Post by: -3dg3- on February 20, 2005, 11:46:55 PM
hjt:
Logfile of HijackThis v1.99.0
Scan saved at 11:42:31 PM, on 2/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Services\{FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}\SVCHOST.EXE
C:\WINDOWS\process.exe
C:\steam\steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\hjt\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}\SVCHOST.EXE
O4 - HKLM\..\Run: [process.exe] C:\WINDOWS\process.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Jffoagam.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Post by: guestolo on February 20, 2005, 11:53:56 PM
http://www.thetechguide.com/forum/index.ph...topic=13217&hl= (http://\"http://www.thetechguide.com/forum/index.php?showtopic=13217&hl=\")
Don't do it now, but did you disable system restore and restart your computer and then enable it?
Did you install IE-Spyad and SpywareBlaster?
You certainly didn't get any Windows Updates, your asking for worse problems
Don't disable system restore yet....Your not clean anymore
I also asked you to do this
Quote
Could you open Hijackthis>>Open Misc tools>>Open Hosts file Manager
click the "Open In Notepad"
Copy and paste back here the whole hosts file notepad file
Post by: guestolo on February 21, 2005, 12:11:30 AM
If your version of Windows is legit go install Service Pack 1a right now from the link I supplied earlier
Keep revisiting Windows Updates and get All latest critical updates
Don't install Service pack 2 yet
Next go and download and install
Spyware Blaster>>I gave you instructions earlier
If you use Internet Explorer regularly, download and install IE-Spyad
Again, I gave you a link earlier
Then come back here and post a new log
I can see the bad guys, but you have to get some protection on your computer or you will just keep getting reinfected
I would also like to see that Host File from Hijackthis
Post by: -3dg3- on February 21, 2005, 12:19:24 AM
Post by: guestolo on February 21, 2005, 12:29:43 AM
Let me know if you have Notepad.exe
In the C:\Windows << folder
and in the C:\Windows\System32<< folder
You would know if you got the Windows updates
If your Windows version is legitimate
Open Internet Explorer and
Go to this link
http://v4.windowsupdate.microsoft.com/en/thanks.asp (http://\"http://v4.windowsupdate.microsoft.com/en/thanks.asp\")
or here
http://www.microsoft.com/windowsxp/downloa...p1/express.mspx (http://\"http://www.microsoft.com/windowsxp/downloads/updates/sp1/express.mspx\")
Install Latest Critical updates and SP1a
Let them download and install
RESTART the computer when prompted
Revisit Windows updates and check for more Critical updates(High Priority)
Don't install the Recommended updates or Service Pack 2
When your satisfied you have revisited and there are no more to Install
Come back here and post a fresh hijackthis log and let me know if you found Notepad in those 2 locations
Post by: -3dg3- on February 21, 2005, 01:10:10 AM
and notepad.exe is in both folders
Post by: guestolo on February 21, 2005, 01:36:53 AM
Unzip it to it's own folder
Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet
Print the rest of this out or save to a Notepad file
Disconnect from the Internet
Set Windows to Show Hidden files and folders
===# Open Registry Editor. Click Start>Run, type REGEDIT
then press Enter.
