Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: already discussed but need more help  (Read 26033 times)

0 Members and 1 Guest are viewing this topic.

niklad13

    Topic Starter


    Rookie

    already discussed but need more help
    « on: January 30, 2008, 08:29:19 PM »
    check this out, its an already posted by someone and i have the same kind of problem

    http://www.computerhope.com/forum/index.php/topic,49359.0.html

    i download and run the file and restart the pc but the problem is not fixed yet. As soon as i hit enter/go after writing webpage address in addressbar, the status bar of browse shows Done right next moment.

    but my internet can work in "safe mode with network" mode.

    another computer works perfect with the same network and has no problem
    mine is HP pacilion dv1000, with 1 gb RAM, 80 gb /hdd, wireless bla blabla,   
    i use office scan , spydoctor,IE7 and firefox.(i uninstall ie7 and firefox and reinstall them too)
    i do have gzmrotate.dll error since six months but it didnt gave me problem so i gave up on it.

    and this problem starts coming up just a days before after i uninstall some printer software(hp deskjat 4100) from my pc.

    please help
    Logged

    Broni


      Mastermind
    • Kraków my love :)
      • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: already discussed but need more help
    « Reply #1 on: January 30, 2008, 09:45:55 PM »
    gzmrotate.dll is AdRotator/IconAds Adware

    Said that...

    1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
    Note: This Scanner is for Internet Explorer Only
       1.  You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
       2. If it wants to install an ActiveX component allow it
       3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
       4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
       5. After initialization is complete uncheck\untick "Remove found threats"
       6. Check\tick "Scan unwanted applications"
       7. Click the "Scan" button
       8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
    Post ESET's log.

    2. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    Print these instructions out.

        * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
        * An icon will be created on your desktop. Double-click that icon to launch the program.
        * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
        * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

        * Open SUPERAntiSpyware.
        * Under "Configuration and Preferences", click the Preferences button.
        * Click the Scanning Control tab.
        * Under Scanner Options make sure the following are checked (leave all others unchecked):
              o Close browsers before scanning.
              o Scan for tracking cookies.
              o Terminate memory threats before quarantining.
        * Click the "Close" button to leave the control center screen.
        * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
        * On the left, make sure you check C:\Fixed Drive.
        * On the right, under "Complete Scan", choose Perform Complete Scan.
        * Click "Next" to start the scan. Please be patient while it scans your computer.
        * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
        * Make sure everything has a checkmark next to it and click "Next".
        * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
        * If asked if you want to reboot, click "Yes".
        * To retrieve the removal information after reboot, launch SUPERAntispyware again.
              o Click Preferences, then click the Statistics/Logs tab.
              o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
              o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
              o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
        * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    3. Download HijackThis:
    http://www.snapfiles.com/get/hijackthis.html
    Post HijackThis log.
    Logged

    niklad13

      Topic Starter


      Rookie

      Re: already discussed but need more help
      « Reply #2 on: January 31, 2008, 09:01:54 PM »
      the superantispyeare didnt create log file after full scan.
      so i am scanning again. it takes much longer time

      what if it wont create log even after second scanning?
      what should i do?
      Logged

      Broni


        Mastermind
      • Kraków my love :)
        • Thanked: 614
        • Computer Help Forum
      • Computer: Specs
      • Experience: Experienced
      • OS: Windows 8
      Re: already discussed but need more help
      « Reply #3 on: January 31, 2008, 09:51:14 PM »
      In that case, just post new HJT log.
      Logged

      niklad13

        Topic Starter


        Rookie

        Re: already discussed but need more help
        « Reply #4 on: February 01, 2008, 05:21:45 PM »
        ok fortunately second time everything ran good and here are all three log files

        i can not paste all files together and i don't see any attachment link so i am just sending you all three log files one by one
        -----------------------------------------------------
        1.eset online scanner log file

