Think YOURS is bad?

Posted 4/12/2003 5:22 PM
#12787
User avatar

eagle Advanced member

Date Joined Nov 2016
Total Posts: 492
Hey Andrei, <br/> <br/> send this one to Mihai that program he's working on he might find this interesting. Oh yeah Good luck, he's got some real nasties in there. <br/> <br/> Eagle :smilewinkgrin:
Posted 3/27/2005 3:03 AM
#11719
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
v1.97.7 <br/>Scan saved at 7:35:17 PM, on 3/26/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\csrss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/>C:\windows\system\hpsysdrv.exe <br/>C:\WINDOWS\System32\hkcmd.exe <br/>C:\HP\KBD\KBD.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Webroot\Accelerate\accelerate.exe <br/>C:\Program Files\MSN Messenger\MsnMsgr.Exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\MSN\MSNCoreFiles\msn.exe <br/>C:\Program Files\MSN\MSNIA\msniasvc.exe <br/>C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe <br/>C:\Program Files\MSN\MSNCoreFiles\dw15.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/>C:\Program Files\Executive Software\Diskeeper\DkService.exe <br/>C:\Documents and Settings\Owner\Desktop\HijackThis.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://offers.intermute.com/spysubtract/offer/510B03/ <br/>O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe <br/>O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe <br/>O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE <br/>O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe <br/>O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded <br/>O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" <br/>O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/>O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe <br/>O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe <br/>O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S <br/>O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe <br/>O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" <br/>O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe <br/>O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook <br/>O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <br/>O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe <br/>O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background <br/>O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 <br/>O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe <br/>O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe <br/>O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe <br/>O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe <br/>O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe <br/>O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm <br/>O9 - Extra button: Related (HKLM) <br/>O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/>O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF40929-A276-4BFE-9017-1CF5CD7BA046}: NameServer = 198.6.100.150 198.6.1.150 <br/> <br/> :confused: :confused: If someone would be kind to help it would be much appreciated! Thanks
Posted 3/28/2005 6:59 AM
#11761
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello ChugBug22, <br/> <br/> <br/>I have examined your HIJACKTHIS log and this is what you need to do in order to remove the threats on your computer: <br/> <br/>Disable System Restore, >[color=black]instructions here on how to do that[/color]< <br/> <br/>Go to the following web address and download: <br/> <br/>Dr Delete >[color=black]from here[/color]< and extract it into a folder of your choice. <br/> <br/>I see you already have Spybot on your computer: please open it and update it. <br/> <br/>Now please restart your computer in Safe Mode: if you do not know how to do that, please follow the >[color=black]instructions available online here[/color]<. <br/> <br/>-------------------- <br/>Safe Mode: <br/> <br/>Open My Computer >Tools >Folder Options >View >CHECK "Show hidden files and folders", <br/>UNCHECK "Hide protected operating system files" and then click Ok. <br/> <br/> <br/>Then run HIJACKTHIS again, press the Do a system scan only button and place a checkmark next to the following infected items, to fix them later: <br/> <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://offers.intermute.com/spysubtract/offer/510B03/ <br/>O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) <br/>O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe <br/>O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe <br/>O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe <br/>O9 - Extra button: Related (HKLM) <br/> <br/> <br/>After you have checked all of these items, please press the FIX CHECKED button in HIJACKTHIS, to fix these infected entries. <br/> <br/>Now open Dr Delete and use it to remove the following infected file: <br/>msconfg.exe -> you can find it by performing a search on your computer for it. Usually these infections can be found in C:\Windows\, or C:\Windows\System\ or C:\Windows\System32\. <br/> <br/>Please delete that infected file, and then run Spybot: <br/>click on the Immunize button. Then "Scan System" button. Next, close all Internet Explorer windows, and click - Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. <br/> <br/>Open My Computer >Tools >Folder Options >View >CHECK "Do not show hidden files and folders", <br/>CHECK "Hide protected operating system files" and then click Ok. <br/> <br/>Now restart your computer to exit the Safe Mode, and tell me how is everything now? If all is OK, you can re-enable System Restore. <br/> <br/>If you still encounter problems, please post a fresh HIJACKTHIS log so that we can continue with the disinfection. <br/> <br/> <br/>Best regards, <br/> <br/>Andrei Marius Cristof <br/>BullGuard Support Team <br/>support@bullguard.com <br/>>[color=black]BullGuard Website[/color]<
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 4/6/2005 3:23 PM
#12358
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello ChugBug, <br/> <br/> <br/>First of all, let's make sure that the HIJACKTHIS on your computer is the latest version... <br/> <br/>Please >[color=black]go to this web page and download HIJACKTHIS[/color]<, put it in a c:\ folder, for example c:\hijackthis, then run the application, press the "Do a system scan and save a log file" button and copy paste here the log, in full. <br/> <br/> <br/>Best regards, <br/> <br/>Andrei Marius Cristof <br/>BullGuard Support Team | support@bullguard.com <br/>>[color=black]BullGuard Website[/color]<
