Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP ME!

Started by ali_1992 , Jan 26 2005 07:32 PM

  • Please log in to reply

#1
ali_1992
Posted 26 January 2005 - 07:32 PM

ali_1992

    Member

  • Member
  • PipPip
  • 21 posts
[/B]help me please when i go to the internet everything says page cannot be displayed then when i go find and delete winasp and svcpl it works then the next time i come on it stuffs up again plz help me get rid of it once for all id really appreciate it heres my hi jack this list help me find the bad ones

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Norton Personal Firewall] npfw32.exe

O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe

O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe

O4 - HKLM\..\Run: [LVXTS`KQWOH] C:\WINDOWS\System32\dpduk.exe

O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe

O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\msexploren.exe /i

O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvkex32.exe

O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKLM\..\RunServices: [Norton Personal Firewall] npfw32.exe

O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe

O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe

O4 - HKLM\..\RunServices: [LVXTS`KQWOH] C:\WINDOWS\System32\dpduk.exe

O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Norton Personal Firewall] npfw32.exe


O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe

O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe

O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB3958F-0E5A-415C-8BC9-F83CDE87B5A1}: NameServer = 192.189.54.26 192.189.54.37
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 26 January 2005 - 10:29 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please repost your Hijack This log. Make sure to post the entire thing this time.

-=jonnyrotten=- :tazz:
  • 0

#3
ali_1992
Posted 28 January 2005 - 01:19 AM

ali_1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.97.7
Scan saved at 6:17:58 PM, on 1/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\msnmsgq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\navupdaters.exe
C:\WINDOWS\System32\navprotect.exe
C:\WINDOWS\System32\winasp.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\yvmmu.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Personal Firewall] npfw32.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\Run: [LVXTS`KQWOH] C:\WINDOWS\System32\nywnv.exe
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [QErZcOwG6] C:\WINDOWS\yvmmu.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] npfw32.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [LVXTS`KQWOH] C:\WINDOWS\System32\nywnv.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Norton Personal Firewall] npfw32.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: SideFind (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB3958F-0E5A-415C-8BC9-F83CDE87B5A1}: NameServer = 192.189.54.26 192.189.54.37
  • 0

#4
ali_1992
Posted 28 January 2005 - 01:20 AM

ali_1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thats it bro
  • 0

#5
ali_1992
Posted 28 January 2005 - 01:24 AM

ali_1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
by the way bro i'v tried spybot latest update and ad-aware SE personal latest update and still the problems persist.
  • 0

#6
-=jonnyrotten=-
Posted 28 January 2005 - 06:39 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Ok, here we go:

You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [Norton Personal Firewall] npfw32.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\Run: [LVXTS`KQWOH] C:\WINDOWS\System32\nywnv.exe
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [QErZcOwG6] C:\WINDOWS\yvmmu.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] npfw32.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [LVXTS`KQWOH] C:\WINDOWS\System32\nywnv.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Norton Personal Firewall] npfw32.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O9 - Extra button: SideFind (HKLM)

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\nem220.dll
C:\WINDOWS\wsem303.dll
C:\Program Files\SideFind
C:\PROGRA~1\ISTbar
C:\WINDOWS\System32\nywnv.exe
C:\WINDOWS\msnmsgq.exe
C:\Program Files\Admanager Controller
C:\Program Files\ISTsvc
C:\WINDOWS\yvmmu.exe
C:\Program Files\Internet Optimizer
C:\WINDOWS\System32\SahAgent.exe
npfw32.exe
navupdaters.exe
navprotect.exe
mcafeshield.exe
winasp.exe <<<These ones are most likely found in C:\Windows\System32 or C:\Windows. If not then run a search and delete them if found.

Reboot normally. Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.

Update to the latest version of Hijack This:

Click Here download the latest version of Hijack This (1.99.0). It's better able to catch the latest threats. Post a new log.

-=jonnyrotten=- :tazz:
  • 0

#7
ali_1992
Posted 29 January 2005 - 08:25 PM

ali_1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
bro how d u remove them for good or stop them from stuffing up my internet becaus they always come back

if i remove navupdaters and nav protect doesnt that stuff up my norton antivirus plz reply soon
  • 0

#8
-=jonnyrotten=-
Posted 29 January 2005 - 08:30 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Those aren't norton files. Those are fakes trying to look legit. Read up on them here:

http://www.sophos.co.../w32rbotun.html

If you google search the others you will find the same info. To remove them for good we have to remove the hijack this entries and delete the files.

-=jonnyrotten=- :tazz:
  • 0

#9
ali_1992
Posted 29 January 2005 - 08:52 PM

ali_1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok and what are the host files
  • 0

#10
-=jonnyrotten=-
Posted 30 January 2005 - 12:30 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
npfw32.exe
navupdaters.exe
navprotect.exe
mcafeshield.exe
winasp.exe

You gotta remove these man, these are the host files. Get rid of everything that I suggested in my earlier post and post a new log so I can check to see if they morph and we may have to remove more files. These guys don't make it easy to remove their infections. We'll get em though, don't worry.

-=jonnyrotten=- :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP