Logfile of HijackThis v1.99.1
Scan saved at 2:30:48 PM, on 10/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mssmbios.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Crystal\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: msmbios (Microsoft System Management BIOS Driver) - Unknown owner - C:\WINDOWS\mssmbios.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
thx
More imfermation please.
petercoti
Junior Poster in Training
68 posts since Oct 2005
Reputation Points: 11
Solved Threads: 2
Welcome to Daniweb, deacon :)
1. First of all, the header information in your HJT log shows that your versions of Windows XP and Internet Explorer are very out of date:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Please use Windows' Automatic Update feature to bring your system up to date; many of the updates you're missing address/fix security loopholes through which malware can infect your computer. I definitely wouldn't suggest going all the way to Service Pack 2 until we're sure that you're infection-free, but you need to at least upgrade to Service Pack 1 with all of its most current critical updates.
Once you've done that, the upgrades/updates should be reflected in your HJT log's header info as follows:
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
2. Once you've installed the updates above, please do the following:
Please download, install, and run the following two utilities:
Microsoft Antispyware beta
ewido Security Suite
Be sure to use each program's automatic update feature to get the most current detection databases installed before actually running the scans/fixes. If you initially receive a warning message from ewido saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update".
Run a full system scan with each utility, and have each program fix whatever "nasties" they find.
3. Once you've done the above, run HijackThis again and post the new log. Also post the scan report log that ewido generated.
DMR
Wombat At Large
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
Please do the following:
1. Click on the "Run..." option under your Start menu, type the following in the resulting "Open:" box, and then hit Enter:
services.msc
In the resulting list of Windows Services, locate the following service and perform the procedure below on it:
msmbios (Microsoft System Management BIOS Driver)
- Double-click on the service.
- In the resulting window, click the Stop button if the service is reported to be currently running.
- Once the service is stopped, choose the "Disabled" option in the "Startup Type" drop-down menu, and then click OK.
- Close the Services window.
2. Run HijackThis again and have it fix:
O23 - Service: msmbios (Microsoft System Management BIOS Driver) - Unknown owner - C:\WINDOWS\mssmbios.exe
3. Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window, click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
msmbios
4. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following file:
C:\WINDOWS\mssmbios.exe
- Empty your recycle bin and reboot normally.
5. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what (if any) leftover "nasties" they find:
http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
6. Run HJT again and post the new log.
DMR
Wombat At Large
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
This file is not on Hijack This...
Are you sure about that? The 023 entrydoes appear in both of the logs you've posted.
DMR
Wombat At Large
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
Skip steps 2 and three; just do steps 4-6.
DMR
Wombat At Large
7,229 posts since Dec 2003
Reputation Points: 221
Solved Threads: 370
