A freind at work has a new Dell computer and a 14 year old who likes to download music from KaZaa. After a couple of months of this he ask if I could fix it for him.
I instaled spybot, adaware, ran them and removed 128 malicious programs, then uninstalled KaZaa. Installed Zone Alarm Pro, Norton Utilities 2003 and got the updates for NAV ran a full system scan and removed 3 virus'.
The comp was running as good as new for a couple days, but now the auto protect feature of NAV will not start, e-mail protection is giving an error message and it will not get updates.
So the next thing was to install hijackthis and run it and if some one of the many here could tell me what to do to fix this problem it would be greatly appreciated.
Here is the log
09file of HijackThis v1.97.7 hijackthis
scan saved at 6:30:20 PM, on 3/15/2004
Platform: windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGP~1\NORTON~2\SPEPDD~l\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDows\system32\Winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\Dsentry.exe
C:\Program Files\Common Files\Symantec shared\ccApp.exe
c:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH JukeBox\mmtask.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\WINDOWS\SySteM32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\Zlcient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet call Waiting\ICW.EXE
C:\Documents and Settings\Jerry\Local Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe
RO HKCU\Software\Microsoft\Internet Explorer\Main,Start Page= http://moneycentral.msn.com/investor/home.asp
R1 HKCU\Software\Microsoft\Internet Explorer\main,Default Page_URL= http://www.dellnet.com
RO HKLM\Software\Microsoft\Internet Explorer\main,start Page=
http://www.dellnet.com
RO HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant= about:blank
R1 HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext=
http://~.dellnet.com/
02 BHO: BabeIE {00000000 0000 0000 0000 000000000000} (no file)
02 BHO: (no name) {00000762 3965 4A1A 98CE 3D4BF457D4C8} C:\Program
Files\Lycos\Sidesearch\sidesearchl3ll.dll
02 - BHO: (no name) {00A6FAFl 072E 44cf 8957 5838F569A31D} C:\Program
Files\MyWebsearch\SrchAstt\l.bin\MWSSRCAS.DLL
02 BHO: (no name) {0247BD38 C3F9 4efb 9B51 7695ECA05670} C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_O.dll
02 BHO: (no name) {0494DODI FgEO 41ad 92A3 14154ECE70AC} C:\Program Files\MyWay\myBar\l.bin\MYBAR.DLL
02 BHO: (no name) {07818EAI A523 4961 s6sa 170DE4475CCA) C:\Program Files\MyWebsearch\bar\l.bin\MWSBAR.DLL
02 - BHO: (no name) (59C8AB8F F04D F0DD AA0E 3DI18Dl7E05C} -
C:\WINDOWS\SYstem32\zhgjurmi.dll
02 SHO: (no name) {BDF3E430 Bl01 42AD A544 FADC6B084872} C:\Program
Files\Norton AntiVirus\NavShExt.dll
02 BHO: (no name) {D8E25C53 9508 4f5c 9249 D98D43889ID5}
C:\WINDOWS\system32\ssurfO22.dll
03 Toolbar: &Radio {8E718888 423F llD2 876E 00A0C9082467}
C:\WINDOWS\System32\msdxm.ocx
03 Toolbar: Norton AntiVirus {42CDDlBF 3FFB 4238 8AD1 7859DF00BID6} C:\Program
Files\Norton AntiVirus\NavShExt.dll
03 Toolbar: &SearchBar {0494DOD9 FgEO 41ad 92A3 14154ECE70AC} C:\Program
Files\MyWay\mybar\l.bin\MYBAR.DLL
03 Toolbar: Adult Links (965E6BO7 6832 4738 BDBE 25F226BA2ABO} -
C:\WINDOWS\system32\QaBar.dll
03 Toolbar: My &Web Search {07Bl8EA9 AS23 496l S6sB 170DE4475CCA} C:\Program
Files\Mywebsearch\bar\l.bin\MWSBAR.DLL
03 Toolbar: Yahoo! Companion {EF99BD32 ClFB llD2 892F 009027ID4F88} C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_ll_0.dll
04 HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
04 HKLM\..\Run: [HOtKeysCmds] C:\WINDOWS\System32\hkcmd.exe
04 HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
04 HKLM\..\Run: [CCApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
04 HKLM\..\Run: [CCRegvfy] "C:\Program Files\Common Files\Symantec
shared\CCRegVfy.exe"
04 HKLM\..V\Run: [TkBellExej C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" osboot
04 HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
04 HKLM\..\Run: [DwlClientj C:\Program Files\Commom Files\Dell\EUSW\Support.exe
04 HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
04 HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application
Data\Dell\Alert\252\updtSup3.exe"
