HJT Logfile(computer 2)

Status
Not open for further replies.

WallyWattz

Solid State Member
Messages
9
Logfile of HijackThis v1.99.1
Scan saved at 7:01:57 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpt.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ArcSoft\Collage Creator\Collage.exe
C:\Documents and Settings\Sara Watson\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SARAWA~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SARAWA~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {D8ED4385-8761-42B3-A46B-CC09D25A84BB} - C:\WINDOWS\system32\nnnpbid.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\SARAWA~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rvmnln.exe reg_run
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Filter: text/html - {48F77ED8-C237-4076-96AE-AA9CA7E7ACC0} - C:\WINDOWS\system32\nnnpbid.dll
O18 - Filter: text/plain - {48F77ED8-C237-4076-96AE-AA9CA7E7ACC0} - C:\WINDOWS\system32\nnnpbid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: evcheqeitukf (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Remove entries at your own risk


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
Nasty This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SARAWA~1\LOCALS~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\SARAWA~1\LOCALS~1\Temp\se.dll/sp.html
Nasty This entry should be fixed by HijackThis!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank This entry should be fixed by HijackThis!
 

Lobos

Daemon Poster
Messages
617
Download SpSeHJfix to your desktop; be sure to download the one that's appropriate for your operating system.

1) Click "Start Disinfection".

-

Be sure to post the log created by the SpSeHjfix cleanup tool, along with any other logs requested after completing this solution.
 

Lobos

Daemon Poster
Messages
617
you also have a rootkit infection to help you get rid of it i also need you to run these two programs too

Download FindQoologic-Narrator.zip save it to your Desktop.
http://forums.net-integration.net/i...=post&id=134981

Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder. Preferable to your desktop.
Locate and double-click the Find-Qoologic.bat file to run it.
wait until a text opens, post it in a reply to your thread.

Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip

Create a new folder called c:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into this new RKFiles folder.

Then,

1. Reboot into Safe Mode

Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).

2. Open the C:\Antispyware\RKFiles folder

* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.

Note: It should save by default to C:\Log.txt
* Find this log, right-click and rename it RKFiles_log.txt so you can post it later.

3. Reboot back to Normal Mode.

4. Post both logs as well as a new hijackthis log.

so im going to need the SpSeHjfix Log , RKFILESLog, Find-Qoologic Log, and another hijack this log



Lobos
 

WallyWattz

Solid State Member
Messages
9
I ran SpSeHJfix and it prompted me to restart my computer, i did so, then i am unable to open IE or anything else.
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Repair or Reinstall Internet Explorer6 and Outlook Express 6
According to Microsoft, if you are having trouble with either Internet Explorer 6 or Outlook Express 6 because of damaged files or missing registration information (XP registration trouble, not your name and address) you will need to either reinstall or repair the affected installation. I'm going to go over two ways that Microsoft suggests for dealing with IE6 and OE6 problems. Read over the entire article before making a decision about which method to use. At the end of Method II I've mentioned what I'd consider the best solution to this problem.

Method I
One likely cause of IE6 and OE6 not functioning properly is a corrupted file. Microsoft says this is the "most" likely cause, but I think that's wishful thinking. To run a check on the files and see if one or more is corrupted use the System File Checker that is included with Windows XP.

Click [Start] [Run] and type sfc /scannow in the [Open] box.
(Note that there is a space between sfc and /scannow)

In all likelihood you will be prompted to insert the Windows XP CD ROM. If you don't have it available there is no point in continuing unless you have the files available on your hard drive and have changed the location of the XP installation files in the registry. If you do have the files copied to the hard drive, the default install location may be modified using the registry edit shown below.

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_SZ (String Value) // Value Name: SourcePath
Setting for Value Data: [Set using the path to the installation files, i.e. G:\WXPCCP_EN]
Exit Registry and Reboot

Running System File Checker is not a fast process. The machine I use for the majority of my everyday work is only a P-III 866 with 784MB RAM and a 20GB/5400 RPM C drive and it took between 7-8 minutes running off the hard drive. Expect much longer times if you run from the CD. Once the System File Checker has finished, reboot and test to see if the problem has been resolved. If the problem still exists you have three choices.

In-place upgrade of Windows XP

Repair Windows XP

Reinstall Windows XP


Since I'm 100% against upgrade installations of XP I won't recommend that option. A repair of Windows XP may solve the problem, but the fact the problem arose in the first place makes me suspect of the current installations overall integrity. I suggest a complete reinstall of XP after backing up all data files. However, before you select any of the above choices, look at Method II below.

Method II
The second method to try and correct the problem involves editing the registry and reinstalling Internet Explorer 6. The standard cautions apply whenever you are editing the registry. If you need help on how to backup the registry, click here.

If you are having problems only with Internet Explorer 6, proceed as follows:

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: DWORD // Value Name: IsInstalled
Setting for Value Data: [Change the Value from 1 to 0]
Exit Registry

If you are having problems only with Outlook Express 6, proceed as follows:

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: DWORD // Value Name: IsInstalled
Setting for Value Data: [Change the Value from 1 to 0]
Exit Registry

If you are having problems with both Internet Explorer 6 and Outlook Express 6, proceed as follows:

Change the values in both of the registry keys as outlined above.
Exit Registry

Once you have made the appropriate registry changes use the link below to download and install Internet Explorer 6. The Internet Explorer 6 download includes Outlook Express 6. Reboot and test for proper operation.

Download IE SP1
 
Status
Not open for further replies.
Top