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 4/6/2005 3:37 PM
#12359
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
I'll try it. thanks!
Posted 4/6/2005 4:02 PM
#12364
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
Scan saved at 08:50, on 4/6/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe <br/>C:\Program Files\MSN\MSNIA\msniasvc.exe <br/>C:\Program Files\MSN\MSNCoreFiles\msn.exe <br/>C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe <br/>C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Chj\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO <br/>O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe <br/>O4 - HKLM\..\RunOnce: [LUSETUP-LT] C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log <br/>O4 - HKCU\..\Run: [SpyRemover TeaTimer] C:\Program Files\SpyRemover\TeaTimer.exe <br/>O4 - HKCU\..\Run: [SPYWAREREMOVER] C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe /STARTUP <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{8909F68B-0F50-413B-A0A7-2889F124C5A6}: NameServer = 198.6.100.150 198.6.1.150 <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing) <br/>O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 08:54, on 4/6/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe <br/>C:\Program Files\MSN\MSNIA\msniasvc.exe <br/>C:\Program Files\MSN\MSNCoreFiles\msn.exe <br/>C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe <br/>C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Chj\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO <br/>O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe <br/>O4 - HKLM\..\RunOnce: [LUSETUP-LT] C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log <br/>O4 - HKCU\..\Run: [SpyRemover TeaTimer] C:\Program Files\SpyRemover\TeaTimer.exe <br/>O4 - HKCU\..\Run: [SPYWAREREMOVER] C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\SpyRem.exe /STARTUP <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll <br/>O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{8909F68B-0F50-413B-A0A7-2889F124C5A6}: NameServer = 198.6.100.150 198.6.1.150 <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing) <br/>O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Posted 4/6/2005 4:17 PM
#12367
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
this looks more wild
Posted 4/7/2005 10:52 AM
#12407
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello ChugBug, <br/> <br/> <br/>Download >[color=black]lspfix from here[/color]<, just run it and see if there is anything in the REMOVE section of this utility: if there is, just press the FINISH button. <br/> <br/>Then post a new HIJACKTHIS log. <br/> <br/>If there is nothing in the REMOVE section, attach a screenshot here with the program opened, or tell me everything that is written in the KEEP section. <br/> <br/> <br/>Best regards, <br/> <br/>Andrei Marius Cristof <br/>BullGuard Support Team | support@bullguard.com <br/>>[color=black]BullGuard Website[/color]<
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 4/8/2005 10:34 AM
#12475
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello ChugBug, <br/> <br/> <br/>Nothing to remove... ok then. <br/>Post a fresh HIJACKTHIS so that we can start looking for viruses....thanx. <br/> <br/> <br/>Best regards, <br/> <br/>Andrei Marius Cristof <br/>BullGuard Support Team | support@bullguard.com <br/>>[color=black]BullGuard Website[/color]<
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 4/11/2005 9:08 PM
#12752
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
heres my new log <br/> <br/>Scan saved at 2:09:11 PM, on 4/11/2005 <br/>Platform: Windows XP SP1 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\System32\CTsvcCDA.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\windows\system\hpsysdrv.exe <br/>C:\WINDOWS\System32\hkcmd.exe <br/>C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe <br/>C:\HP\KBD\KBD.EXE <br/>c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe <br/>C:\WINDOWS\System32\CTHELPER.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\MSN\MSNCoreFiles\msn6.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\Program Files\Norton AntiVirus\cfgwiz.exe <br/>C:\WINDOWS\System32\msconfg.exe <br/>C:\WINDOWS\System32\specialfile.exe <br/>C:\Program Files\Symantec\LiveUpdate\LUAll.exe <br/>C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>C:\WINDOWS\system32\tftp.exe <br/>C:\Documents and Settings\Owner\Desktop\HijackThis.exe <br/>C:\WINDOWS\system32\msconfg.exe <br/>C:\WINDOWS\system32\msconfg.exe <br/>C:\WINDOWS\system32\specialfile.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/ <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll <br/>O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe <br/>O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe <br/>O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/>O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe <br/>O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE <br/>O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r <br/>O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe <br/>O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded <br/>O4 - HKLM\..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE <br/>O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE <br/>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE <br/>O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe <br/>O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe <br/>O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R <br/>O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe <br/>O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe <br/>O4 - HKLM\..\Run: [pcEXPLODE] specialfile.exe <br/>O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe <br/>O4 - HKLM\..\RunServices: [pcEXPLODE] specialfile.exe <br/>O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe <br/>O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy <br/>O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy <br/>O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3909CD-B912-4B24-8434-666CC1EFBF4B}: NameServer = 198.6.100.150 198.6.1.150 <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe <br/>O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Posted 4/11/2005 9:13 PM
#12753
User avatar

ChugBug22 Member

Date Joined Nov 2016
Total Posts: 7
my computer says i belong to a workgroup and a remote connection manager controls my internet sign up. sucks!!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, December 6, 2016, 11:09 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.