Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

sexsearch69 problem like many others...


  • Please log in to reply

#1
somenobody1

somenobody1

    New Member

  • Member
  • Pip
  • 3 posts
yep....i've joined the ranks of those afflicted by that bloody thing, and whatever the h*** else that keeps me from trying to use any of my browsers. yea, Mozilla and IE keep telling me there's a connection problem even whilst i watch my DC++ download at roughly 110 kbs. i denno, signing up and getting into this forum wasa bloody nightmare.

any and all help would be appreciated greatly.

here's the logfile

Logfile of HijackThis v1.99.0
Scan saved at 8:37:37 PM, on 1/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\WINDOWS\system32\amondsl.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\wins32.exe
C:\WINDOWS\System32\svlsass.exe
C:\WINDOWS\System32\svchosts.exe
C:\Program Files\Semagic\LiveJournalU.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brian\Desktop\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gyrhumvplvl] C:\WINDOWS\System32\oixupsc.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9B2B0CD3] C:\WINDOWS\system32\amondsl.exe
O4 - HKLM\..\Run: [82B4D463] C:\WINDOWS\system32\trecfimmdl.exe
O4 - HKLM\..\Run: [8DA4D4FB] C:\WINDOWS\system32\ppoglxcap.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [D88EF4FE] C:\WINDOWS\system32\dvsromad.exe
O4 - HKLM\..\Run: [FCAA92EB] C:\WINDOWS\system32\RINrWeb.exe
O4 - HKLM\..\Run: [F0E27FDE] C:\WINDOWS\system32\cabmdmry.exe
O4 - HKLM\..\Run: [A1857AD6] C:\WINDOWS\system32\dsnvid.exe
O4 - HKLM\..\Run: [B8AC5D06] C:\WINDOWS\system32\tiSRatsr.exe
O4 - HKLM\..\Run: [850BAD03] C:\WINDOWS\system32\sntel.exe
O4 - HKLM\..\Run: [DE06157B] C:\WINDOWS\system32\dslio3d3.exe
O4 - HKLM\..\Run: [CE4ADC0E] C:\WINDOWS\system32\dllisk.exe
O4 - HKLM\..\Run: [Win32 USB2] wins32.exe
O4 - HKLM\..\Run: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\Run: [blah service] svchosts.exe
O4 - HKLM\..\Run: [windo scort] win.exe
O4 - HKLM\..\RunServices: [Win32 USB2] wins32.exe
O4 - HKLM\..\RunServices: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\RunServices: [blah service] svchosts.exe
O4 - HKLM\..\RunServices: [windo scort] win.exe
O4 - HKLM\..\RunOnce: [Win32 USB2] wins32.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9B2B0CD3] C:\WINDOWS\system32\amondsl.exe
O4 - HKCU\..\Run: [82B4D463] C:\WINDOWS\system32\trecfimmdl.exe
O4 - HKCU\..\Run: [8DA4D4FB] C:\WINDOWS\system32\ppoglxcap.exe
O4 - HKCU\..\Run: [D88EF4FE] C:\WINDOWS\system32\dvsromad.exe
O4 - HKCU\..\Run: [FCAA92EB] C:\WINDOWS\system32\RINrWeb.exe
O4 - HKCU\..\Run: [F0E27FDE] C:\WINDOWS\system32\cabmdmry.exe
O4 - HKCU\..\Run: [A1857AD6] C:\WINDOWS\system32\dsnvid.exe
O4 - HKCU\..\Run: [B8AC5D06] C:\WINDOWS\system32\tiSRatsr.exe
O4 - HKCU\..\Run: [850BAD03] C:\WINDOWS\system32\sntel.exe
O4 - HKCU\..\Run: [DE06157B] C:\WINDOWS\system32\dslio3d3.exe
O4 - HKCU\..\Run: [CE4ADC0E] C:\WINDOWS\system32\dllisk.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.69sexsearch.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104632449608
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe



again, thank you, anyone that looks at this monstrosity.
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download "Del Domain" from here:

http://www.geekstogo...=download&id=40

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded. Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok. Next step.

Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.

