798 posts

No need for safemode . you can do it from regular mode

#66
Classy2

Posted 03 November 2005 - 08:20 PM

Member

Topic Starter
Member
242 posts

Logfile of HijackThis v1.99.1
Scan saved at 9:12:58 PM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=2c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120884224343
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#67
Classy2

Posted 03 November 2005 - 08:21 PM

Member

Topic Starter
Member
242 posts

#68
loophole

Posted 03 November 2005 - 08:22 PM

Malware Expert

Retired Staff
9,798 posts

Is there any difference in the computer now

#69
Classy2

Posted 03 November 2005 - 08:26 PM

Member

Topic Starter
Member
242 posts

Im very sorry for the double p;ositing. My system is ever so slow, and it didnt show my HJT on the firt try. Forgive,. my system is still active in showing Window Installer box with nothing in it installing. Prob just a symptom of whats wrong.
Thibnking how wonderfull you to help me,
Classy

#70
loophole

Posted 03 November 2005 - 08:34 PM

Malware Expert

Retired Staff
9,798 posts

Probably not your computer .Geeks to go has been slow lately I've had the same problem with the double posting.Not sure about the windows installer problem, I will look into it.

Now you say programs wont open. Look at the list of installed programs you sent me a few post back and tell me if any of those programs wont work please

#71
Classy2

Posted 03 November 2005 - 08:46 PM

Member

Topic Starter
Member
242 posts

My main problem last night was the programs were downloading
unoffical usder with (~~~~~~ & 000)

#72
loophole

Posted 03 November 2005 - 08:54 PM

Malware Expert

Retired Staff
9,798 posts

We removed a Nasty item from your computer a little bit ago. Is there anyway you can check and see if that problem (Download problem) still exists?

#73
Classy2

Posted 03 November 2005 - 09:02 PM

Member

Topic Starter
Member
242 posts

Does this mean I can delete ALL the temp users with only a temp file in it, surely missing so many files. I would l.ike to remove them the correct way so they do not come back to haunt me.
classy

#74
loophole

Posted 03 November 2005 - 10:17 PM

Malware Expert

Retired Staff
9,798 posts

I dont Know. Not sure what your deleting. Please answer these questions. Is your desktop the same as always? Do your normal programs work? What doesn't work? These are normal ~ Not sure what difference it makes by deleting them.Have you ran any kind of registry cleaner?

#75
Classy2

Posted 03 November 2005 - 11:06 PM

Member

Topic Starter
Member
242 posts

Quickly, noooooo I save any program to my desktop it goes to Admistrator1.CUDLES. I have always used CCleaner without problems.
I used to download program and the path was always to Program Files now its to adminstor`~000.
I tried last night to copy my carfile from a CD, it wouldnt install to program files only the file with ~~~~000
Why i want to delete these unoffical TEMP users is bcause they do not TEMP files that ignore that im logged in under an OFFICAL USER ACCOUNT.
If deleting these temp user isnt the anser then what is the answer? W
Why is my colmputer IGNORING the User Im logged into which is OFFicaly an Acount User? If these reasons arent enough give me time to find out more.
I belive also theres a high threat tojan embeded in system 32.dll.gui.exe..it cant be deleted.
Classy

Edited by Classy2, 04 November 2005 - 12:13 AM.