chucko4 Posted December 13, 2005 Share Posted December 13, 2005 Please tell me what is not too good heh. Probably something major with my luck. Thanks guys. and my question is when you open the task manager, there is a speed option, my computer is on normal, but should i set it on high speed? Or if not when should i be using high speed? Thanks Logfile of HijackThis v1.98.1 Scan saved at 7:30:58 PM, on 12/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\System32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile] C:\WINDOWS\System32\windir32[Caution: ExecutableFile] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] C:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile] C:\WINDOWS\System32\windir32[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Documents and Settings\Charlie Clough\Desktop\HijackThis[Caution: ExecutableFile] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\CHARLI~2\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) O2 - BHO: (no name) - {51EAE9A9-CA5E-4D8F-A7F6-FF82B03DE17C} - C:\WINDOWS\System32\naihp.dll (file missing) O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\bk1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [kbimim] C:\WINDOWS\System32\kbimim[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] -autorun O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile]" O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKCU\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O10 - Broken Internet access because of LSP provider 'osmim.dll' missing O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/i ... downls.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Filter: text/html - {391BDB5F-7DE0-4AFD-818C-14BBA83AB653} - C:\WINDOWS\System32\naihp.dll O18 - Filter: text/plain - {391BDB5F-7DE0-4AFD-818C-14BBA83AB653} - C:\WINDOWS\System32\naihp.dll ~Old School Scaper~ Link to comment Share on other sites More sharing options...
weezcake Posted December 13, 2005 Share Posted December 13, 2005 I spotted this file, did a search on google and it said the following file was a virus (WORM_RBOT.BRQ) C:\WINDOWS\System32\windir32.e3e (CAUTION - executable file) (There are a bunch of services running for this file.. not sure about this one) There are a bunch of services running under this name, but I'm not sure if its a virus or not. Can a pro come in and confirm this? (I'm learning by watching the pros do their thing) ==================================Retired tip.it moderator.Teaching and inspiring. Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 13, 2005 Share Posted December 13, 2005 ok first question about:blank. Did you set it (i don't think so because i can see the se.dll (sign of a nasty CWS infection)). if you didn't set it then your computer has been infected with cws. my main concerns are (please don't fix anything yet): R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\CHARLI~2\LOCALS~1\Temp\se.dll/sp.html <-I underlined the sign of an infection] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank if you want to fix it then heres my canned: ==================================================== Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further. You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem. Download about:buster by RubbeRDuckY Here. Download CWShredder ]Here. Download SpSeHjfix Here. Download and install CleanUp! ]Here Save all of these files somewhere you will remember like to the Desktop. Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix) Run the CleanUp! installer. You dont need to do anything with it right now. Update About:Buster [*:1qfe3jma]Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created. [*:1qfe3jma]Navigate to the AboutBuster directory and double-click on AboutBuster[Caution: ExecutableFile]. [*:1qfe3jma]Click "OK" at the prompt with instructions. [*:1qfe3jma]Click "Update" and then "Check For Update" to begin the update process. [*:1qfe3jma]If any updates exist please download them by clicking "Download Update" then click the X to close that window. [*:1qfe3jma]Now close About:Buster Update CWShredder [*:1qfe3jma]Open CWShredder and click I AGREE [*:1qfe3jma]Click Check For Update [*:1qfe3jma]Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please run about:buster by RubbeRDuckY: [*:1qfe3jma]Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams. [*:1qfe3jma]Click Yes to allow it to shutdown explorer[Caution: ExecutableFile]. [*:1qfe3jma]It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so. [*:1qfe3jma]When it has finished, click Save Log. Make sure you save it as I may need a copy of it later. [*:1qfe3jma]Reboot your computer into safe mode again Run about:buster again following the same instructions as above, this time without the restart at the end Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply. Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows. Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) [this should also catch any viruses you have] After all that, please post back with how things went as well as the logs requested and a new HiJackThis log. ++++++++++++++++++++++++++++++++++++++++++++++++++ I check the rest of the log later - i usually take out specific infections first before i fix any other things. Link to comment Share on other sites More sharing options...
chucko4 Posted December 14, 2005 Author Share Posted December 14, 2005 thanks il workk on the results, i DID NOT set the about:blank ~Old School Scaper~ Link to comment Share on other sites More sharing options...
