|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-17-2007, 11:17 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Error message and some problems with internet
I get the following error message.
"Error loading w0060216.dll" I also have problems with my internet connections sometimes. The following is my Hijack log. Logfile of HijackThis v1.99.1 Scan saved at 1:15:26 AM, on 8/18/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files (x86)\DAEMON Tools\daemon.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Security\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 O4 - HKCU\..\Run: [sys_up1] C:\Program Files (x86)\Common Files\svchostsys\svchostsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yelenar628.spaces.msn.com//Ph...d/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132608823078 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CFA680-2FA1-4C54-AE40-7827E552898C}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) Thank you in advance. Last edited by Knight3000; 08-17-2007 at 11:18 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-15-2007, 09:18 PM
|
#7 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
Sorry for the delay
If your still in need of assitance and are not recieving help at another forum, post back with a new hijackthis log so we can get started. also: is this folder still present ? C:\Program Files (x86)\Common Files\svchostsys |
|
|
|
|
09-16-2007, 01:57 AM
|
#8 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
Thank you very much for replying. Here is the most recent Hijack log.
Logfile of HijackThis v1.99.1 Scan saved at 3:52:57 AM, on 9/16/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files (x86)\DAEMON Tools\daemon.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\svehost.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Security\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [defender] c:\\dfndra_1.exe O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [sys_up1] C:\Program Files (x86)\Common Files\svchostsys\svchostsys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yelenar628.spaces.msn.com//Ph...d/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132608823078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CFA680-2FA1-4C54-AE40-7827E552898C}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) I can't find the folder C:\Program Files (x86)\Common Files\svchostsys when I go into the directory, but it still appears on the Hijack log, so apparently it's still there. Do I need to remove it, and if I do, how would I go about doing this? |
|
|
|
|
09-16-2007, 02:29 AM
|
#9 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
Start Hijackthis Scan and place a check next to these items If there.
O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [defender] c:\\dfndra_1.exe O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [sys_up1] C:\Program Files (x86)\Common Files\svchostsys\svchostsys.exe ==================================== Hit fix checked and close Hijackthis. Restart the PC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Manualy delete these files, be carefull of spelling C:\WINDOWS\system32\svehost.exe c:\dfndra_1.exe Your antivirus might delete when you get close to them, thats fine. Post a report from one or better yet both of these free online scans Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Pess "scan your PC now" allow the active x to install (if prompted) Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2 Kaspersky Lab - Free Online scan: http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended this database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. Post back with a new Hijackthis |
|
|
|
|
09-19-2007, 11:30 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
Here is the Kaspersky and new HiJack. I couldn't find the
C:\WINDOWS\system32\svehost.exe c:\dfndra_1.exe not sure what to do about them. KASPERSKY ONLINE SCANNER REPORT Thursday, September 20, 2007 1:21:31 AM Operating System: Microsoft Windows XP Professional x64 Edition, Service Pack 2 (Build 3790) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 20/09/2007 Kaspersky Anti-Virus database records: 421026 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 80198 Number of viruses found 2 Number of infected objects 5 Number of suspicious objects 0 Duration of the scan process 02:18:34 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Sti_Trace.log Object is locked skipped C:\Documents and Settings\LocalService\wiadebug.log Object is locked skipped C:\Documents and Settings\Mark\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temp\bot.exe Infected: Backdoor.Win32.Agobot.aii skipped C:\Documents and Settings\Mark\Local Settings\Temp\~DFACB1.tmp Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temp\~DFE2EA.tmp Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mark\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Sti_Trace.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped C:\System Volume Information\_restore{DFB7E9D3-13FD-4E34-81EA-52F0F3825250}\RP13\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\svdhost.exe Infected: Backdoor.Win32.Agobot.aii skipped C:\WINDOWS\system32\svehost.exe Infected: Backdoor.Win32.Rbot.dyf skipped C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\SysWOW64\svdhost.exe Infected: Backdoor.Win32.Agobot.aii skipped C:\WINDOWS\SysWOW64\svehost.exe Infected: Backdoor.Win32.Rbot.dyf skipped C:\WINDOWS\SysWOW64\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\Tasks\SchedLgU.Txt Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 1:30:18 AM, on 9/20/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files (x86)\DAEMON Tools\daemon.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Security\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yelenar628.spaces.msn.com//Ph...d/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132608823078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CFA680-2FA1-4C54-AE40-7827E552898C}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) I couldn't do the Panda Scan for some reason. I could try again if you want. |
|
|
|
|
09-20-2007, 12:46 AM
|
#11 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
Set windows to show hidden extensions file's and folder's.
click for> instructions<. Carefully delete these files, be very carefull of spelling C:\Documents and Settings\Mark\Local Settings\Temp\bot.exe C:\WINDOWS\system32\svdhost.exe C:\WINDOWS\system32\svehost.exe C:\WINDOWS\SysWOW64\svdhost.exe C:\WINDOWS\SysWOW64\svehost.exe svchost.exe is a windows file, do not attempt to delete it. ------------- Are there any current problems or recent error messages ? |
|
|
|
|
10-08-2007, 10:56 AM
|
#12 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
I apologize for the disappearance. I was having problems.