You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [gyrhumvplvl] C:\WINDOWS\System32\oixupsc.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9B2B0CD3] C:\WINDOWS\system32\amondsl.exe
O4 - HKLM\..\Run: [82B4D463] C:\WINDOWS\system32\trecfimmdl.exe
O4 - HKLM\..\Run: [8DA4D4FB] C:\WINDOWS\system32\ppoglxcap.exe
O4 - HKLM\..\Run: [D88EF4FE] C:\WINDOWS\system32\dvsromad.exe
O4 - HKLM\..\Run: [FCAA92EB] C:\WINDOWS\system32\RINrWeb.exe
O4 - HKLM\..\Run: [F0E27FDE] C:\WINDOWS\system32\cabmdmry.exe
O4 - HKLM\..\Run: [A1857AD6] C:\WINDOWS\system32\dsnvid.exe
O4 - HKLM\..\Run: [B8AC5D06] C:\WINDOWS\system32\tiSRatsr.exe
O4 - HKLM\..\Run: [850BAD03] C:\WINDOWS\system32\sntel.exe
O4 - HKLM\..\Run: [DE06157B] C:\WINDOWS\system32\dslio3d3.exe
O4 - HKLM\..\Run: [CE4ADC0E] C:\WINDOWS\system32\dllisk.exe
O4 - HKLM\..\Run: [Win32 USB2] wins32.exe
O4 - HKLM\..\Run: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\Run: [blah service] svchosts.exe
O4 - HKLM\..\Run: [windo scort] win.exe
O4 - HKLM\..\RunServices: [Win32 USB2] wins32.exe
O4 - HKLM\..\RunServices: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\RunServices: [blah service] svchosts.exe
O4 - HKLM\..\RunServices: [windo scort] win.exe
O4 - HKLM\..\RunOnce: [Win32 USB2] wins32.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9B2B0CD3] C:\WINDOWS\system32\amondsl.exe
O4 - HKCU\..\Run: [82B4D463] C:\WINDOWS\system32\trecfimmdl.exe
O4 - HKCU\..\Run: [8DA4D4FB] C:\WINDOWS\system32\ppoglxcap.exe
O4 - HKCU\..\Run: [D88EF4FE] C:\WINDOWS\system32\dvsromad.exe
O4 - HKCU\..\Run: [FCAA92EB] C:\WINDOWS\system32\RINrWeb.exe
O4 - HKCU\..\Run: [F0E27FDE] C:\WINDOWS\system32\cabmdmry.exe
O4 - HKCU\..\Run: [A1857AD6] C:\WINDOWS\system32\dsnvid.exe
O4 - HKCU\..\Run: [B8AC5D06] C:\WINDOWS\system32\tiSRatsr.exe
O4 - HKCU\..\Run: [850BAD03] C:\WINDOWS\system32\sntel.exe
O4 - HKCU\..\Run: [DE06157B] C:\WINDOWS\system32\dslio3d3.exe
O4 - HKCU\..\Run: [CE4ADC0E] C:\WINDOWS\system32\dllisk.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O15 - Trusted Zone: http://*.69sexsearch.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files (if found):

C:\WINDOWS\System32\oixupsc.exe
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\amondsl.exe
C:\WINDOWS\system32\trecfimmdl.exe
C:\WINDOWS\system32\ppoglxcap.exe
C:\WINDOWS\system32\dvsromad.exe
C:\WINDOWS\system32\RINrWeb.exe
C:\WINDOWS\system32\cabmdmry.exe
C:\WINDOWS\system32\dsnvid.exe
C:\WINDOWS\system32\tiSRatsr.exe
C:\WINDOWS\system32\sntel.exe
C:\WINDOWS\system32\dslio3d3.exe
C:\WINDOWS\system32\dllisk.exe
C:\WINDOWS\system32\wuclient.exe
wins32.exe
svlsass.exe
svchosts.exe
win.exe
wins32.exe
svlsass.exe
<<<Most likely found in C:\Windows\System32 or C:\Windows, if not then run a search for them and delete them if found.

Reboot normally and post a new Hijack This log.

-=jonnyrotten=- :tazz:
  • 0

#3
somenobody1

somenobody1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hmmm, did as prescribed....contents of the log.

Logfile of HijackThis v1.99.0
Scan saved at 9:01:15 AM, on 1/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\scvhostingg.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\crcss.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svlsass.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brian\Desktop\temp\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PCprot] crcss.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [starter] scvhostingg.exe
O4 - HKLM\..\Run: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\RunServices: [PCprot] crcss.exe
O4 - HKLM\..\RunServices: [starter] scvhostingg.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKLM\..\RunOnce: [starter] scvhostingg.exe
O4 - HKCU\..\Run: [Microsoft SVHOST32 Service] svlsass.exe
O4 - HKCU\..\Run: [starter] scvhostingg.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [starter] scvhostingg.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104632449608
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe




oh j/w it's hard to describe but in a nutshell my computer's resources are being eaten alive like some flesheating parasite. any suggestions? it's only been recently (circa 3-4 days ago?) and really starting to annoy the h*** out of me. it's sluggish even during safemode.

Thanks!!
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Let's try a free online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left. :tazz:
  • 0

#5
somenobody1

somenobody1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
:tazz:



well, to bring things up onto speed, my computer crashed and burned shortly after trying to follow the prescribed methods. i gave up, sent it into my school's IC center to see maybe their 'dedicated' staff would help. all they did was install spybot and meh. left it at that.

reformatted, and pissed as h*** since I LEFT MY LAPTOP PLUGGED INTO THE INTERNET FOR LESS THAN HALF AN HOUR BEFORE I GOT A TROJAN AND TWO WORMS

the irresponsiblity blows my mind. i'd been without my laptop for a hella long time....


anyway, angry rant aside, i seem to be blocked from accessing Sopho and Symantec's websites. stupid, i know but i'm not sure why. i ran a virus scan, picked up on two more worms maybe an hour ago. it's stupid...

btw, my comp speed is near d*** dead. it's been just reformatted so i cant imagine it's anything i installed (which was norton system works 2k5.) i'll posta hijack log tomorrow when i get out of class.


thanks, btw.


i didnt forget and i'm grateful for the help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP