0

I cant even pull it up anymore!
I look @ the task manager when I click on the shortcut and it comes up on the task manager for a sec. Then it goes away, it isnt even giving me a message!
I uninstalled it then went to reinstall the firewall and virusscan. I installed the firewall sucessfully but the virusscan installer will not even come up.
I run Windows XP and the virusscan is ver.8.0

Thank you,
The newguy.

2
Contributors
26
Replies
27
Views
13 Years
Discussion Span
Last Post by caperjack
0

Please do this.
Download 'Hijack This!'.

htt

p://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\,

double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a

"Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its

contents here. Most of what it lists will be harmless or even

essential, don't fix anything yet.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


Scanning in

Spybot

Search and Destroy:

1. Downloaded and Install

Spybot

S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see

'Mode'. Make certain that 'default mode' has a

check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then

download and install the Updates.

5. Next click the button ‘Check for Problems’

6. When Spybot is complete, it will be showing

‘RED’ entries bold 'Black'

entries and ‘GREEN’ entries in

the window

7. Make certain there is a check mark beside all of the

RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix

the RED entries.

9.REBOOT to complete the scan and clear memory.


Finally if you are going to run both Spybot SD and Ad-Aware SE,

leave the rescan with HijackThis until you have completed

running both tools. If only running Spybot SD then

RESCAN with HijackThis and POST your logfile in

the same thread using ‘Add Reply’. Please do not

attempt to fix anything in HijackThis yourself!


Scanning With

Ad-Aware SE

:

1. Download and Install

Ad-Aware

SE, keeping the default options. However, some of the

settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the

Ad-Aware SE window and let AdAware SE update the reference list

for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon

(second from the left at the top of the window) to access the

preferences/settings window

1) In the ‘General’ window make sure the following are

selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of

days


2) Click on the ‘Scanning’ button on the left and select

in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all

green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select

in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in

green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list

in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as

negligible risk entries (MRU's) are not considered to be a

threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard

drive(s) with the options you have selected and clean

automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list

of what it found in the window

9. Save the log file when it asks and then click

‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE

found

Finally after running both Spybot SD and Ad-Aware SE,

RESCAN with HijackThis and POST your logfile in the same

thread using ‘Add Reply’. Do not attempt to fix

anything in HijackThis yourself!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

0

Logfile of HijackThis v1.98.2
Scan saved at 6:10:09 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O72RSTCD\stinger[1].exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://htalxu.t.muxa.cc/h.php?aid=35 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {3BDC6A26-E74D-2DBB-D503-6D550DF5731E} - C:\WINDOWS\system32\rmp.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [Microsoft Update] mssmgrd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D823DD4-D752-47B4-B642-A571B3433745}: NameServer = 204.147.80.5,206.81.192.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A7297A-5F38-4403-9342-B238C89421D1}: NameServer = 205.171.3.65 205.171.2.65
O19 - User stylesheet: (file missing)

0

Its weird, I can download and install Spybot!
I have tried to install both virus scan 7.0 and 8.0.
I am doing the spybot scan now.

0

Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.zerosrealm.com/downloads.php
http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

reboot and post a fresh hijackthis log
Forget the virus scans for now .Please run Ad-Aware ,spybot and CWShredder first

0

Logfile of HijackThis v1.98.2
Scan saved at 2:26:16 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {3BDC6A26-E74D-2DBB-D503-6D550DF5731E} - C:\WINDOWS\system32\rmp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [Microsoft Update] mssmgrd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D823DD4-D752-47B4-B642-A571B3433745}: NameServer = 204.147.80.5,206.81.192.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A7297A-5F38-4403-9342-B238C89421D1}: NameServer = 205.171.3.65 205.171.2.65
O19 - User stylesheet: (file missing)

0

yesterday I tried to do a defrag. on my comp and it told me the RPO server was unavailible.

0

Please create a new folder in you mydocuments and move the hijackthis .exe into it and then run it from there .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win

O2 - BHO: (no name) - {3BDC6A26-E74D-2DBB-D503-6D550DF5731E} - C:\WINDOWS\system32\rmp.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKCU\..\Run: [Microsoft Update] mssmgrd.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)

If this is not the ip address of your don't know this IP you can fix these ,leave if you know the ip .
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D823DD4-D752-47B4-B642-A571B3433745}: NameServer = 204.147.80.5,206.81.192.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A7297A-5F38-4403-9342-B238C89421D1}: NameServer = 205.171.3.65 205.171.2.65

O19 - User stylesheet: (file missing)


Now reboot into safe mode and delete the following files and folders if found .


mssmgrd.exe ,,,,,,search for and delete this file

C:\WINDOWS\system32\rmp.dll,,,,,,,,delete this file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

0

Logfile of HijackThis v1.98.2
Scan saved at 3:59:47 PM, on 11/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A7297A-5F38-4403-9342-B238C89421D1}: NameServer = 205.171.3.65 205.171.2.65

0

I didnt find those 2 files.
I think something is killing my reg. because my cd stopped again.
I fixed it the first time by deleting a file in the reg. But now the problem is back.

What ever this is it it messin up my reg. and the virus scan files.

0

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Reboot to safe mode and delete this file !

C:\WINDOWS\system32\mouse_configurator.win,,,,,,,,,,,, delete this file


reboot computer and post a new log,

0

Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Nov 28 2004 17:39:31

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Owner\My Documents\Unzipped\tsc\tsc.ptn" (version 459) [success]

Complete time : Sun Nov 28 2004 17:39:52
Execute pattern count(1480), Virus found count(0), Virus clean count(0), Clean failed count(0)

0

C:\WINDOWS\system32\mouse_configurator.win

I dont have that one either.

just checking did you set computer to show hidden files and folders as described in the post above .

Run Hijackthis again and post a new log thanks

0

Logfile of HijackThis v1.98.2
Scan saved at 12:20:12 PM, on 11/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A7297A-5F38-4403-9342-B238C89421D1}: NameServer = 205.171.3.65 205.171.2.65

0

yup. the only thing I found that was close was my mouse driver.

Ok ,Log looks OK now ,hows the antivirus program behaving now !

0

Still a no go. My comp. cant find the RPC server!
I think this is the problem!
I know there was a worm that would effect this.
How do I get it back?

0

I have a new problem. I fixed the RPC server by uninstalling the windows 2 service pack. I got the virus scan to work........sorta
My new prooblem is everytime I start up the virus scan the VSMAIN.exe shuts down by itsself and so does the instant updater.
LMAO! Now what is wrong?! :eek:

0

I have a new problem. I fixed the RPC server by uninstalling the windows 2 service pack. I got the virus scan to work........sorta
My new prooblem is everytime I start up the virus scan the VSMAIN.exe shuts down by itsself and so does the instant updater.
LMAO! Now what is wrong?! :eek:

Im lost, I don't have an answer sorry!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.