I am still having serious internet connection problems. I am able to log onto the internet in the morning and after some time, some sites aren't able to load anymore. I have to wait about 20 minutes for the problem to clear, and then I can go onto the sites again. After about 5 minutes, the sites aren't able to load again. It seems like the computer is having a problem loading pictures and videos, because generally, text based sites like forums load most of the time, while picture based sites don't. I know the problem isn't with the net connection because on my other computer, the internet works fine. The error messages have disappeared though. I attached another kaspersky log and another hijack log. Logfile of HijackThis v1.99.1 Scan saved at 12:56:10 PM, on 10/8/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files (x86)\DAEMON Tools\daemon.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Security\HijackThis\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132608823078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CFA680-2FA1-4C54-AE40-7827E552898C}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) KASPERSKY ONLINE SCANNER REPORT Monday, October 08, 2007 2:08:22 AM Operating System: Microsoft Windows XP Professional x64 Edition, Service Pack 2 (Build 3790) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 8/10/2007 Kaspersky Anti-Virus database records: 428942 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 82193 Number of viruses found 2 Number of infected objects 2 Number of suspicious objects 0 Duration of the scan process 02:29:47 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Sti_Trace.log Object is locked skipped C:\Documents and Settings\LocalService\wiadebug.log Object is locked skipped C:\Documents and Settings\Mark\Application Data\Aim\nwpvpyxq\mrvs33\cert8.db Object is locked skipped C:\Documents and Settings\Mark\Application Data\Aim\nwpvpyxq\mrvs33\key3.db Object is locked skipped C:\Documents and Settings\Mark\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\History\History.IE5\MSHist012007100720071008\index.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temp\~DF6123.tmp Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temp\~DFA3FE.tmp Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mark\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mark\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mark\Sti_Trace.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped C:\System Volume Information\_restore{DFB7E9D3-13FD-4E34-81EA-52F0F3825250}\RP13\A0024400.exe Infected: Backdoor.Win32.Agobot.aii skipped C:\System Volume Information\_restore{DFB7E9D3-13FD-4E34-81EA-52F0F3825250}\RP13\A0024446.exe Infected: Backdoor.Win32.Rbot.dyf skipped C:\System Volume Information\_restore{DFB7E9D3-13FD-4E34-81EA-52F0F3825250}\RP18\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{E6F25A30-D79A-4AF0-9468-11FD3FA10A2E}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\nmp.log Object is locked skipped C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\SysWOW64\nmp.log Object is locked skipped C:\WINDOWS\SysWOW64\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\Tasks\SchedLgU.Txt Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Thanks. |
|
|
|
|
10-08-2007, 11:27 AM
|
#13 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
What do you use for a firewall ?
