|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-29-2005, 10:40 AM
|
#1 (permalink) |
|
Member
Join Date: Jul 2004
Location: Netherlands
Posts: 35
OS: XP
|
I'm running slow
I've got some problems everithing is running slow it nearly crashed i think. It's a real mess
 Logfile of HijackThis v1.99.1 Scan saved at 18:37:20, on 29-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\bin\ZLH.EXE C:\WINDOWS\switpa.exe C:\Program Files\a2\a2guard.exe C:\Program Files\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService7.exe C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Nvc\BIN\NIP.EXE C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe C:\Program Files\bin\NJEEVES.EXE C:\Program Files\Nvc\BIN\nipsvc.exe C:\Program Files\Nvc\bin\cclaw.exe C:\Program Files\Norman\NPF\npfmsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Internet\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe O4 - HKLM\..\Run: [SpyBlocker] C:\DOCUME~1\MARTIJN\LOCALS~1\Temp\Rar$EX00.750\crack\spyblocker.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe O4 - Global Startup: NPF Messenger.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-29-2005, 05:43 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Mar 2005
Location: NY
Posts: 350
OS: XP Pro/Home SP2
 |
TripTrax,
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. You may need to modify the default Windows XP search settings (if you haven’t already). When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. Do Not turn off System Restore unless you are told to do so! Once your HijackThis log is confirmed as clean, further instructions will be given. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Some Notes: Looking at your log, it appears you have A-squared and Norman AV set up to run at the same time. This can cause conflicts so you should remove one of them. You also have Spyblocker set to run at startup. However it seems to be loading from a temp folder. If this is a program you plan on keeping I suggest you install it to a permanent folder. Please download Adaware SE and install it (if you don't have it already). - Make sure it's the newest version and check for any updates before running it. - Go to this Site to get the plug-in for fixing VX2 variants. - Also make sure to Customize the settings in Adaware for better scan results. - Run the scan now and fix everything that it finds. Download Spybot 1.3 and install it (if you don't have it already). - update the definitions file and run a scan now. Fix all the entries, which are indicated in RED. Run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may also use Panda ActiveScan. Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears). Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time). C:\WINDOWS\switpa.exe Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): OfferAgent Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Please remember to close all other windows, including browsers then click Fix checked. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\switpa.exe Reboot into Normal Mode run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. Let us know how your system is running. 4SG |
|
|
|
|
07-01-2005, 10:36 AM
|
#3 (permalink) |
|
Member
Join Date: Jul 2004
Location: Netherlands
Posts: 35
OS: XP
|
Thanks for the help.
Well my comp is running better but it isn't a 100% Logfile of HijackThis v1.99.1 Scan saved at 18:36:16, on 1-7-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\bin\ZLH.EXE C:\Program Files\a2\a2guard.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe C:\Program Files\bin\NJEEVES.EXE C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Nvc\BIN\NIP.EXE C:\Program Files\Nvc\BIN\nipsvc.exe C:\Program Files\Nvc\bin\cclaw.exe C:\Program Files\Norman\NPF\npfmsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Internet\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [SpyBlocker] C:\DOCUME~1\MARTIJN\LOCALS~1\Temp\Rar$EX00.750\crack\spyblocker.exe O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe O4 - Global Startup: NPF Messenger.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
|
|
|
07-01-2005, 11:55 AM
|
#4 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
The location of this software concerns me:O4 - HKLM\..\Run: [SpyBlocker] C:\DOCUME~1\MARTIJN\LOCALS~1\Temp\Rar$EX00.750\cra ck\spyblocker.exe - are you certain you have installed this program correctly? I recommened moving any item you want to keep out of the Temp directories.
Please run an online virus scan at Panda ActiveScan. Save the results and bring them with you in your next post.
__________________
  |
|
|
|
|
07-02-2005, 03:39 AM
|
#5 (permalink) |
|
Member
Join Date: Jul 2004
Location: Netherlands
Posts: 35
OS: XP
|
I did a panda scan.