04 HKLM\..\Run: [PD6000StatusMonitorl C:\WINDOWS\System32\PD6000sm.EXE
04 HKLM\..\RUn: [ibmodork] C:\WINDOWS\tbuhownm.exe
04 HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
04 HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\bar\l.bin\mwsoemon.exe
04 HKLM\..\RUn: [Dm_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
04 HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
04 HKLM\..\Run: [zzb] C:\WINDOWS\System32\zzb.exe
04 HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\Zlclient.exe
04 HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
04 HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe cnetwait.odl
04 HKCU\..\Run: [Reminder] C:\PrograM Files\Microsoft Money\System\reminder.exe
04 HKCU\..\Run: [zzb] C:\WINDOWS\SyStem32\zzb.exe
04 Startup: Internet Call Waiting.LNK = C:\Program Files\Internet Call
waitinq\ICW.EXE
04 Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America
Online 8.0\aoltray.exe
04 Global Startup: Digital Line Detect.lnk = ?
04 Global Startup: Kodak EasyShare software.lnk = c:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
04 Global Startup: Microsoft Office.Ink = C:\Program Files\Microsoft
Office\OfficelO\OSA.EXE
08 Extra context menu item: E&Xport to Microsoft Excel
res://C:\PROGRA~1\MICROS~2\OfficelO\EXCEL.FXE/3000
08 Extra context menu item: Remindu file://C:\Program
Files\UpromiseRemindu\system\Temp\Upromise_scripto0.htm
09 Extra button: Sidesearch (HKLM)
09 Extra button: AIM (HKLM)
09 Extra button: Real.com (HKLM)
09 Extra button: Messenger (HKLM)
09 Extra 'Tools' menuitem: Messenger (HKLM)
09 Extra button: ReMindu (HKCU)
012 Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dlI
016 DPF: {0lA88BB1 1174 41EC ACCB 963509EAE56B} (SysProWmi Class)- http://support.dell.com/systemprofiler/SysPro.CAB
016 DPF: {lD6711C8 7154 40BB 8380 3DEA45B69CBF} (web P2P Installer)-
016 DPF: {30528230 99F7 4BB4 88D8 FAlD4F56A2AB} (YInstStarter Class)- http://download.yahoo.com/dl/installs/yinstc.cab
hes got a Dell with a pentium 4 2.8 proccesor
80 gig hard drive
512 meg ram
not sure what else you may need to know
Thanks
aaron
I instaled spybot, adaware, ran them and removed 128 malicious programs, then uninstalled KaZaa. Installed Zone Alarm Pro, Norton Utilities 2003 and got the updates for NAV ran a full system scan and removed 3 virus'.
The comp was running as good as new for a couple days, but now the auto protect feature of NAV will not start, e-mail protection is giving an error message and it will not get updates.
So the next thing was to install hijackthis and run it and if some one of the many here could tell me what to do to fix this problem it would be greatly appreciated.
Here is the log
09file of HijackThis v1.97.7 hijackthis
scan saved at 6:30:20 PM, on 3/15/2004
Platform: windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGP~1\NORTON~2\SPEPDD~l\nopdb.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDows\system32\Winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\Dsentry.exe
C:\Program Files\Common Files\Symantec shared\ccApp.exe
c:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH JukeBox\mmtask.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\WINDOWS\SySteM32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\Zlcient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet call Waiting\ICW.EXE
C:\Documents and Settings\Jerry\Local Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe
RO HKCU\Software\Microsoft\Internet Explorer\Main,Start Page= http://moneycentral.msn.com/investor/home.asp
R1 HKCU\Software\Microsoft\Internet Explorer\main,Default Page_URL= http://www.dellnet.com
RO HKLM\Software\Microsoft\Internet Explorer\main,start Page=
http://www.dellnet.com
RO HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant= about:blank
R1 HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext=
http://~.dellnet.com/
02 BHO: BabeIE {00000000 0000 0000 0000 000000000000} (no file)
02 BHO: (no name) {00000762 3965 4A1A 98CE 3D4BF457D4C8} C:\Program
Files\Lycos\Sidesearch\sidesearchl3ll.dll
02 - BHO: (no name) {00A6FAFl 072E 44cf 8957 5838F569A31D} C:\Program