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Last edited by LonnyRJones; 10-08-2007 at 11:35 AM. |
|
|
|
|
10-08-2007, 12:56 PM
|
#14 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
Deckard's System Scanner v20070905.67
Run by Mark on 2007-10-08 14:30:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. System Drive C: has 9.75 GiB (less than 15%) free. -- HijackThis (run as Mark.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 2:37:27 PM, on 10/8/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files (x86)\DAEMON Tools\daemon.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\AIM\aim.exe C:\Documents and Settings\Mark\Desktop\dss.exe C:\Security\HIJACK~2\Mark.exe C:\WINDOWS\system32\NOTEPAD.EXE F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1141605559\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132608823078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79CFA680-2FA1-4C54-AE40-7827E552898C}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files (x86)\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- HijackThis Fixed Entries (C:\Security\HIJACK~2\backups\) -------------------- backup-20060629-010812-442 O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) backup-20060702-060045-151 O4 - HKCU\..\Run: [sys_up1] C:\Program Files (x86)\Common Files\svchostsys\svchostsys.exe backup-20060702-060045-433 O4 - HKLM\..\Run: [hjrleszA] C:\WINDOWS\hjrleszA.exe backup-20060702-060045-599 O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 backup-20060702-060045-756 O4 - HKCU\..\Run: [PSHope] "C:\Program Files (x86)\PSHope\PSHope.exe" backup-20061025-154327-916 O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" backup-20061102-235451-924 O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" backup-20061102-235527-336 O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp backup-20070403-204548-915 O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 backup-20070916-140517-184 O4 - HKLM\..\Run: [defender] c:\\dfndra_1.exe backup-20070916-140517-393 O4 - HKCU\..\Run: [sys_up1] C:\Program Files (x86)\Common Files\svchostsys\svchostsys.exe backup-20070916-140517-466 O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe backup-20070916-140517-549 O4 - HKLM\..\Run: [lvd79fb0] RUNDLL32.EXE w0060216.dll,n 00179faf000000030060216 backup-20070916-140517-579 O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe backup-20070916-145452-940 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070920-013742-954 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yelenar628.spaces.msn.com//Ph...d/MsnPUpld.cab -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing) R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing) R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing) R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing) R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing) R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing) R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing) R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing) R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing) R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing) R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing) R0 Mup - c:\windows\system32\drivers\mup.sys (file missing) R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing) R0 nvata64 - c:\windows\system32\drivers\nvata64.sys (file missing) R0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing) R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing) R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing) R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing) R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing) R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing) R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys (file missing) R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys (file missing) R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing) R0 sptd - c:\windows\system32\drivers\sptd.sys (file missing) R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing) R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing) R1 AFD - c:\windows\system32\drivers\afd.sys (file missing) R1 Beep - c:\windows\system32\drivers\beep.sys (file missing) R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing) R1 Fips - c:\windows\system32\drivers\fips.sys (file missing) R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing) R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing) R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing) R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing) R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing) R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing) R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing) R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5a.sys (file missing) R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing) R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing) R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing) R1 Null - c:\windows\system32\drivers\null.sys (file missing) R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing) R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing) R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing) R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing) R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing) R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing) R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing) R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing) R1 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - c:\windows\system32\drivers\ws2ifsl.sys (file missing) R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing) R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing) R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys (file missing) R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing) R3 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing) R3 Arp1394 (1394 ARP Client Protocol) - c:\windows\system32\drivers\arp1394.sys (file missing) R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing) R3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing) R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing) R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing) R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing) R3 HTTP - c:\windows\system32\drivers\http.sys (file missing) R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing) R3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing) R3 irsir (Microsoft Serial Infrared Driver) - c:\windows\system32\drivers\irsir.sys (file missing) R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing) R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing) R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing) R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5a.sys (file missing) R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing) R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing) R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing) R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing) R3 NIC1394 (1394 Net Driver) - c:\windows\system32\drivers\nic1394.sys (file missing) R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing) R3 nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - c:\windows\system32\drivers\nvax64.sys (file missing) R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvenetfd.sys (file missing) R3 nvnetbus (NVIDIA Network Bus Enumerator) - c:\windows\system32\drivers\nvnetbus.sys (file missing) R3 nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - c:\windows\system32\drivers\nvapu64.sys (file missing) R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing) R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing) R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing) R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing) R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys (file missing) R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing) R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing) R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing) R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing) R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing) R3 