Tech Support Forum - View Single Post

str8nitro · 02-26-2005, 04:07 PM

I did not find shmyga in c:\windows\system32 but I did find it in c:\windows\prefetch but it is listed as SHMYGA.EXE-05A83337.pf ... is this a problem? And I am having a problem still that sometime when I click on the control panel it will make my desktop go blank and then come back on.

Here is my aboutbuster log:

Scanned at: 12:36:06 PM on: 2/26/2005

-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

here is my hijackthis log:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 5:02:21 PM, on 2/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe
C:\Program Files\Sonic\DLA\install\tfswctrl.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.insightbb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O4 - HKLM\..\Run: [HotKeysCmds] C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\Program Files\Sonic\DLA\install\tfswctrl.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.c...aInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA9D96A6-B933-4641-B1CA-14F39AB9E6F2}: NameServer = 69.50.166.94,69.31.80.244
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Sub Connections (Pro) - Unknown owner - C:\WINDOWS\System32\shmyga.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

End of KRC HijackThis Analyzer Log.
====================================================================

02-26-2005, 04:07 PM	#5 (permalink)
str8nitro Member Join Date: Feb 2005 Posts: 46 OS: xp	aboutbuster & hijackthis logs ..... I did not find shmyga in c:\windows\system32 but I did find it in c:\windows\prefetch but it is listed as SHMYGA.EXE-05A83337.pf ... is this a problem? And I am having a problem still that sometime when I click on the control panel it will make my desktop go blank and then come back on. Here is my aboutbuster log: Scanned at: 12:36:06 PM on: 2/26/2005 -- Scan 1 --------------------------- About:Buster Version 3.0 Reference List : 15 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 3.0 Reference List : 15 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! here is my hijackthis log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 5:02:21 PM, on 2/26/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe C:\Program Files\Sonic\DLA\install\tfswctrl.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.insightbb.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband O4 - HKLM\..\Run: [HotKeysCmds] C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\Program Files\Sonic\DLA\install\tfswctrl.exe O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.c...aInstaller.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DA9D96A6-B933-4641-B1CA-14F39AB9E6F2}: NameServer = 69.50.166.94,69.31.80.244 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Sub Connections (Pro) - Unknown owner - C:\WINDOWS\System32\shmyga.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe End of KRC HijackThis Analyzer Log. ====================================================================