This is the result. Incident Status Location Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6f71db98-4c88d969.RB0[Mein.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6f71db98-4c88d969.zip[Mein.class] Virus:Trj/Dropper.BA Disinfected C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-f51b56c-2c9b9f41.RB0[web.exe] Virus:Trj/Dropper.BA Disinfected C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-f51b56c-2c9b9f41.RB1[web.exe] Virus:Exploit/ByteVerify No disinfected C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv50.jar-2396da4f-4a9fea69.zip[Matrix.class] Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\iumu\iumud\iumuc.dll Adware:Adware/SaveNow No disinfected C:\Program Files\ddm\2620\SaveInstCmS.exe Adware:Adware/Lop No disinfected C:\Program Files\DRIVEPLATFORM\18338.exe Spyware:Spyware/New.net No disinfected C:\Program Files\newdotnet\newdotnet6_30.dll Adware:Adware/SBSoft No disinfected C:\WINDOWS\Downloaded Program Files\webdlg32.inf Spyware:Spyware/EasySearchBar No disinfected C:\WINDOWS\esba-4.exe Adware:Adware/NetPals No disinfected C:\WINDOWS\iNetPal\29wu51rd.exe Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe Adware:Adware/NetPals No disinfected C:\WINDOWS\system32\ATPartners.dll Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\in10b6s.dll Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v124.cpl Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\setup_incred_2.exe Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll Adware:Adware/eZula No disinfected C:\WINDOWS\system32\stub.exe Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe Possible Virus. No disinfected C:\WINDOWS\xlcwcsdjx.exe |
|
|
|
|
07-02-2005, 04:09 AM
|
#6 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Click on newdotnet6_30.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts. Go into Add/Remove and uninstall: NewDotNet EasySearchBar P2PNetworking Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\Documents and Settings\MARTIJN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loa deradv50.jar-2396da4f-4a9fea69.zip[Matrix.class] C:\Program Files\Common Files\iumu\iumud\iumuc.dll C:\Program Files\ddm\2620\SaveInstCmS.exe C:\Program Files\DRIVEPLATFORM\18338.exe C:\Program Files\newdotnet\newdotnet6_30.dll C:\WINDOWS\Downloaded Program Files\webdlg32.inf C:\WINDOWS\esba-4.exe C:\WINDOWS\iNetPal\29wu51rd.exe C:\WINDOWS\NDNuninstall6_30.exe C:\WINDOWS\system32\ATPartners.dll C:\WINDOWS\system32\cd_clint.dll C:\WINDOWS\system32\drivers\etc\hosts.bho C:\WINDOWS\system32\in10b6s.dll C:\WINDOWS\system32\P2P Networking v124.cpl C:\WINDOWS\system32\setup_incred_2.exe C:\WINDOWS\system32\SplWbr.dll C:\WINDOWS\system32\stub.exe C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\xlcwcsdjx.exe Reboot the computer now. I would advise you to run Adaware and Spybot now. Also - run a new HJT scan and post the results in your next post.
__________________
|
|
|
|
|
07-02-2005, 08:34 AM
|
#7 (permalink) |
|
Member
Join Date: Jul 2004
Location: Netherlands
Posts: 35
OS: XP
|
It is a little bit difficult too find the right buttons because i have the dutch windows. Soo it is a search sometimes.
Logfile of HijackThis v1.99.1 Scan saved at 16:30:52, on 2-7-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\bin\ZLH.EXE C:\Program Files\a2\a2guard.exe C:\Program Files\bin\ZANDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Nvc\BIN\NIP.EXE C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe C:\Program Files\Nvc\BIN\nipsvc.exe C:\Program Files\bin\NJEEVES.EXE C:\Program Files\Nvc\bin\cclaw.exe C:\Program Files\Norman\NPF\npfmsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Internet\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe O4 - Global Startup: NPF Messenger.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...24/mcfscan.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAM FILES\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAM FILES\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
|
|
|
07-02-2005, 08:41 AM
|
#8 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
Fantastic! Your log is clean.
Please clear your System Restore Points by doing the following: To turn off System Restore,Click Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK. Reboot your System. Now create a new Restore Point: To turn on System Restore,Click Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided. Are there any problems now? If not, you should be set to go. A little bit of tidying on your system though. C:\Program Files\Common Files\iumu\ C:\Program Files\ddm\ C:\Program Files\DRIVEPLATFORM\ C:\Program Files\newdotnet\ You may delete the above folders out of Program Files.
__________________
|
|
|
|
|
07-02-2005, 09:05 AM
|
#9 (permalink) |
|
Member
Join Date: Jul 2004
Location: Netherlands
Posts: 35
OS: XP
|
Well it's still a little bit slow. But 3 days ago my computer fall out, and it said put a boostdisk in something like that. Soo i put my xp cd in and i came too the menu restore windows. When i did that it said can't find a harddrive. Soo i opened it and pull the plug of the harddrive in and out and it worked again. But yesterday it did the same. And when i start a program i get the program is not responding, and then it works after a wile. Soo mayby the harddrive is broken?
|
|
|
|
|
07-02-2005, 09:13 AM
|
#10 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
I would definately agree that it could eb hardware related. If you want, we can run some additional scans to be extra sure there is nothing malicious on your system???
__________________
|
|
|
|
|
07-02-2005, 10:37 AM
|
#12 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.
Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3) 1. Save it to a folder. 2. Reboot into Safe Mode. 3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything. 4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane. 5. In the Virus Log Information Pane...... Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file *Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files. Once you copy that to a Notepad file...highlight the text and copy it here. Right click on Silent Runners and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.
__________________
|
|
|
|
| Thread Tools | |
|
|