Srv - c:\windows\system32\drivers\srv.sys (file missing) R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing) R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing) R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing) R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing) R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing) R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing) R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing) R3 xnacc (Microsoft Common Controller For Windows Driver Service) - c:\windows\system32\drivers\xnacc.sys (file missing) R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing) R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing) S1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing) S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing) S2 CDRPDACC (Arrowkey Device Access) - c:\program files (x86)\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access> S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing) S3 Asushwio - c:\windows\system32\drivers\asushwio.sys S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing) S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing) S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys (file missing) S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing) S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing) S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing) S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing) S3 Modem - c:\windows\system32\drivers\modem.sys (file missing) S3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing) S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing) S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing) S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing) S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing) S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing) S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing) S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing) S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing) S3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing) S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing) S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing) S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing) S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing) S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys (file missing) S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys (file missing) S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing) S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing) S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing) S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing) S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Autodesk Licensing Service - "c:\program files (x86)\common files\autodesk shared\service\adskscsrv.exe" R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing) R2 ForceWare Intelligent Application Manager (IAM) - c:\program files (x86)\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files (x86)\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 McTaskManager (Network Associates Task Manager) - "c:\program files (x86)\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise> R2 nSvcIp (ForceWare IP service) - c:\program files (x86)\nvidia corporation\networkaccessmanager\bin\nsvcip.exe R2 nSvcLog (ForceWare user log service) - c:\program files (x86)\nvidia corporation\networkaccessmanager\bin\nsvclog.exe R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing) R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing) R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing) R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing) R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing) S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing) S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing) S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing) S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing) S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing) S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing) S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing) S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing) S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing) S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2006-06-30 02:31:15 322 --a------ C:\WINDOWS\Tasks\XoftSpy.job -- Files created between 2007-09-08 and 2007-10-08 ----------------------------- 2007-09-19 22:05:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab -- Find3M Report --------------------------------------------------------------- 2007-10-07 20:11:24 0 d-------- C:\Program Files (x86)\NVIDIA Corporation 2007-10-07 15:46:41 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2007-10-07 15:03:24 0 d-------- C:\Documents and Settings\Mark\Application Data\Xfire 2007-10-07 14:50:13 0 d-------- C:\Program Files (x86)\Xfire 2007-09-23 00:48:16 0 d-------- C:\Documents and Settings\Mark\Application Data\My Battle for Middle-earth(tm) II Files 2007-09-08 12:24:41 0 d-------- C:\Program Files (x86)\SpywareBlaster 2007-08-28 05:16:29 0 d-------- C:\Program Files (x86)\SpywareGuard 2007-08-27 12:05:30 0 d-------- C:\Program Files (x86)\Silkroad 2007-08-22 23:24:28 0 d-------- C:\Program Files (x86)\Alice Greenfingers 2007-08-22 21:31:52 0 d-------- C:\Program Files (x86)\ReflexiveArcade 2007-08-20 06:51:30 0 d-------- C:\Program Files (x86)\Veoh Networks 2007-08-18 01:22:19 0 d-------- C:\Program Files (x86)\Yahoo! 2007-08-14 16:41:19 0 d-------- C:\Program Files (x86)\MSXML 4.0 2007-08-13 14:23:35 0 d-------- C:\Documents and Settings\Mark\Application Data\Hamachi 2007-07-28 01:13:38 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2007-10-08 14:50:23 ------------ I believe I'm using the McAfee Firewall. I'm not sure exactly. How do I check? |
|
|
|
|
10-08-2007, 03:23 PM
|
#15 (permalink) | |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
Quote:
I see the windows firewall is on to. Looks as if Nvidia is on to http://www.nvidia.com/object/security.html Only run one firewall Also: why did you fix this item with hijackthis ? -- HijackThis Fixed Entries (C:\Security\HIJACK~2\backups\) ----------- backup-20060629-010812-442 O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) http://www.castlecops.com/o23list-2522.html Last edited by LonnyRJones; 10-08-2007 at 03:31 PM. |
|
|
|
|
|
10-08-2007, 06:37 PM
|
#16 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
Ok, I was only running the Windows Firewall. I have the McAfee virus on-access scan running as well. My NVIDIA Firewall is off. Should I use NVIDIA instead of Windows?
About the second issue, I have no idea when I did that. Is there a way to reverse that if it's relevant? What should I do next? Thanks. |
|
|
|
|
10-08-2007, 07:49 PM
|
#17 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
You can use Hijackthis > config > backups to restore that item
reboot the PC after doing so If you havent already read the faq's about NVIDIA's firewall and try it. Are you on a network ? if so which pc connects to the internet ? Lets see if avg antispyware helps with your current problem http://free.grisoft.com/doc/download.../frt/0?prd=asf Last edited by LonnyRJones; 10-08-2007 at 07:53 PM. |
|
|
|
|
10-12-2007, 12:46 PM
|
#18 (permalink) |
|
Registered User
Join Date: Jun 2006
Location: MA, USA
Posts: 28
OS: Windows XP 64 bit
|
Re: Error message and some problems with internet
I ran the avg antivirus, and it just found a bunch of tracking cookies which i got rid of. I don't know what to do at this point.
|
|
|
|
|
10-12-2007, 03:56 PM
|
#19 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Error message and some problems with internet
It might help to uninstall ie7, reboot and install it again, or try an alternative browser like firefox.
Install AVG Anti-Rootkit Free reboot and scan, If anything shows post its report please http://free.grisoft.com/doc/5390/us/frt/0?prd=arw |
|
|
|
| Thread Tools | |
|
|
