|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-28-2005, 09:32 AM
|
#1 (permalink) |
|
I helped the forums.
Join Date: Jun 2005
Posts: 9
OS: XP
|
HJT help...cannot get rid of Narrator KAVSVC and maybe others
I have the KavSvc Narrator problem and cannot seem to get rid of it...I'm sure I have a couple others as well. I have followed the instructions of some of the other posts but cannot seem to completely eliminate all files. Below is the HJT log...thanks for any help.
Logfile of HijackThis v1.99.1 Scan saved at 10:28:53 AM, on 6/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndnu.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kary Nulisch\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vrvlmm.exe reg_run O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4101542B-4071-4B52-9F3A-7BCA44C1E791} (MarketTrader - ETrade v3.2a) - http://etrade.bridge.com/etgmt_prd/j...a_etrade_i.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/webinst.exe O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {D8A14CC1-B68A-11D6-B8FA-00C04F5E375A} (MarketTrader - Reuters v3.2a) - http://etrade.bridge.com/etgmt_prd/j..._reuters_i.cab O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\eps.dll O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing) O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-28-2005, 12:46 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,480
OS: N/A
|
Hi and Welcome to TSF!
Here's what you can do.... Please subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please click here. On the proceeding page, make sure Instant notification by email is selected, then click Add subscription. I see no anti-virus application installed on this machine. An anti-virus application is your first line of defense against infections from the internet and email. Without one you leave your computer completely vulnerable to every virus, spyware program, trojan and piece of malware tht is floating around out there today. I strongly recommend that you install an anti-virus program as quickly as possible. Here are 3 free programs that are available for home use: In the meanwhile, I suggest that you stop using Interent Explorer until we've fully disinfected your machine. Please download & use an alternative browser like Firefox. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. During the course of disinfection, I may ask you to fix a program that you wish to retain. Please post back to inform me. +++ WARNING +++ You are running HijackThis from an inappropriate location. It should be run from a permanent folder. This program creates backup files which we may need to use later. If the program is in a temporary folder, important backups may be accidentally deleted.
Enable the viewing of Hidden files Windows XP/2000 Go to My Computer > Tools > Folder Options > View tab & ensure that the following are enabled;
=============== Download & install CleanUp!. We'll run it later Download KillBox v2.0.0.175 & save to desktop Download rkfiles.zip and unzip the contents to a new folder on your desktop. Download the remv3.zip at http://forums.skads.org/index.php?showtopic=80 (look for the attachment to download). Make a new folder on the root drive C:\ and unzip remv3.zip files into it. L2mfix - Download & Save to Desktop This is a self extracting file. By double clicking on it, it will automatically extract it's contents to a new folder on Desktop.
Please Do NOT run any other files in the l2mfix folder until you are told to =============== Using KillBox Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndnu.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vrvlmm.exe reg_run
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again. =============== Reboot to Safe Mode
=============== Close all other windows & Run HiJackThis and click "Scan", then check(tick) the following, if present: O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vrvlmm.exe reg_run O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\eps.dll Click "Fix checked" for HJT to fix them =============== Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. Open the C:\log.txt it created and rename it log1.txt. Now open the folder where you saved remv3.zip files and double click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt **Note** Each tool uses log.txt as it’s output file so make sure you save the entries from one tools log before running the other as it will overwrite the file if you don’t. Post the contents of both the log.txt and log1.txt in your next post =============== Reboot to Normal Mode. Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. In your next post, please include:
__________________
Question - what have you done for the community today? |
|
|
|