        # version=4
        # OnlineScanner.ocx=1.0.0.56
        # OnlineScannerDLLA.dll=1, 0, 0, 51
        # OnlineScannerDLLW.dll=1, 0, 0, 51
        # OnlineScannerUninstaller.exe=1, 0, 0, 49
        # vers_standard_module=2840 (20080131)
        # vers_arch_module=1.063 (20080117)
        # vers_adv_heur_module=1.060 (20070601)
        # EOSSerial=b69ff18111be7344a135ef899e9f61e0
        # end=finished
        # remove_checked=false
        # unwanted_checked=true
        # utc_time=2008-02-01 12:24:23
        # local_time=2008-01-31 06:24:23 (-0600, Central Standard Time)
        # country="United States"
        # osver=5.1.2600 NT Service Pack 2
        # scanned=588622
        # found=9
        # scan_time=3684
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip   multiple infiltrations   FF8D3671268D614A5642B8429790AB3C
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe   multiple infiltrations   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »setup_rightonadz.exe   Win32/Adware.TrafficSol application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »setup_rightonadz.exe »NSIS »gzmrotate.dll   Win32/Adware.TrafficSol application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »ads_3.3.exe   Win32/Adware.Ezula application   00000000000000000000000000000000
        C:\Documents and Settings\Ranpariya\My Documents\My muvees\lime wire download\autodesk mechanical desktop (uncensored).zip »ZIP »setup.exe »NSIS »ads_3.3.exe »NSIS »ý¤€   Win32/Adware.Ezula application   00000000000000000000000000000000
        C:\WINDOWS\system32\Indt2.sys   a variant of Win32/TrojanClicker.VB.NDJ trojan   B21B3C65F52CD5F2F2F98CE7E8D6A5F1
        C:\WINDOWS\system32\ndt2.sys   a variant of Win32/TrojanDownloader.Delf.DSX trojan   2DC65B0A64AB15CA71B5A4765B79E24F
        C:\WINDOWS\system32\perfs.exe   probably a variant of Win32/TrojanDownloader.Delf.OBC trojan   9BB4E0BB21526233F55BF308CBE2720B

        Logged

        niklad13

          Topic Starter


          Rookie

          Re: already discussed but need more help
          « Reply #5 on: February 01, 2008, 05:23:10 PM »
          log file from super antispyware



          --------------------------


          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 02/01/2008 at 01:02 AM

          Application Version : 3.9.1008

          Core Rules Database Version : 3392
          Trace Rules Database Version: 1384

          Scan type       : Complete Scan
          Total Scan Time : 03:05:01

          Memory items scanned      : 541
          Memory threats detected   : 0
          Registry items scanned    : 8061
          Registry threats detected : 13
          File items scanned        : 115145
          File threats detected     : 7

          Trojan.TrafficNinjaBiz
             HKLM\Software\Classes\CLSID\{F31B3634-12AA-41ca-B021-0685C3B3E4CA}
             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31B3634-12AA-41ca-B021-0685C3B3E4CA}
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\InprocServer32
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\InprocServer32#ThreadingModel
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\ProgID
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\Programmable
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\TypeLib
             HKCR\CLSID\{F31B3634-12AA-41CA-B021-0685C3B3E4CA}\VersionIndependentProgID

          Trojan.Downloader-Gen
             HKLM\System\ControlSet001\Services\perfmons
             C:\WINDOWS\SYSTEM32\PERFS.EXE
             HKLM\System\ControlSet002\Services\perfmons
             HKLM\System\CurrentControlSet\Services\perfmons

          Adware.Tracking Cookie
             C:\Documents and Settings\Ranpariya\Cookies\ranpariya@hitbox[2].txt
             C:\Documents and Settings\Ranpariya\Cookies\[email protected][1].txt

          Adware.AdRotator/RightOnz
             HKLM\Software\Microsoft\Windows\CurrentVersion\Run#hid_start [ C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify ]

          Trojan.Unclassified/Perfs
             C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP426\A0069519.EXE

          Trojan.Downloader-Gen/Suspicious
             C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP429\A0070580.EXE

          Trojan.Downloader-Gen/INDT2
             C:\WINDOWS\SYSTEM32\INDT2.SYS

          Rootkit.NDT2
             C:\WINDOWS\SYSTEM32\NDT2.SYS
          -------------------------------------------------------------

          Logged

          niklad13

            Topic Starter


            Rookie

            Re: already discussed but need more help
            « Reply #6 on: February 01, 2008, 05:24:04 PM »
            hijackthis log file

            ------------------------

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 6:10:17 PM, on 2/1/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Safe mode with network support

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Spyware Doctor\svcntaux.exe
            C:\Program Files\Spyware Doctor\swdsvc.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Spyware Doctor\SDTrayApp.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
            O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
            O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
            O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
            O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
            O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
            O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
            O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
            O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
            O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
            O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
            O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
            O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
            O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
            O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
            O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
            O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
            O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe


            Logged

            Broni


              Mastermind
            • Kraków my love :)
              • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: already discussed but need more help
            « Reply #7 on: February 01, 2008, 05:43:43 PM »
            You need to rerun HJT. It should be run in Normal, not Safe Mode.
            Logged

            niklad13

              Topic Starter


              Rookie

              Re: already discussed but need more help
              « Reply #8 on: February 03, 2008, 09:53:47 AM »
              ok here is the hjt log file in normal mode
              since i cant post this file in one mail i am gonna send you in two parts