# In the left panel, expand(+) the following
+HKEY_CURRENT_USER
+Software
+Microsoft
+Internet Explorer
+Desktop
+Components
# Still in the left panel, locate and Right click on and delete the subkey:
0 <--just delete this entry
# Close Registry Editor.
Open Hijackthis>>Open Misc tools>>Open Process manager
Kill these process
C:\WINDOWS\System32\Services\{FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}\SVCHOST.EXE
C:\WINDOWS\process.exe
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}\SVCHOST.EXE
O4 - HKLM\..\Run: [process.exe] C:\WINDOWS\process.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Jffoagam.dll
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart into Safe mode
Find and delete these files or folders if they exist
C:\WINDOWS\System32\Jffoagam.dll <--file
C:\WINDOWS\System32\runoledb32.exe <--file
C:\WINDOWS\process.exe <--file
C:\WINDOWS\System32\systime.exe <--file
Also, look for these ones again
Using Windows Explorer and/or Search, locate and delete the following files
they are in bold >>>Not all may exist
•C:\WINDOWS\desktop.html '
C:\WINDOWS\Web\desktop.html
• C:\WINDOWS\SSICO.ICO
• C:\Documents and Settings\<current user>\Desktop\! Protect Your Data.url
• C:\Documents and Settings\<current user>\Favorites\! Smart Security.url
• C:\Documents and Settings\<current user>\Recent\! Smart Security.url
• C:\Documents and Settings\<current user>\Start Menu\! Secure Yourself.url
NOTE:<current user> indicates user having problems with desktop
Stay in safe mode
Open HOSTER >> Let it create a Host file if not found and click "RESTORE Original Hosts" <--do this anyways
Stay in safe mode
Open Windows CleanUp>>>START>>All Programs>>CleanUp
Click the CleanUp button, let it finish scanning for files
Restart back to Normal mode
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content--Reset Home page
===# Check ActiveX security settings:
* In Internet Explorer, Tools | Internet Options | Security tab | Custom Level. Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Run ActiveX controls and plug-ins (Enabled)
o Script ActiveX controls marked safe for scripting (Prompt)
Ensure also the time and date are set properly on your computer
Do you get any error messages trying to scan at Windows Updates
Try going there again
Check out this link if still having troubles
You will need to use IE
http://v4.windowsupdate.microsoft.com/troubleshoot/ (http://\"http://v4.windowsupdate.microsoft.com/troubleshoot/\")
Let me know what you see in this folder
C:\WINDOWS\System32\Services
and this one
C:\WINDOWS\System32\Services\{FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}
Post back a fresh Hijackthis log afterwards
Post by: -3dg3- on February 21, 2005, 03:29:46 AM
i got all the windows updates at least the high priority ones
there is only one folder in windows>sys32>services and that is this one: {FF531EE7-E0CC-42AA-AF87-26E33E1ECDA5}
and in the second folder u told me the files are: SVCHOST, SVCHOST.DLL
HLT:
Logfile of HijackThis v1.99.0
Scan saved at 3:26:24 AM, on 2/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\steam\steam.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108964025186 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108964025186\")
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Post by: guestolo on February 21, 2005, 06:33:10 PM
Disconnect from the Internet
Restart your computer into Safe mode
Find and delete these files
C:\WINDOWS\System32\spoolsrv32.exe <--file, exact spelling
C:\WINDOWS\System32\runoledb32.exe
Go to Control Panel > Display.
Click on the "Desktop" tab then click the "Customize Desktop" button.
Click on the "Web" tab.
Uncheck everything
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Run Windows CleanUp! again in safe mode
Restart back to Normal mode
Post a fresh Hijackthis log
Post by: Guest on February 21, 2005, 07:42:49 PM
/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' /> /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Post by: -3dg3- on February 21, 2005, 07:45:01 PM
hjt:
Logfile of HijackThis v1.99.0
Scan saved at 7:41:25 PM, on 2/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\steam\steam.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108964025186 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108964025186\")
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Post by: guestolo on February 21, 2005, 08:24:01 PM
Make sure you check your desktop settings again
Go to Control Panel > Display.
Click on the "Desktop" tab then click the "Customize Desktop" button.
Click on the "Web" tab.
Uncheck everything
Restart your computer and check your Display settings again
Post a fresh hijackthis log
Post by: -3dg3- on February 21, 2005, 09:24:48 PM
the reason y it wouldnt go away the first two times is b/c when i restarted into safe mode i logged on under a different user than the one i am always on in normal mode
hjt:
Logfile of HijackThis v1.99.0
Scan saved at 9:22:52 PM, on 2/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108964025186 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108964025186\")
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Post by: guestolo on February 21, 2005, 09:29:46 PM
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once back in Windows and System Restore is reenabled
Make sure you have IE-Spyad and SpywareBlaster on your system
Again, if your version of Windows is legit, you still have not installed the required Service Pack
Here's what I said
Quote
There is no reason to be so far behind on Windows Updates
This is important in keeping your system secure
You should be able to Install Service Pack 1a from this link
http://www.microsoft.com/windowsxp/downloa...p1/default.mspx (http://\"http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx\")
Once Installed you will be prompted to restart your computer. Reboot and Go back to Windows updates and check for and install Latest Critical updates
Don't install the Recommended updates unless they are something you want or need