chucko4 Posted December 14, 2005 Author Share Posted December 14, 2005 your cwshredder link did not work edit: got cwshredder off download.com neither did the cleanup! link ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 14, 2005 Share Posted December 14, 2005 yeh i guessed :D ok when you've done what my canned told you to do can you post back the logs (i wanna see them)? (also the online antivirus one-i wanna check out the windir32[Caution: ExecutableFile]) after the fix please can you post a new HJT log. kk bear with me (i only updated my canned before my holiday- a few days ago) new links CWShredder. You will need to update to the new version. The trend micro website ain't working for me either. ]Cleanup! You don't need to update this one. Link to comment Share on other sites More sharing options...
chucko4 Posted December 14, 2005 Author Share Posted December 14, 2005 the clean up link still does not work but i have cwshredder, i will post logs when all done edit i fixed myself lol ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 14, 2005 Share Posted December 14, 2005 i know why... tip.it had to change a part of the url from [Caution: Executable File]cutable (first 3 letters) to .e3e thats why. this is a pian cos u'll need it. i give you another link without the .e3e in it. ok copy and paste this url in the address bar: ]http://www.stevengould.org/downloads/cl ... anUp40[Caution: ExecutableFile] change the .e3e (CAUTION - executable file) to [Caution: ExecutableFile] click go and it should go straight to the download page. Link to comment Share on other sites More sharing options...
Phil Posted December 14, 2005 Share Posted December 14, 2005 coltm4carbine: for future, just link to the page with the download on it, not to the exe. - http://www.stevengould.org/downloads/cleanup/ If you don't have a choice, just avoid the censor. We wont be angry if it is a genuine file. :wink: Link to comment Share on other sites More sharing options...
chucko4 Posted December 14, 2005 Author Share Posted December 14, 2005 i should have done this a day sooner.....just got hacked on my hyrbid pure....4m cash gone, 30k bronze arrows gone, 20k airs, 20k fires gone......a buncha rune, 1k death, 1k addy arrows....sigh need i say more...i went through all the steps and stuff even though a lot of the things found nothing....here's my new hijack log C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile] C:\WINDOWS\System32\windir32[Caution: ExecutableFile] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] C:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile] C:\WINDOWS\System32\windir32[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Documents and Settings\Charlie Clough\Desktop\HijackThis[Caution: ExecutableFile] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\bk1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [kbimim] C:\WINDOWS\System32\kbimim[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKLM\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] -autorun O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile]" O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32[Caution: ExecutableFile] O4 - HKCU\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O10 - Broken Internet access because of LSP provider 'osmim.dll' missing O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/i ... downls.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 14, 2005 Share Posted December 14, 2005 ok I'll do that in the future (if i remember). go offline close everything and fix these: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\bk1.dll <-adware O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.e3e (CAUTION - executable file)<=First one O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.e3e (CAUTION - executable file) <-The second one O15 - Trusted Zone: http://www.neededware.com <-did u put it there? if not fix it. O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - The following are randomly names files but i can't find the infection. Please submit the following file to these online file scanners. C:\WINDOWS\System32\kbimim.e3e (CAUTION - executable file) C:\WINDOWS\System32\p0rb06y.e3e (CAUTION - executable file) Jotti File Scan VirusTotal File Scan This will produce a report after the scan is complete, please copy and paste those results in your next post along with a new log. Be sure your able to view hidden files After that delete the following files/folders: C:\WINDOWS\system32\bk1.dll windir32.e3e (CAUTION - executable file) <=you will need to use the "search". Rehide your hidden file Before you post the new log please can you update your version of HJT -it's old. Hows your internet? Any problems when getting on the net etc? It seems something tried to remove a malware in the LSP but left some traces ("hence the broken internet connection") update your version of HJT and then we'll see if it's still there. In the future when you post your HJT log please include the top part. thanks. p.s to weezcake There are a bunch of services running for this file.. not sure about this one Theres meant to be 2 or more if one dies the other starts and vice versa. :) Link to comment Share on other sites More sharing options...
Phil Posted December 14, 2005 Share Posted December 14, 2005 can you download the latest version of hijackthis please - 1.99.1 and repost the log. Link to comment Share on other sites More sharing options...
