Metal_Core Posted December 23, 2005 Share Posted December 23, 2005 Hi, I just scanned my computer with HJT, and need help. :) Logfile of HijackThis v1.99.1 Scan saved at 5:44:24 PM, on 12/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] c:\program files\mcafee.com\agent\mcdetect[Caution: ExecutableFile] c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile] c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\SOUNDMAN[Caution: ExecutableFile] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: ExecutableFile] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: ExecutableFile] C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile] c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Documents and Settings\Mitch\Desktop\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbytecomputer.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: ExecutableFile]" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: ExecutableFile] O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: ExecutableFile] O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile] O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: ExecutableFile] O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1[Caution: ExecutableFile] /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400" O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: ExecutableFile] O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.bestbytecomputer.com O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6B83C9C0-F74C-42DB-AE51-F79222A80B07}: NameServer = 206.47.244.107 206.47.244.133 O20 - Winlogon Notify: secsrvrc - secsrvrc.dll (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: McAfee WSC Integration (McDetect[Caution: ExecutableFile]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: ExecutableFile] O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile] O23 - Service: McAfee Task Scheduler (McTskshd[Caution: ExecutableFile]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: ExecutableFile] O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
Phil Posted December 24, 2005 Share Posted December 24, 2005 Just a quick question before i start, are you Sir_Itchlot or just related/using the same computer, with a different account? Anyway, please close any browsers, then fix the following.. O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab O20 - Winlogon Notify: secsrvrc - secsrvrc.dll (file missing) O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost[Caution: ExecutableFile] (file missing) Also fix the follwing if you don't know the searchwww.com, or don't want them as your home page & searchbars. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html After that's done, please restart your system then post a new new log here. :) Link to comment Share on other sites More sharing options...
Metal_Core Posted December 24, 2005 Author Share Posted December 24, 2005 Just a quick question before i start, are you Sir_Itchlot or just related/using the same computer, with a different account? Yeah, but a different computer. I made a new account because I didn't want everyone to moan and groan for having to help me twice. Sorry. Okay done fixing, rebooted, did the scan... Logfile of HijackThis v1.99.1 Scan saved at 7:47:54 PM, on 12/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1[Caution: ExecutableFile] C:\WINDOWS\system32\wscntfy[Caution: ExecutableFile] C:\WINDOWS\SOUNDMAN[Caution: ExecutableFile] C:\WINDOWS\system32\RUNDLL32[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Documents and Settings\Mitch\Desktop\hijackthis\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbytecomputer.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile] /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1[Caution: ExecutableFile] /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400" O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: ExecutableFile] O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Mitch\LOCALS~1\Temp\20051223193528_mcappins[Caution: ExecutableFile] /v=3 /cleanup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Mitch\LOCALS~1\Temp\20051223193525_mcinfo[Caution: ExecutableFile] /insfin O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O14 - IERESET.INF: START_PAGE_URL=http://www.bestbytecomputer.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6B83C9C0-F74C-42DB-AE51-F79222A80B07}: NameServer = 206.47.244.107 206.47.244.133 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
Metal_Core Posted December 27, 2005 Author Share Posted December 27, 2005 Okay, no problem. I'll just let my computer get worse.. and worse.. and worse. Link to comment Share on other sites More sharing options...
Phil Posted December 27, 2005 Share Posted December 27, 2005 Okay, no problem. I'll just let my computer get worse.. and worse.. and worse. You know being sarcastic isn't going to make anyone want to help you out. People that provide help on this board do so in their own time. Please also remember that people are usually very busy at christmas time. Next time don't sound so ungrateful when people try to help you. Now onto your log... please fix... O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.e3e (CAUTION - executable file) (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted December 29, 2005 Share Posted December 29, 2005 wow first reply for a while, anyways trusting phil on this one (haven't checked the service entry): fixing an o23 (service) only disables it. You will need to manually delete the service yourself. try this (new canned so not sure will it work) Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type MS Software Generic Host Process for Win32 Services and press OK. OK any prompts, close HijackThis, and restart your computer. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now