              1st part
              -----
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 12:09:33 AM, on 2/3/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.exe
              C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Spyware Doctor\svcntaux.exe
              C:\Program Files\Spyware Doctor\swdsvc.exe
              C:\Program Files\Spyware Doctor\SDTrayApp.exe
              C:\WINDOWS\System32\PAStiSvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\WINDOWS\system32\NOD32upd.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\HPQ\SHARED\HPQWMI.exe
              C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
              C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
              C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
              O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
              O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


              Logged

              niklad13

                Topic Starter


                Rookie

                Re: already discussed but need more help
                « Reply #9 on: February 03, 2008, 09:54:32 AM »
                2nd part
                ----------

                O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
                O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                --
                End of file - 10685 bytes
                Logged

                Broni


                  Mastermind
                • Kraków my love :)
                  • Thanked: 614
                  • Computer Help Forum
                • Computer: Specs
                • Experience: Experienced
                • OS: Windows 8
                Re: already discussed but need more help
                « Reply #10 on: February 03, 2008, 11:34:12 AM »
                *** You need to update your Java: http://www.java.com/en/download/index.jsp
                Uninstall all previous versions of Java through Add\Remove.

                1. Print this post out, since you won't have an access to it, at some point.

                2. Close all windows, except for HijackThis.

                3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

                - O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
                - O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
                - *O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                - *O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                - *O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                - O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                - *O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
                - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                - O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                - O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                - O4 - HKUS\S-1-5-18\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'SYSTEM')
                - O4 - HKUS\.DEFAULT\..\Run: [Microsoft SpA Service] NOD32upd.exe (User 'Default user')
                - *O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                - *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


                4. Click on "Fix checked" button.

                5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

                6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

                7. Delete following files/folders (if present):

                - search your computer for NOD32upd.exe file; if found, delete

                8. Turn off System Restore:

                - Windows XP:
                   1. Click Start.
                   2. Right-click the My Computer icon, and then click Properties.
                   3. Click the System Restore tab.
                   4. Check "Turn off System Restore".
                   5. Click Apply.   
                   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
                   7. Click OK.
                - Windows Vista:
                   1. Click Start.
                   2. Right-click the Computer icon, and then click Properties.
                   3. Click on System Protection under the Tasks column on the left side
                   4. Click on Continue on the "User Account Control" window that pops up
                   5. Under the System Protection tab, find Available Disks
                   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
                   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
                   8. Click OK

                9. Restart in Normal Mode.

                10. Turn System Restore on.

                11. Post new HijackThis log.
                Logged

                niklad13

                  Topic Starter


                  Rookie

                  Re: already discussed but need more help
                  « Reply #11 on: February 03, 2008, 09:52:17 PM »
                  1st part
                  -----------------------
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 10:48:38 PM, on 2/3/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.exe
                  C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\WINDOWS\System32\PAStiSvc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                  C:\WINDOWS\System32\alg.exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
                  C:\WINDOWS\system32\LVCOMSX.EXE
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
                  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  C:\WINDOWS\system32\NOD32upd.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\Program Files\HPQ\SHARED\HPQWMI.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
                  C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
                  C:\WINDOWS\system32\wbem\wmiprvse.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                  O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
                  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                  O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKLM\..\RunServices: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [Microsoft SpA Service] NOD32upd.exe
                  O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                  O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
                  O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
                  Logged

                  niklad13

                    Topic Starter


                    Rookie

                    Re: already discussed but need more help
                    « Reply #12 on: February 03, 2008, 09:52:54 PM »
                    2nd part
                    -----------------
                    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                    O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
                    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
                    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
                    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                    O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
                    O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
                    O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

                    --
                    End of file - 9820 bytes
                    Logged

                    Broni


                      Mastermind
                    • Kraków my love :)
                      • Thanked: 614
                      • Computer Help Forum
                    • Computer: Specs
                    • Experience: Experienced
                    • OS: Windows 8
                    Re: already discussed but need more help
                    « Reply #13 on: February 03, 2008, 10:16:59 PM »
                    Quote
                    6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

                    7. Delete following files/folders (if present):

                    - search your computer for NOD32upd.exe file; if found, delete
                    Did you find that file?
                    Logged

                    niklad13

                      Topic Starter


                      Rookie

                      Re: already discussed but need more help
                      « Reply #14 on: February 04, 2008, 02:14:52 PM »
                      yes i found one file and i delete it and then i ran hjt and post that log file.
                      should i go ahead and try to find that file again?
                      Logged
                      Pages: [1] 2 3  All   Go Up
                      « previous next »