chucko4 Posted December 15, 2005 Author Share Posted December 15, 2005 sorry about that, here is the new log of the updated hijackthis, when you say go offline and fix these, you mean disconnect from the internet and then fix them on hjt right? C:\WINDOWS\System32\kbimim.e3e (CAUTION - executable file) C:\WINDOWS\System32\p0rb06y.e3e (CAUTION - executable file) - i cant find these on the browse search for the online scan C:\WINDOWS\system32\bk1.dll windir32.e3e (CAUTION - executable file) <=you will need to use the "search". - cant seem to find this either Scan saved at 7:58:56 PM, on 12/14/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\System32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] C:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile] C:\WINDOWS\System32\windir32[Caution: ExecutableFile] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\Documents and Settings\Charlie Clough\My Documents\hijackthis\HijackThis[Caution: ExecutableFile] N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [kbimim] C:\WINDOWS\System32\kbimim[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile]" O4 - HKLM\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] -autorun O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile]" O4 - HKCU\..\RunOnce: [p0rb06y[Caution: ExecutableFile]] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] /k O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O10 - Broken Internet access because of LSP provider 'osmim.dll' missing O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/i ... downls.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab O20 - Winlogon Notify: windrv - C:\DOCUME~1\CHARLI~2\LOCALS~1\Temp\vrdniw.dat (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 15, 2005 Share Posted December 15, 2005 when you say go offline and fix these, you mean disconnect from the internet and then fix them on hjt right? yes. i cant find these on the browse search for the online scan Did you show hidden files? If it still don't work then type in the whole path of it. C:\WINDOWS\system32\bk1.dll windir32.e3e (CAUTION - executable file) <=you will need to use the "search". - cant seem to find this either Did you show hidden files? Change the .e3e to [Caution: ExecutableFile]? still missing the first line (HJT version)... lol looks like the new version detected something the old one didn't... C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) Send: C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\kbimim.e3e (CAUTION - executable file) C:\WINDOWS\System32\p0rb06y.e3e (CAUTION - executable file) to an online scanner too. Post the results!!! finally Go on google and search for panda Activescan. Run the online scan and Save the result. Copy and paste the result and Post It here. It should at least come up with something like this: Adware:Adware/Neededware No disinfected C:\WINDOWS\SYSTEM\Random filename here (gonna be loads of entries for neededware) I am gonna get you to download something when i get back (gtg somewhere) so don't fix the 015 yet! As for the files you can't delete try again after showing hidden files. If you still can't delete i will give you a program to do it for you. Link to comment Share on other sites More sharing options...
chucko4 Posted December 16, 2005 Author Share Posted December 16, 2005 i cant find these on the browse search for the online scan Did you show hidden files? If it still don't work then type in the whole path of it. -i did do this C:\WINDOWS\system32\bk1.dll windir32.e3e (CAUTION - executable file) <=you will need to use the "search". - cant seem to find this either Did you show hidden files? Change the .e3e to [Caution: ExecutableFile]? -this was probably my problem still missing the first line (HJT version)... -what do you mean by this? C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) -do you want me to go offline and fix these? Send: C:\WINDOWS\System32\a8o1v.e3e (CAUTION - executable file) C:\WINDOWS\System32\kbimim.e3e (CAUTION - executable file) C:\WINDOWS\System32\p0rb06y.e3e (CAUTION - executable file) to an online scanner too. Post the results!!! -workin on it finally Go on google and search for panda Activescan. Run the online scan and Save the result. Copy and paste the result and Post It here. -workin on it It should at least come up with something like this: Adware:Adware/Neededware No disinfected C:\WINDOWS\SYSTEM\Random filename here (gonna be loads of entries for neededware) I am gonna get you to download something when i get back (gtg somewhere) so don't fix the 015 yet! As for the files you can't delete try again after showing hidden files. If you still can't delete i will give you a program to do it for you. -im workin on all of this btw thanks a lot for all this help ~Old School Scaper~ Link to comment Share on other sites More sharing options...
chucko4 Posted December 16, 2005 Author Share Posted December 16, 2005 i am still having trouble finding the kbimim file still workin on other things ~Old School Scaper~ Link to comment Share on other sites More sharing options...
chucko4 Posted December 16, 2005 Author Share Posted December 16, 2005 the a8o1v file dosent show up on hjt only on the running processes list which only appears in the log Logfile of HijackThis v1.99.1 Scan saved at 7:20:36 PM, on 12/15/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\System32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] C:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Documents and Settings\Charlie Clough\My Documents\hijackthis\HijackThis[Caution: ExecutableFile] N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\bk1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [kbimim] C:\WINDOWS\System32\kbimim[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile]" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] -autorun O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile]" O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O10 - Broken Internet access because of LSP provider 'osmim.dll' missing O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/i ... downls.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab O20 - Winlogon Notify: windrv - C:\DOCUME~1\CHARLI~2\LOCALS~1\Temp\vrdniw.dat (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] ~Old School Scaper~ Link to comment Share on other sites More sharing options...
Sharper Posted December 16, 2005 Share Posted December 16, 2005 Remove the following entries: O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\bk1.dll O4 - HKLM\..\Run: [kbimim] C:\WINDOWS\System32\kbimim[Caution: ExecutableFile] O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/i ... downls.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.36/ttinst.cab O20 - Winlogon Notify: windrv - C:\DOCUME~1\CHARLI~2\LOCALS~1\Temp\vrdniw.dat (file missing) O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS Then download LSPFix (search google for a download location) and run it, take a screen shot of what it lists in the application and post it here so I can tell you which one to remove. Then restart yoru computer and run Windows Update. Ensure that you get Windows Service Pack 2 and all the available critical updates. You will probably need to uninstall your antivirus software before installing Service Pack 2 because it might stop functioning properly after the update. So just uninstall it, do all the updates, then install and update the antivirus software again. Let me know how you go after all this.[/i] Link to comment Share on other sites More sharing options...
chucko4 Posted December 16, 2005 Author Share Posted December 16, 2005 how do i run windows updates lol? ok, here are some updates, the panda activescan thing freezes for me about half way through, i've tried it a few times, it seems to freeze in the same place. here is the lsp summary requested by sharper here is an updated hjt log -i bolded running processes that caught my untrained eye Logfile of HijackThis v1.99.1 Scan saved at 9:02:50 PM, on 12/15/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\System32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] C:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile] C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Documents and Settings\Charlie Clough\My Documents\hijackthis\HijackThis[Caution: ExecutableFile] N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Charlie Clough\Application Data\Mozilla\Profiles\default\78tp448c.slt\prefs.js) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver[Caution: ExecutableFile]" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: ExecutableFile] -autorun O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3[Caution: ExecutableFile]" O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O15 - Trusted Zone: http://www.neededware.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile] ~Old School Scaper~ Link to comment Share on other sites More sharing options...
Sharper Posted December 16, 2005 Share Posted December 16, 2005 Great work you cleared out most of the spyware/malicious files from your computer. Now you just need to do a complete Windows updates so you fix all the vulnerabilities currently on your system. Go to http://windowsupdate.microsoft.com/ to run Windows update. You need to do this at least once a Month, preferably allow Windows update to be run automatically as needed. When you have Service Pack 2 installed there is an easy option in your Control Panel for setting up automatically Windows updates. Repost the HiJackThis log when you are fully up-to-date. Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 16, 2005 Share Posted December 16, 2005 sorry for my absence-I was expecting to be back yesterday evening. log looks a lot better do a google for "housecall". Thats another online scan. run it. As for panda which file does it get stuck on? Also go offline, close everything and fix this: O15 - Trusted Zone: http://www.neededware.com <- It's a adware. If you fixed it but it keeps on coming back let me know and i get you to fix it using another tool. Link to comment Share on other sites More sharing options...
chucko4 Posted December 17, 2005 Author Share Posted December 17, 2005 I think the windows update page is having troubles because after it starts searching for updates i get a "The website has encountered a problem and cannot display.." message...il wait a few days and try again. I'm worried about my running process IEXPLORE.E3E, it's replacing my explorer.e3e as my internet...i bolded it in my previous hjt log im workin on the housecall and removed the 015 ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 I'm worried about my running process IEXPLORE.E3E, it's replacing my explorer.e3e as my internet...i bolded it in my previous hjt log their 2 completely different things. ones internet explorer (IEXPLORE.e3e) and the other one is the Windows Explorer (explorer.e3e). a few viruses uses the same name so it depends on it's location. ok post back the online scan results. Not sure about windows updates- working fine for me. If the o15 does come back then i get you to use a special tool for it. Link to comment Share on other sites More sharing options...
chucko4 Posted December 18, 2005 Author Share Posted December 18, 2005 the housecall thing took 20 minutes before it even starting scanning saying it was like "opening or setting up" so i stopped it, and il edit this post and find what file the panda activescan stops on.. after i click express on windows update it says "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. " ~Old School Scaper~ Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 18, 2005 Share Posted December 18, 2005 ok you can update it when your computer is cleaner. I check around for your logs. reboot into safemode and delete these files/folders (if present) [ remember to show hidden files] C:\WINDOWS\System32\a8o1v[Caution: ExecutableFile] C:\WINDOWS\System32\p0rb06y[Caution: ExecutableFile] reboot into normal mode. After the online scan: google "ewido security suite" and download it. run it and post the log here. if the online scan didn't work then use ewido anyway- it'll tell us what else we have to deal with. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now