Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another HijackThis log...

Started by Azarath , Jan 31 2005 04:58 PM

  • Please log in to reply

#1
Azarath
Posted 31 January 2005 - 04:58 PM

Azarath

    New Member

  • Member
  • Pip
  • 4 posts
Well, followed the steps for the main page, seems to be ok, apart from I noticed emia.exe still there, and I saw a few other people have been recommended to remove it...only when I go to the location of it, it's hidden, and not even showing all hidden files/folders shows it up. Neither does a command prompt.

Anyway...not sure what most of it is, so if someone would be as kind as to have a look for me...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
D:\Tools\WinAMP\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Owner\Application Data\emia.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
D:\Tools\Maya\docs\Wrapper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\Tools\Maya\docs\jre\bin\java.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
d:\Downloads\HijackThis.exe
D:\Tools\Trillian\trillian.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/test/links/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0DB8DE1-B369-40A6-F386-273A013DD9D3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Tools\WinAMP\winampa.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Lqvjuf.exe
O4 - HKLM\..\Run: [efafmjyv] C:\WINDOWS\efafmjyv.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [lvcnun] c:\windows\system32\lvcnun.exe
O4 - HKLM\..\Run: [bhnscc] C:\WINDOWS\System32\bhnscc.exe
O4 - HKLM\..\Run: [wFtW3sj] alrgr.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Tbhnnh.exe
O4 - HKLM\..\Run: [lnuotc] C:\WINDOWS\System32\lnuotc.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ho26RiHpQ] wupnetbs.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Owner\Application Data\emia.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab




May be easier to add me to msn - [email removed]

Any help would be greatly appreciated...been at it now for 4 days :-(

Edited by admin, 31 January 2005 - 07:32 PM.

  • 0

Advertisements

#2
admin
Posted 31 January 2005 - 07:33 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Can we see you entire log? Including the top portion.
  • 0

#3
Azarath
Posted 01 February 2005 - 06:43 PM

Azarath

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oops, sorry. Well, ive scanned again - this is the latest one...

Logfile of HijackThis v1.97.7
Scan saved at 00:42:25, on 02/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
D:\Tools\WinAMP\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Documents and Settings\Owner\Application Data\emia.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
D:\Tools\Maya\docs\Wrapper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\Tools\Maya\docs\jre\bin\java.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
d:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/test/links/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0DB8DE1-B369-40A6-F386-273A013DD9D3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Tools\WinAMP\winampa.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Lqvjuf.exe
O4 - HKLM\..\Run: [efafmjyv] C:\WINDOWS\efafmjyv.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [lvcnun] c:\windows\system32\lvcnun.exe
O4 - HKLM\..\Run: [bhnscc] C:\WINDOWS\System32\bhnscc.exe
O4 - HKLM\..\Run: [wFtW3sj] alrgr.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Tbhnnh.exe
O4 - HKLM\..\Run: [lnuotc] C:\WINDOWS\System32\lnuotc.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ho26RiHpQ] wupnetbs.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Owner\Application Data\emia.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

#4
Azarath
Posted 04 February 2005 - 08:44 PM

Azarath

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Any luck in seeing if theres anything wrong with it?
  • 0

#5
Koretek
Posted 05 February 2005 - 05:15 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
The HijackThis Tool is out of date, on the next log please update this it can make a big difference. Theres a link in my signature to our download section and you will find it there.
Checkin it now, rough day yesterday hang in there Az! Im new to these forums so I will have to get any "fix" approved but I promise to get back to ya! : )

Edited by Koretek, 05 February 2005 - 05:49 PM.

  • 0

#6
Azarath
Posted 05 February 2005 - 09:50 PM

Azarath

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oops, sorry about that. Been a while since I used it so I didnt realise...

Logfile of HijackThis v1.99.0
Scan saved at 03:46:21, on 06/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
D:\Tools\WinAMP\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Documents and Settings\Owner\Application Data\emia.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
D:\Tools\Maya\docs\Wrapper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\Tools\Maya\docs\jre\bin\java.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Tools\Trillian\trillian.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
D:\Tools\WinAmp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/test/links/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0DB8DE1-B369-40A6-F386-273A013DD9D3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Tools\WinAMP\winampa.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Lqvjuf.exe
O4 - HKLM\..\Run: [efafmjyv] C:\WINDOWS\efafmjyv.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [lvcnun] c:\windows\system32\lvcnun.exe
O4 - HKLM\..\Run: [bhnscc] C:\WINDOWS\System32\bhnscc.exe
O4 - HKLM\..\Run: [wFtW3sj] alrgr.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Tbhnnh.exe
O4 - HKLM\..\Run: [lnuotc] C:\WINDOWS\System32\lnuotc.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ho26RiHpQ] wupnetbs.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Owner\Application Data\emia.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server - Unknown - D:\Tools\Maya\docs\Wrapper.exe
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: FileZilla Server FTP server - Unknown - D:\tools\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Also, I've noticed that people have been saying it isnt as accurate if people turn their computer off, how about if they put it into hibernate, as I almost always do that...
  • 0

#7
Koretek
Posted 06 February 2005 - 01:42 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hibernate would have been fine, but you could have shut it down, its certain "special cases" when we ask not to shut it down, luckily so far you havent shown those signs.
  • 0

#8
Koretek
Posted 11 February 2005 - 10:31 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Ok Az lets get to work,
You should print these instructions out for use later while in Safe Mode because you will not have an internet connection.

Close all windows except HijackThis and have it "Fix" these entries:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D0DB8DE1-B369-40A6-F386-273A013DD9D3} - (no file)
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Lqvjuf.exe
O4 - HKLM\..\Run: [efafmjyv] C:\WINDOWS\efafmjyv.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [lvcnun] c:\windows\system32\lvcnun.exe
O4 - HKLM\..\Run: [bhnscc] C:\WINDOWS\System32\bhnscc.exe
O4 - HKLM\..\Run: [wFtW3sj] alrgr.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Tbhnnh.exe
O4 - HKLM\..\Run: [lnuotc] C:\WINDOWS\System32\lnuotc.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKCU\..\Run: [ho26RiHpQ] wupnetbs.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\Owner\Application Data\emia.exe

Then lets reboot into "Safe Mode" and enable "All Files and Folders" to be seen:

Boot into safe mode:

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

"All Files and Folders"

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files and Folders", select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Now lets navigate to these entries and delete them manually:

C:\WINDOWS\System32\Lqvjuf.exe
C:\WINDOWS\efafmjyv.exe
C:\Program Files\CSBB <<-~-delete this entire folder
C:\windows\system32\lvcnun.exe
C:\WINDOWS\System32\bhnscc.exe
C:\WINDOWS\System32\Tbhnnh.exe
C:\WINDOWS\System32\lnuotc.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\wsxsvc <<-~-deletethis entire folder
C:\WINDOWS\System32\sysmonnt
C:\Documents and Settings\Owner\Application Data\emia.exe


Search for these while in safe mode and see if you get results, if
so of course delete them where the search says they are.
alrgr.exe
wupnetbs.exe

Ok, then if were all done, lets boot back up into normal mode and post a new HijackThis log, this time using the newest version of Hijackthis which I mentioned earlier, it can be found with the download link in my signature Az.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP