|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
05-10-2005, 09:59 AM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 17
OS: WIN XP
|
Hjt-huntbar, Tbps
This bug is in my computer and I can't get it out. HuntBar, TBPS exe.
Can you help? I tried to follow previous posting for the same one but, I DON'T KNOW HOW TO TURN MY COMPUTER INTO SAFE MODE f-8 or f-5 didn't work. Logfile of HijackThis v1.98.2 Scan saved at 10:37:33 AM, on 5/10/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\POP-UP~1\PSFREE.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\WINNT\explorer.exe C:\HJT\HijackThis.exe C:\PROGRA~1\Toolbar\PIB.exe C:\PROGRA~1\Toolbar\TBPS.exe c:\PROGRA~1\Toolbar\radio.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {04910FB8-BA5B-DAF9-2F42-98DC4949BAE8} - C:\WINNT\system32\lkcscsep.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O15 - Trusted Zone: http://www.juno.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.124.14:4343/officescan/...tml/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://10.1.124.14:4343/officescan/...AtxConsole.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CD2F6E-4055-44C6-8B90-C2B41F591F20}: NameServer = 10.1.124.14,10.1.124.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hartman.local O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll 
__________________
ELIEZER CUEVAS SR. Last edited by ELIEZER CUEVS : 05-10-2005 at 10:09 AM. Reason: Additional Threat |
|
     |
|
05-10-2005, 12:14 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
 |
Hi and welcome to TSF.
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible. Please be patient with me during this time. We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". 4SG |
|
|
|
|
05-10-2005, 02:16 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
|
ELIEZER,
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. You are using an outdated version of Hijack This. Please download and install the latest version by going to this Site. Make sure to put it in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it HJK , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Please download Adaware SE and install it (if you don't have it already). - Make sure it's the newest version and check for any updates before running it. - Go to this Site to get the plug-in for fixing VX2 variants. - Also make sure to Customize the settings in Adaware for better scan results. - Run the scan now and fix everything that it finds. Download Spybot 1.3 and install it (if you don't have it already). - update the definitions file and run a scan now. Fix all the entries, which are indicated in RED. Run this tool from Symantec Security Response: http://securityresponse.symantec.com...r/FxWebsch.exe Run a new HijackThis scan (make sure you use the updated HijackThis). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply and we’ll clean up what’s left. 4SG |
|
|
|
|
05-11-2005, 01:29 PM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 17
OS: WIN XP
|
Krc Result Txt
Attached is the results of the KRC HijackThis Analyzer after following your instruction, installed all programs and run them. Please let me know if I need to do anything else. Thanks for your help.
==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:15:54 PM, on 5/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\PROGRA~1\POP-UP~1\PSFREE.EXE C:\HJK\HJK.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {04910FB8-BA5B-DAF9-2F42-98DC4949BAE8} - C:\WINNT\system32\lkcscsep.dll O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFREE.EXE" O15 - Trusted Zone: http://www.juno.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.124.14:4343/officescan/...tml/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://10.1.124.14:4343/officescan/...AtxConsole.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CD2F6E-4055-44C6-8B90-C2B41F591F20}: NameServer = 10.1.124.14,10.1.124.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hartman.local O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe End of KRC HijackThis Analyzer Log. ====================================================================
__________________
ELIEZER CUEVAS SR. |
|
|
|
|
05-12-2005, 07:28 AM
|
#5 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
|
Eliezer,
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Download CleanUp! and install it. (Alternate Link if the main link doesn't work ) The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Don’t run it yet – we’ll use it later. Reboot your system in Safe Mode by continually tapping the F8 key on the top row of your keyboard, until the menu appears. Open HijackThis and click on Scan. Check the following entries (make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {04910FB8-BA5B-DAF9-2F42-98DC4949BAE8} - C:\WINNT\system32\lkcscsep.dll O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto Please remember to close all other windows, including browsers then click Fix checked. Delete the following File indicated in RED if it still exists. C:\WINNT\system32\lkcscsep.dll Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot into Normal Mode run a new HijackThis scan. Save the log file and run the KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. 4SG |
|
|
|
|
05-12-2005, 12:03 PM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 17
OS: WIN XP
|
Hijackthis Analyzer Results
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 1:54:14 PM, on 5/12/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\PROGRA~1\POP-UP~1\PSFREE.EXE C:\HJK\HJK.exe O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFREE.EXE" O15 - Trusted Zone: http://www.juno.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.124.14:4343/officescan/...tml/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://10.1.124.14:4343/officescan/...AtxConsole.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CD2F6E-4055-44C6-8B90-C2B41F591F20}: NameServer = 10.1.124.14,10.1.124.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hartman.local O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe End of KRC HijackThis Analyzer Log. ====================================================================
__________________
ELIEZER CUEVAS SR. |
|
|
|
|
05-13-2005, 07:41 AM
|
#7 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
|
Almost done -
How’s your system running - any problems? I am currently reviewing your most recent log. Please note that this is under the supervision of an expert analyst. There’s one entry in your log that includes Msconfig[1].exe. O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto Any time a program is set to run from your temporary internet files there is cause for concern. That being said, Windows 2000 doesn’t include Msconfig, but I’ve seen workarounds by copying the file from 98/XP. Did you or someone else who uses that PC download Msconfig from somewhere? Make sure your system is still set up to view system/hidden files and do a search for msconfig – post your results. 4SG Last edited by Scorpex : 05-13-2005 at 07:47 AM. Reason: fine tuning |
|
|
|
|
05-13-2005, 08:44 AM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 17
OS: WIN XP
|
Search for msconfig
Thank you 4SG.
My computer is doing good; no pup-ups from huntbar or anything like that. Here is the serch results. Thanks for your help. I will be out on vacation from the 19th. to June 3rd. so you may not here from me during those days if anything else hapend (I hope not) Search is complete. There are no reults to display.
__________________
ELIEZER CUEVAS SR. |
|
|
|
|
05-13-2005, 05:51 PM
|
#9 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
|
Eliezer – Lets try this:
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the round X button for each file - choose YES when it asks if you want to reboot**): C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe **Reboot your system in Safe Mode by continually tapping the F8 key on the top row of your keyboard, until the menu appears. Open HijackThis and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto Please remember to close all other windows, including browsers then click Fix checked. Reboot into Normal Mode Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot again into Normal Mode run a new HijackThis scan. Save the log file and run the KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. 4SG |
|
|
|
|
05-18-2005, 07:34 AM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 17
OS: WIN XP
|
Results
AS YOUR CAN SEE IN THE RESULTS, THE MSCONFIG[1] FILE IS THERE.
I FOLLOW YOUR INSTRUCTIONS TWISE, BUT EVERY TIME I RUN HIJACKTHIS THE FILE IS THERE. RECENTLY OWR COMPANY SET UP A NEW NETWORK AND REASIGN A NEW PASSWORD TO MY COMPUTER. ONE THING I NOTICE WAS THAT EVERYTIME I TRIED TO RUN THE SYSTEM IN SAFE MODE I HAVE TO USE THE OLD PASSWORD INSTED THE NEW ONE. DO YOU THING THIS WILL AFFECT THE FIXING OF THE FILE? CAN THIS FILE BE RUNING FROM THE NETWORK? HERE ARE THE RESULTS: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:10:11 AM, on 5/18/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\system32\userinit.exe C:\PROGRA~1\POP-UP~1\PSFREE.EXE C:\HJK\HJK.exe O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\eli\Local Settings\Temporary Internet Files\Content.IE5\CPPUIYPM\msconfig[1].exe /auto O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFREE.EXE" O15 - Trusted Zone: http://www.juno.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.124.14:4343/officescan/...tml/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://10.1.124.14:4343/officescan/...AtxConsole.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CD2F6E-4055-44C6-8B90-C2B41F591F20}: NameServer = 10.1.124.14,10.1.124.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hartman.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hartman.local O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe End of KRC HijackThis Analyzer Log. ====================================================================
__________________
ELIEZER CUEVAS SR. |
|
|
|
|
05-20-2005, 09:34 AM
|
#11 (permalink) | |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
|
Eliezer,
I ran this past a senior Security member and he mentioned you should try the following: *Double-click on Killbox.exe to start the program (you downloaded it earlier). *In the Killbox program, select the Delete on Reboot option. *Copy the file names below to the clipboard by highlighting them and pressing Control-C: Quote:
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. About the different password in safe mode, He thought it's because safe mode has it's own user account. Run a new HijackThis scan. Save the log file and run the KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. 4SG |
|
|
|
|
| Thread Tools | |
|
|