Files\MyWebsearch\SrchAstt\l.bin\MWSSRCAS.DLL
02 BHO: (no name) {0247BD38 C3F9 4efb 9B51 7695ECA05670} C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_O.dll
02 BHO: (no name) {0494DODI FgEO 41ad 92A3 14154ECE70AC} C:\Program Files\MyWay\myBar\l.bin\MYBAR.DLL
02 BHO: (no name) {07818EAI A523 4961 s6sa 170DE4475CCA) C:\Program Files\MyWebsearch\bar\l.bin\MWSBAR.DLL
02 - BHO: (no name) (59C8AB8F F04D F0DD AA0E 3DI18Dl7E05C} -
C:\WINDOWS\SYstem32\zhgjurmi.dll
02 SHO: (no name) {BDF3E430 Bl01 42AD A544 FADC6B084872} C:\Program
Files\Norton AntiVirus\NavShExt.dll
02 BHO: (no name) {D8E25C53 9508 4f5c 9249 D98D43889ID5}
C:\WINDOWS\system32\ssurfO22.dll
03 Toolbar: &Radio {8E718888 423F llD2 876E 00A0C9082467}
C:\WINDOWS\System32\msdxm.ocx
03 Toolbar: Norton AntiVirus {42CDDlBF 3FFB 4238 8AD1 7859DF00BID6} C:\Program
Files\Norton AntiVirus\NavShExt.dll
03 Toolbar: &SearchBar {0494DOD9 FgEO 41ad 92A3 14154ECE70AC} C:\Program
Files\MyWay\mybar\l.bin\MYBAR.DLL
03 Toolbar: Adult Links (965E6BO7 6832 4738 BDBE 25F226BA2ABO} -
C:\WINDOWS\system32\QaBar.dll
03 Toolbar: My &Web Search {07Bl8EA9 AS23 496l S6sB 170DE4475CCA} C:\Program
Files\Mywebsearch\bar\l.bin\MWSBAR.DLL
03 Toolbar: Yahoo! Companion {EF99BD32 ClFB llD2 892F 009027ID4F88} C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_ll_0.dll
04 HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
04 HKLM\..\Run: [HOtKeysCmds] C:\WINDOWS\System32\hkcmd.exe
04 HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
04 HKLM\..\Run: [CCApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
04 HKLM\..\Run: [CCRegvfy] "C:\Program Files\Common Files\Symantec
shared\CCRegVfy.exe"
04 HKLM\..V\Run: [TkBellExej C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" osboot
04 HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
04 HKLM\..\Run: [DwlClientj C:\Program Files\Commom Files\Dell\EUSW\Support.exe
04 HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
04 HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application
Data\Dell\Alert\252\updtSup3.exe"
04 HKLM\..\Run: [PD6000StatusMonitorl C:\WINDOWS\System32\PD6000sm.EXE
04 HKLM\..\RUn: [ibmodork] C:\WINDOWS\tbuhownm.exe
04 HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
04 HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\bar\l.bin\mwsoemon.exe
04 HKLM\..\RUn: [Dm_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
04 HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
04 HKLM\..\Run: [zzb] C:\WINDOWS\System32\zzb.exe
04 HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\Zlclient.exe
04 HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
04 HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe cnetwait.odl
04 HKCU\..\Run: [Reminder] C:\PrograM Files\Microsoft Money\System\reminder.exe
04 HKCU\..\Run: [zzb] C:\WINDOWS\SyStem32\zzb.exe
04 Startup: Internet Call Waiting.LNK = C:\Program Files\Internet Call
waitinq\ICW.EXE
04 Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America
Online 8.0\aoltray.exe
04 Global Startup: Digital Line Detect.lnk = ?
04 Global Startup: Kodak EasyShare software.lnk = c:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
04 Global Startup: Microsoft Office.Ink = C:\Program Files\Microsoft
Office\OfficelO\OSA.EXE
08 Extra context menu item: E&Xport to Microsoft Excel
res://C:\PROGRA~1\MICROS~2\OfficelO\EXCEL.FXE/3000
08 Extra context menu item: Remindu file://C:\Program
Files\UpromiseRemindu\system\Temp\Upromise_scripto0.htm
09 Extra button: Sidesearch (HKLM)
09 Extra button: AIM (HKLM)
09 Extra button: Real.com (HKLM)
09 Extra button: Messenger (HKLM)
09 Extra 'Tools' menuitem: Messenger (HKLM)
09 Extra button: ReMindu (HKCU)
012 Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dlI
016 DPF: {0lA88BB1 1174 41EC ACCB 963509EAE56B} (SysProWmi Class)- http://support.dell.com/systemprofiler/SysPro.CAB
016 DPF: {lD6711C8 7154 40BB 8380 3DEA45B69CBF} (web P2P Installer)-
016 DPF: {30528230 99F7 4BB4 88D8 FAlD4F56A2AB} (YInstStarter Class)- http://download.yahoo.com/dl/installs/yinstc.cab
hes got a Dell with a pentium 4 2.8 proccesor
80 gig hard drive
512 meg ram
not sure what else you may need to know
Thanks
aaron
