1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Constant Activity

Discussion in 'Windows XP' started by beahare, Jul 15, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    My hard drive activity light is constantly on. I don't even have any programs running, at least I don't think that could cause any problems. Why is this happening? The disk performance is rapidly degrading.
    Logfile of HijackThis v1.99.1
    Scan saved at 4:13:05 PM, on 7/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BioALock.exe
    C:\WINDOWS\system32\BioSAMon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LAuthsnt.exe
    C:\WINDOWS\system32\lrbsrvnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\XPAudio\csrss.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSGTAG\MSGTAG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Chris Thomas\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [WelfYW] C:\WINDOWS\aeaody.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [bYKXMK] C:\WINDOWS\bxbpvm.exe
    O4 - HKLM\..\Run: [4Fw0yOF5] C:\WINDOWS\onsiyjrb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CommServices] C:\WINDOWS\system32\XPAudio\csrss.exe
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [0ky00634.dll] "RUNDLL32.EXE" 0ky00634.dll,b 8747406
    O4 - HKLM\..\Run: [AtiSound]
    O4 - HKCU\..\Run: [TorCP] C:\Program Files\TorCP\torcp.exe
    O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Chris Thomas\Application Data\Systweak\ASO 2\smstartUp manager.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Talking Buddy.lnk = C:\Program Files\Talking Bud\talkingb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2497C229-BC14-4375-AA73-214E30AD411F}: NameServer = 85.255.116.46,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D905F60-451E-40A0-B469-4E8D53E791FA}: NameServer = 85.255.116.46,85.255.112.187
    O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: BioAutoLock - Unknown owner - C:\WINDOWS\system32\BioALock.exe
    O23 - Service: Account Synchronization Agent (BioSAMon) - Unknown owner - %WINDIR%\system32\BioSAMon.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Local Authenteon Cache (LauthC) - Unknown owner - %WINDIR%\system32\LAuthcnt.exe (file missing)
    O23 - Service: Local Authenteon Server (LauthS) - Unknown owner - %WINDIR%\system32\LAuthsnt.exe (file missing)
    O23 - Service: Local Request Broker (lrbsrv) - Unknown owner - %WINDIR%\system32\lrbsrvnt.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You have no anti-virus protection.
    Get AVG (it's free): http://free.grisoft.com/doc/1
    Install it and run a scan.

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
     
  3. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    Greetings! The virus protection is use is TrendMicro Housecall.
    Here are the requested files:

    Fixwareout ver 1.003
    Last edited 07/1/2006
    Post this report in the forums please

    Reg Entries that were deleted
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    Other suspects
    Directory of C:\WINDOWS\system32

    And the hijack this file log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:06:42 PM, on 7/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BioALock.exe
    C:\WINDOWS\system32\BioSAMon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LAuthsnt.exe
    C:\WINDOWS\system32\lrbsrvnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\XPAudio\csrss.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSGTAG\MSGTAG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Talking Bud\talkingb.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Chris Thomas\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O1 - Hosts: 207.68.172.246 msn.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [WelfYW] C:\WINDOWS\aeaody.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [bYKXMK] C:\WINDOWS\bxbpvm.exe
    O4 - HKLM\..\Run: [4Fw0yOF5] C:\WINDOWS\onsiyjrb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CommServices] C:\WINDOWS\system32\XPAudio\csrss.exe
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [0ky00634.dll] "RUNDLL32.EXE" 0ky00634.dll,b 8747406
    O4 - HKLM\..\Run: [AtiSound]
    O4 - HKCU\..\Run: [TorCP] C:\Program Files\TorCP\torcp.exe
    O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Chris Thomas\Application Data\Systweak\ASO 2\smstartUp manager.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: Talking Buddy.lnk = C:\Program Files\Talking Bud\talkingb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2497C229-BC14-4375-AA73-214E30AD411F}: NameServer = 85.255.116.46,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D905F60-451E-40A0-B469-4E8D53E791FA}: NameServer = 85.255.116.46,85.255.112.187
    O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: BioAutoLock - Unknown owner - C:\WINDOWS\system32\BioALock.exe
    O23 - Service: Account Synchronization Agent (BioSAMon) - Unknown owner - %WINDIR%\system32\BioSAMon.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Local Authenteon Cache (LauthC) - Unknown owner - %WINDIR%\system32\LAuthcnt.exe (file missing)
    O23 - Service: Local Authenteon Server (LauthS) - Unknown owner - %WINDIR%\system32\LAuthsnt.exe (file missing)
    O23 - Service: Local Request Broker (lrbsrv) - Unknown owner - %WINDIR%\system32\lrbsrvnt.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the Hoster from here:
    www.funkytoad.com/download/hoster.zip
    Run Hoster and press Restore Original Hosts, OK, and Exit Program.

    • Download Brute Force Uninstaller to your C:\
    • Unzip it to a folder of its own (C:BFU).

      BFU should be on your root. In most cases this is C:
    • Download qoofix.bat (rightclick on this link and choose save as)
    • Place qoofix.bat in your C:BFU - folder. (Important!)
    • Doubleclick qooFix.bat, Close all browsers and explorer folders.
    • Choose option 1 (Qoolfix autofix) and follow the prompts.
    • Please be patient, it will take about five minutes.
    • After the PC has restarted please post another hijackthis log.
     
  5. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    I would follow the instructions but the link to the .bat file is broken.

    Thanks
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    It must have been taken down or the site is down

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  7. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    I have included the report per your instructions. Somethings wrong with the ActiveScan. It keeps telling me that it doesn't support my language. That's strange since it's set at English. Anyway, the log is in the .zip file..

    Thanks
     

    Attached Files:

  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please post a new HJT log. And did you add those 01 Hosts files yourself?
     
  9. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    What host files?
     
  10. beahare

    beahare Banned Thread Starter

    Joined:
    Sep 11, 2005
    Messages:
    74
    Logfile of HijackThis v1.99.1
    Scan saved at 6:59:27 PM, on 7/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BioALock.exe
    C:\WINDOWS\system32\BioSAMon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LAuthsnt.exe
    C:\WINDOWS\system32\lrbsrvnt.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\XPAudio\csrss.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSGTAG\MSGTAG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Chris Thomas\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [CommServices] C:\WINDOWS\system32\XPAudio\csrss.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2497C229-BC14-4375-AA73-214E30AD411F}: NameServer = 85.255.116.46,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D905F60-451E-40A0-B469-4E8D53E791FA}: NameServer = 85.255.116.46,85.255.112.187
    O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: BioAutoLock - Unknown owner - C:\WINDOWS\system32\BioALock.exe
    O23 - Service: Account Synchronization Agent (BioSAMon) - Unknown owner - %WINDIR%\system32\BioSAMon.exe (file missing)
    O23 - Service: Local Authenteon Cache (LauthC) - Unknown owner - %WINDIR%\system32\LAuthcnt.exe (file missing)
    O23 - Service: Local Authenteon Server (LauthS) - Unknown owner - %WINDIR%\system32\LAuthsnt.exe (file missing)
    O23 - Service: Local Request Broker (lrbsrv) - Unknown owner - %WINDIR%\system32\lrbsrvnt.exe (file missing)
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Nevermind, Hoster took care of them.

    Run Kaspersky online virus scan here: http://www.kaspersky.com/virusscanner

    When given the option, choose the "Extended database" for the scan.
    When it's finished, save the results from the scan and post them here.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483453

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice