4
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by crunchie
0

Please go here & install ALL critical updates required for your system, including service pack 1a for both XP and IE6.
Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be done with an unpatched system is put a temporary bandage on it. your system can potentially be reinfected within minutes of cleaning it.

0

Thanks, the update to IE helped block it from coming back once I ran HIJACKTHIS. I keep my pc up-to-date (Or so I thought)

Thanks for the quick and accurate help. I will be checking in for other problems.

Matthell

0

matthell,

Could you please post one final log for us to review so that we can make sure that everything is really clean?

Thanks.

0

Everything looks like programs I have installed and working properly.

Let me know what you think.

Matt

Logfile of HijackThis v1.99.1
Scan saved at 7:15:27 AM, on 6/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "D:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

0

Sure you never just did a system restore?? :). Still not showing any service packs as being installed.

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

0

Still not showing any service packs as being installed.

Agreed. If your system had all current updates installed, the following log entries should have changed to reflect that:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

0

Sorry, I must have copied an older log. Let me know what you think. I think I got it all but who knows? First is the log then the uninstall log.

Matt

Logfile of HijackThis v1.99.1
Scan saved at 6:47:46 PM, on 6/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "D:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119526363327
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


3ivx D4 4.5.1 (remove only)
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Photoshop 6.0
AOL Instant Messenger (SM)
ArcSoft Camera Suite 2.1
ArcSoft PhotoImpression
ATI Multimedia Center
Avery Media Software 32 bit
Avery Wizard 2.1 for Microsoft® Word 2000
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Codec Pack - All In 1 6.0.2.1
Colorific
Cool Edit 2000
Corel Uninstaller
CuteFTP
Decoder Package Version 2.0 build 2104
DivX
DivX Player
DriverMAGIC Pro Trial
DVD Shrink 3.2
EasyX Video Converter
Forté Agent
GSpot Codec Information Appliance
HijackThis 1.99.1
Huffyuv AVI lossless video codec (Remove Only)
ICQ Lite
Intel A/V Codecs V2.0
interneTIFF IE Version 5.0--FREE
InterVideo WinDVD
IsoBuster 1.3
Java 2 Runtime Environment, SE v1.4.0
Java Web Start
Kazaa Media Desktop 2.0.2
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
MasterSplitter Program
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Professional
Microsoft Press Readiness Review 70-290
MusicMatch Jukebox
My DSC
My Search Bar
Nero 6 Ultra Edition
Nimo Codecs Pack v5.0 (Remove Only)
Norton AntiVirus 2002
Norton WMI Update
Ofoto Easy Upload ActiveX Control
On2 VP3 Video for Windows Codec
PhotoPC 750Z
PICVideo Codecs
QuickTime
RealOne Player
Shockwave
Sierra Account Wizard
SmartPar
Soulseek Client 152
Spybot - Search & Destroy 1.2
TechSkills TestPrep
TMPGEnc Plus 2.5
True Internet Color
Winamp3 (remove only)
Windows Installer 3.1 (KB893803)
Windows Key Demo
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
WinZip
XVID MPEG-4 CODEC
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
yEnc32 (remove only)

0

That log looks good- updates are showing there now, and there are no signs of infections. :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.