Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Look2me & TVmedia [RESOLVED]


  • This topic is locked This topic is locked

#31
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Oh i see, sorry i misunderstood you. I'll try to find my CD but i'm not sure if i can find it, been a long time since I last used it. I'll make a deep search and post here later if I found it.
  • 0

Advertisements


#32
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
No my Windows CD isnt here so it has to be on my workplace. I can get it tomorrow late.
  • 0

#33
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
No problem. However I want to get finished by Tuesday evening. The time zone here is Greenwich Mean Time as I am leaving for Cyprus on Wednesday morning.
  • 0

#34
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Everything seems fine. There were some windows updates i could donwload (and did download) but are just small things like a better download. I have no indication of any other changes.

here is a new HJL just in case u need it again:

Logfile of HijackThis v1.99.1
Scan saved at 22:51:28, on 2006-02-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINNT\System32\svchost.exe
C:\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINNT\system32\MSTask.exe
C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
D:\D-Tools\daemon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\internat.exe
D:\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Microsoft AntiSpyware\gcasDtServ.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.lip.pt/"); (C:\Documents and Settings\lip\Application Data\Mozilla\Profiles\default\c91s403u.slt\prefs.js)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpConfgVer] "C:\Program Files\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.07.01
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AKiller] "C:\Advertising Killer\akiller.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Supportskip] C:\DOCUME~1\lip\APPLIC~1\POLLDO~1\ref mode joy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload0.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://mic.phinforma...ap/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139870420750
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.musica.gu...ts/clearadj.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: Domain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: NameServer = 194.65.100.117,194.65.5.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: Domain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: NameServer = 194.65.100.117,194.65.5.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: Domain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F122BA8-1200-42D8-86BF-00DE9B805ECE}: NameServer = 194.65.100.117,194.65.5.2
O20 - AppInit_DLLs: mad.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: FireDaemon Service: startupdll (startupdll) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
  • 0

#35
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

I can still see an infection (looks like LOP) in your HJT log.

Your system is not behaving as it should, therefore I think it is imperative that you should run the SFC programme.

The folders with the infection are invisible until they are detected by Activescan.

You must delete these files in anyway you can:

dogffdva.exe
HEARTDOWNLOADERMAPI.exe
jonnpykr.exe
Plus Bits Ball New.exe

These are all LOP files. Safe mode is best, killbox, delete on reboot is even better.

One last try please!
  • 0

#36
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'll try again, but what is the SFC program?
  • 0

#37
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
This is what I mean by SFC.

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows disc upon starting the scan. if this happens please make sure that you can view protected files:

My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.


Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:

My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
  • 0

#38
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
yes im sorry, I was a bit tired and mistook it for File Protection Service which is the one i dont know what it is. And i did run the SFC two posts ago.

As much as I try to delete the four files, they keep giving the error "pendingFileRenamedOperations Registry Data has been removed by external process". If I try to delete them by normal file kill of Killbox, it says those files dont exist! And those files arent visible anymore.

When you say I should do an Activesearch to make those files visible you mean Panda Activesearch?

Edited by Alkiton, 14 February 2006 - 05:02 AM.

  • 0

#39
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
It sounds as though they are gone then. Let me know if you have further problems when I return.
  • 0

#40
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Well since a few days i dont have the pop ups anymore but i still have this very annoying error that keeps me from clicking on links and going to the page. I supose this happened because of my malware infections because I havent changed any IE settings. This is probably out of line of malware cleaning but maybe you know something?

In any case i thank you very much for your time and dedication helping me!! I wish you a pleasent time in Cyprus.
  • 0

Advertisements


#41
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Well you might try this:

In MSIE click TOOLS>INTERNET OPTIONS>ADVANCED click RESTORE DEFAULTS.
  • 0

#42
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'm afraid its a bit more complex than that. Clicking on links that send to a page in the same browser window are fine, but links that open a new window show blank page. Also sites that open a kind of "pop up window" like the window opened in http://www.pandasoft.../activescan.htm when we click "scan" open blank window.

Since i have the link to the pages that open on a new browser window i can copy paste the url and go there anyway (althought it makes a much slower search), but If i ever want/need to use a scan like on that pandasoftware I wont even be able.

could it still be a malware?

PS - after a few days, both ewido and spysweeper show no infections, and I dont have any pop ups spamming.
  • 0

#43
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

What you describe sounds like browser settings to me.

You could try a repair:

Go into your Control Panel and then to Add and Remove Programs. Click Change or Remove Programs and scroll to Microsoft Internet Explorer, click to highlight it, choose remove and a new window will open giving you the option to repair Internet Explorer and finally click OK.

Even better is downloading Firefox and using that rather than MSIE.
  • 0

#44
Alkiton

Alkiton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
"funny" thing is that when i clicked on the change/remove button so that i could repair IE it actually proceeded to uninstall it (no menu to ask to repair or anything else). But it didnt even uninstall.

Nevertheless now i can use firefox, since I dont have any pop-ups so no problem !
  • 0

#45
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Well that sounds as though it was a corrupted MSIE. If you really want it (I haven't used it for over a year now), you could delete all parts of it and download the latest from Microsoft Windows site.

Can I see a final fresh HJT log please so I can hopefully give you the all clear?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP