0

My Computer Is Just All Around Being Wierd.....Netscape 8.0 Tells Me It Cant Find Websites, That I Know Exist, And Hotmail Says My Password Is Wrong When It Lets Me Log-In To MSN Messenger With Same Password and It Works Fine. When I Scan With Spybot It Finds 2 Problems And Then Says Scan Was Aborted By User When I Didnt Even Touch It :eek: Please Help! I Have and Installed Both WinXP Service Pack 1+2 and It Still Shows That I Dont Have Them :( (Let Me Know What I Need To Fix) Here's My HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:28:37 AM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\CallWave\IAM.exe
G:\Program Files\Netscape\Netscape Browser\netscape.exe
G:\WINDOWS\System32\ntvexec.exe
G:\WINDOWS\System32\nwwedia.exe
G:\WINDOWS\system32\94D.tmp
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\WinMX\WinMX.exe
C:\Program Files\Aprps\CxtPls.exe
G:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - G:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - G:\WINDOWS\System32\nse2F.dll (file missing)
O4 - HKLM\..\Run: [iexplore.exe] G:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Services] G:\WINDOWS\system32\94D.tmp
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE G:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [version] G:\WINDOWS\System32\Uzsmtk.exe
O4 - HKLM\..\Run: [4F4Q3ti] nwwedia.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] G:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\Run: [Lov4RjGFj] ntvexec.exe
O4 - HKCU\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe
O4 - Global Startup: Internet Answering Machine.lnk = G:\Program Files\CallWave\IAM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D6F92D2B-C454-4554-8863-F9D809E53568} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6F92D2B-C454-4554-8863-F9D809E53568} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{525A457A-79D0-4A58-B9F0-6327978E942B}: NameServer = 216.126.128.40 66.19.192.200
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - G:\WINDOWS\lsass.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - G:\WINDOWS\System32\mapi32.exe (file missing)
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - G:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: ssdfghjkl - Unknown owner - G:\WINDOWS\netddf.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tsecure - Unknown owner - G:\WINDOWS\tsecure.exe

2
Contributors
7
Replies
8
Views
12 Years
Discussion Span
Last Post by crunchie
0

You have some entries there that need removing.

===============

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

==

Open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u cxtpls.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's:

1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:

ntvexec.exe*
nwwedia.exe*
CxtPls.exe*

2) Then if any are found in the 'prefetch' folder, delete them.

Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

G:\WINDOWS\System32\ntvexec.exe
G:\WINDOWS\System32\nwwedia.exe
G:\WINDOWS\system32\94D.tmp
C:\Program Files\Aprps\CxtPls.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - G:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - G:\WINDOWS\System32\nse2F.dll (file missing)

O4 - HKLM\..\Run: [Services] G:\WINDOWS\system32\94D.tmp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE G:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [version] G:\WINDOWS\System32\Uzsmtk.exe
O4 - HKLM\..\Run: [4F4Q3ti] nwwedia.exe
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKCU\..\Run: [Lov4RjGFj] ntvexec.exe
O4 - HKCU\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe

O9 - Extra button: Microsoft AntiSpyware helper - {D6F92D2B-C454-4554-8863-F9D809E53568} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D6F92D2B-C454-4554-8863-F9D809E53568} - (no file) (HKCU)

O23 - Service: Windows lsass Service (lsass) - Unknown owner - G:\WINDOWS\lsass.exe
O23 - Service: ssdfghjkl - Unknown owner - G:\WINDOWS\netddf.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Aprps

files...

G:\WINDOWS\System32\ntvexec.exe
G:\WINDOWS\System32\nwwedia.exe
G:\WINDOWS\system32\94D.tmp
G:\WINDOWS\cfgmgr52.dll
G:\WINDOWS\System32\Uzsmtk.exe
G:\WINDOWS\lsass.exe
G:\WINDOWS\netddf.exe

Search for...

xpspz.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

==

I cannot find any information on this file:
G:\WINDOWS\tsecure.exe
Please find it and right click on it. Choose Properties. Click the version tab and get the manufacturer and original filename please. Maybe that will give a clue.

0

Okay I Removed The HJT Garbage I Had.....Netscape(have latest version) Is Still Giving Me Trouble, It Will Randomly Not Find Popular Websites That I Have Visited Before and It Will Not Allow Me To Sign Into MSN.com Because It Says Cookies Are Not Activated, But They Really Are. I Am At The Point Of Blowing My Computer Up, But I Dont Want To Resort To Violence. I Scanned With AVG Free Virus Program and Norton Antivirus 2004, They Both found stuff and Removed It. I Have EWIDO Security Suite and It Found 1400 Problems and Fixed Them, But Netscape Still Acts Up and I Still Cant Sign Into MSN.com To Check My Email. Any Idea's On Whats Wrong? Formating The Hard Drive and Starting Over Is Out Of The Question I Refuse To Do That Again....Also, Can You Tell Me How To Change The Filing System On My 80 gig Hard Drive from FAT32 To NFTS? Thats Not On The Top List Of Problems To Fix But Needs To Be Changed All The Same. Please Let Me Know What You Think...Here Is The New HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:15:13 PM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\CallWave\IAM.exe
G:\WINDOWS\system32\31.tmp
G:\Program Files\Netscape\Netscape Browser\netscape.exe
G:\Program Files\HijackThis\HijackThis.exe
G:\WINDOWS\lsass.exe

O4 - HKLM\..\Run: [iexplore.exe] G:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Services] G:\WINDOWS\system32\31.tmp
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] G:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - Global Startup: Internet Answering Machine.lnk = G:\Program Files\CallWave\IAM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\PROGRA~1\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{525A457A-79D0-4A58-B9F0-6327978E942B}: NameServer = 209.43.75.190 206.246.140.14
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - G:\WINDOWS\aim.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - G:\WINDOWS\lsass.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - G:\WINDOWS\System32\mapi32.exe (file missing)
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - G:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tsecure - Unknown owner - G:\WINDOWS\tsecure.exe (file missing)
O23 - Service: Ati Management (Winconfig32) - Unknown owner - G:\WINDOWS\encrypt.exe (file missing)

Thank's A Bunch For The Help So Far and That To Come

0

Please go to Jotti's and have this file scanned. Post the results back here.

G:\WINDOWS\encrypt.exe
G:\WINDOWS\tsecure.exe
G:\WINDOWS\System32\mousecrm.exe

If they come back bad you will have to stop, then disable the following services, then delete those files manually.


Mouse Cursor Monitor (mousecrm)
tsecure
Ati Management (Winconfig32)

=============

Open a command prompt by:

1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).

-

Now, locate and 'stop' the following services, if present:

Windows lsass Service (lsass) owner ... (G:\WINDOWS\lsass.exe)

Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. Once stopped, set this service to disabled.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

G:\WINDOWS\system32\31.tmp
G:\WINDOWS\lsass.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


O4 - HKLM\..\Run: [Services] G:\WINDOWS\system32\31.tmp
O4 - HKCU\..\Run: [Windows-XP-Service-Pack] xpspz.exe

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - G:\WINDOWS\aim.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - G:\WINDOWS\lsass.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

G:\WINDOWS\system32\31.tmp
G:\WINDOWS\lsass.exe
G:\WINDOWS\aim.exe

Search for...

xpspz.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

Had To Reinstall Windows......Seems Ok Now I Guess, Except for The Annoying Messenger Telling My Registry Has Errors, Anyway To Fix That?. Here's HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 4:23:56 AM, on 8/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
C:\g.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\WINDOWS\System32\msupdater.exe
G:\WINDOWS\System32\kav32.exe
G:\WINDOWS\System32\soff.pif
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\CallWave\IAM.exe
G:\Program Files\Netscape\Netscape Browser\netscape.exe
G:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=G:\WINDOWS\System32\psicbrzz\csrss.exe
F3 - REG:win.ini: run=G:\WINDOWS\System32\psicbrzz\csrss.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iexplore.exe] G:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Services] C:\g.exe
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\Run: [Protocol Settings] kav32.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] G:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Protocol Settings] kav32.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = G:\Program Files\CallWave\IAM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{525A457A-79D0-4A58-B9F0-6327978E942B}: NameServer = 209.43.75.190 206.246.140.14
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - G:\WINDOWS\aim.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - G:\WINDOWS\System32\mapi32.exe (file missing)
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - G:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

0

I don't think you reformatted. Perhaps you just installed over the top? If you had, you would not have those nasties on there :).

Please go here & install ALL critical updates required for your system, including service pack 1a for both XP and IE6.
Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be done with an unpatched system is put a temporary bandage on it. Your system can potentially be reinfected within minutes of cleaning it.

==

Once done, reboot and post another log. We will have a better chance of cleaning it up then.

0

Things Are Running Semi-Smoothe Now.... :twisted: Got Updates and Here Is The New HJT Log, Let Me Know What Lil Buggers I Need To Fix. And I Am Clueless To Why It Show's I Dont Have SP1 When I Just Let The Updater Download All Necessary Updates.

Logfile of HijackThis v1.99.1
Scan saved at 6:23:24 PM, on 8/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\snmp.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
C:\g.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\CallWave\IAM.exe
G:\WINDOWS\System32\msiexec.exe
G:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
G:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=G:\WINDOWS\System32\psicbrzz\csrss.exe
F3 - REG:win.ini: run=G:\WINDOWS\System32\psicbrzz\csrss.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iexplore.exe] G:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Services] C:\g.exe
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] G:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Protocol Settings] kav32.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = G:\Program Files\CallWave\IAM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123299453227
O17 - HKLM\System\CCS\Services\Tcpip\..\{525A457A-79D0-4A58-B9F0-6327978E942B}: NameServer = 209.43.75.190 206.246.140.14
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - G:\WINDOWS\aim.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - G:\WINDOWS\System32\mapi32.exe (file missing)
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - G:\WINDOWS\wkssvc.exe (file missing)
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe (file missing)

0

You have some entries there that need removing.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\g.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

F3 - REG:win.ini: load=G:\WINDOWS\System32\psicbrzz\csrss.exe
F3 - REG:win.ini: run=G:\WINDOWS\System32\psicbrzz\csrss.exe

O4 - HKLM\..\Run: [Services] C:\g.exe
O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe
O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif
O4 - HKCU\..\Run: [Protocol Settings] kav32.exe
O4 - Startup: csrss.lnk = ?

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - G:\WINDOWS\aim.exe (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

G:\WINDOWS\System32\psicbrzz

files...

C:\g.exe

Search for...

msupdater.exe
kav32.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.