« previous next »
Pages: [1]

Author Topic: C:\WINDOWS\isrvs\desktop.exe  (Read 1323 times)

Offline lsubeast

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
C:\WINDOWS\isrvs\desktop.exe
« on: March 16, 2005, 02:18:26 PM »
I have been trying to get this off of my computer. I realize it is from a hijacking, and I have run hijackthis which has seemed to fix some of the problems. But I still cannot delete this. Here is a copy of my log from HIJACK THIS . If anyone can help me get my computer back to normal, I would be forever greatful! Thank you so much for your help. Sincerely, lsubeast

Logfile of HijackThis v1.99.1
Scan saved at 1:02:34 PM, on 3/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [wolkck] c:\windows\system32\wolkck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
C:\WINDOWS\isrvs\desktop.exe
« Reply #1 on: March 16, 2005, 11:21:43 PM »
Download and UNZIP to your desktop Cleanup.zip so that you have Cleanup.reg on your desktop
[attachment=64:attachment]
We'll need this later

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE

Find and delete these files or folders
C:\WINDOWS\dlmax.dll <-file
C:\WINDOWS\farmmext.exe <-file
c:\windows\system32\wolkck.exe <-file

C:\WINDOWS\isrvs <-folder


Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [wolkck] c:\windows\system32\wolkck.exe

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on Cleanup.reg and allow to merge to the registry

Go to START>>RUN>>type in
%temp%
Hit OK
In new windows click EDIT>>Select All
Delete the selected

Restart back to Normal mode and post a fresh Hijackthis log
« Last Edit: March 16, 2005, 11:22:32 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
C:\WINDOWS\isrvs\desktop.exe
« Reply #2 on: May 02, 2005, 08:56:41 PM »
a faster way would be to get Spysweeper  install that  then restart  in safe mode by  hittin f8  then start in safe mode  then run spysweeper it'll get rid of it  but also run an anti-virus program in safe mode as well just to be sure
Logged
Pages: [1]
« previous next »