Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems when trying to access drives after malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems when trying to access drives after malware removal

Unread postby strigga » August 8th, 2005, 7:53 pm

Hi there,

please have a look at tis Hijackthis-Logfile. It´s a bit messy as this was created after quite a few threats were removed by different Anti-Malware-Programmes (named: McAfee Stinger, F-Prot Antivirus, Bitdefender Antivirus and Spybot) and manual removal action. Non of the above programmes finds anything after my cleanup attempts, but the computer is unable to access any drives from now on.

If I start the windows explorer (W2K) it goes to my documents by default which is working OK. If I switch to "My Computer" now, the torch comes up and never leaves my screen untill I kill explorer.exe using the task manager. When I open the command prompt and try to access any drive from there, the same problem comes up.

Many thanks for your time.

Logfile of HijackThis v1.99.1
Scan saved at 01:39:56, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\IomegaAccess.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Iomega\Common\ImgStart.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\Dit.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINNT\explorer.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - C:\WINNT\system32\gultsjjw.dll (file missing)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - C:\WINNT\system32\lzxpjkzk.dll (file missing)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - C:\WINNT\system32\fmczibaa.dll (file missing)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - C:\WINNT\system32\ydmhjihe.dll (file missing)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - C:\WINNT\system32\xtpgnrzb.dll (file missing)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - C:\WINNT\system32\lfpfmczl.dll (file missing)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - C:\WINNT\system32\mjkglpwn.dll (file missing)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - C:\WINNT\system32\cusfgucr.dll (file missing)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - C:\WINNT\system32\xhsafhqv.dll (file missing)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - C:\WINNT\system32\yvyomurp.dll (file missing)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - C:\WINNT\system32\mvvdhcqp.dll (file missing)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - C:\WINNT\system32\nyzghcss.dll (file missing)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - C:\WINNT\system32\ppssfjux.dll (file missing)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - C:\WINNT\system32\rtyttboj.dll (file missing)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - C:\WINNT\system32\mjombrqn.dll (file missing)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - C:\WINNT\system32\itpzjfdx.dll (file missing)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - C:\WINNT\system32\azbjlivx.dll (file missing)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - C:\WINNT\system32\cbgewyuq.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8114349B-88A0-4F46-B082-2D5CD7587E6E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm
Advertisement
Register to Remove

Unread postby NikkJ » August 9th, 2005, 2:14 am

Hi Strigga
I will take alook at your log and see what can be done.
You currently are running HijackThis from here:

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\HijackThis.exe


Please make a folder here:
c:\HJT
and place HijackThis in that folder. It is important that HiJackThis is not run from a temporary location.

Once you have done this please run HJT nad post a fresh log here.
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

New HJT-Logfile

Unread postby strigga » August 9th, 2005, 4:02 am

Here u go. It´s a bit tricky to get this done as I can hardly use the windows explorer...



Logfile of HijackThis v1.99.1
Scan saved at 10:05:04, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\IomegaAccess.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Iomega\Common\ImgStart.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\Dit.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - C:\WINNT\system32\gultsjjw.dll (file missing)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - C:\WINNT\system32\lzxpjkzk.dll (file missing)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - C:\WINNT\system32\fmczibaa.dll (file missing)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - C:\WINNT\system32\ydmhjihe.dll (file missing)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - C:\WINNT\system32\xtpgnrzb.dll (file missing)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - C:\WINNT\system32\lfpfmczl.dll (file missing)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - C:\WINNT\system32\mjkglpwn.dll (file missing)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - C:\WINNT\system32\cusfgucr.dll (file missing)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - C:\WINNT\system32\xhsafhqv.dll (file missing)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - C:\WINNT\system32\yvyomurp.dll (file missing)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - C:\WINNT\system32\mvvdhcqp.dll (file missing)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - C:\WINNT\system32\nyzghcss.dll (file missing)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - C:\WINNT\system32\ppssfjux.dll (file missing)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - C:\WINNT\system32\rtyttboj.dll (file missing)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - C:\WINNT\system32\mjombrqn.dll (file missing)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - C:\WINNT\system32\itpzjfdx.dll (file missing)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - C:\WINNT\system32\azbjlivx.dll (file missing)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - C:\WINNT\system32\cbgewyuq.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8114349B-88A0-4F46-B082-2D5CD7587E6E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Solution found

Unread postby strigga » August 9th, 2005, 4:27 am

Hi NikkJ,

it appears that I could track down the problem myself. After renaming two files of the CD-ROM driver (cdral2k.syys and cdr4_2k.sys) everything seems to work again.

Many thanks for your effords

André
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Unread postby ChrisRLG » August 9th, 2005, 4:28 am

You do have some malware in that log, NikkJ will reply shortly.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby strigga » August 9th, 2005, 4:37 am

I have let Bitdefender do a full scan and it actually found one more.

<snip from BD-Logfile>
C:\WINNT\system32\cbgewyuq.dll Infiziert mit: Trojan.Golid.E
<snap>

It could quarantine the file. Is that the one you meant?

André
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Unread postby ChrisRLG » August 9th, 2005, 4:52 am

You have a whole string of lines in that log that need removing.

NikkJ will reply shortly, as a trainee here, he had to have his post checked before posting to yourself.

That is one of the files, but it is mutating each time you reboot.

Please post back with a new HJT log, and try to leave the machine turned on till NikkJ replies.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby strigga » August 9th, 2005, 4:54 am

This is the latest ;)

Logfile of HijackThis v1.99.1
Scan saved at 10:57:22, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\Dit.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
c:\programme\softwin\bitdefender8\bdmcon.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - C:\WINNT\system32\gultsjjw.dll (file missing)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - C:\WINNT\system32\lzxpjkzk.dll (file missing)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - C:\WINNT\system32\fmczibaa.dll (file missing)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - C:\WINNT\system32\ydmhjihe.dll (file missing)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - C:\WINNT\system32\xtpgnrzb.dll (file missing)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - C:\WINNT\system32\lfpfmczl.dll (file missing)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - C:\WINNT\system32\mjkglpwn.dll (file missing)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - C:\WINNT\system32\cusfgucr.dll (file missing)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - C:\WINNT\system32\xhsafhqv.dll (file missing)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - C:\WINNT\system32\yvyomurp.dll (file missing)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - C:\WINNT\system32\mvvdhcqp.dll (file missing)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - C:\WINNT\system32\nyzghcss.dll (file missing)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - C:\WINNT\system32\ppssfjux.dll (file missing)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - C:\WINNT\system32\rtyttboj.dll (file missing)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - C:\WINNT\system32\mjombrqn.dll (file missing)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - C:\WINNT\system32\itpzjfdx.dll (file missing)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - C:\WINNT\system32\azbjlivx.dll (file missing)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - C:\WINNT\system32\cbgewyuq.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8114349B-88A0-4F46-B082-2D5CD7587E6E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Unread postby NikkJ » August 9th, 2005, 4:59 am

Hi Strigga

I'm not sure what's causing your drive access problems, I'm pleased that you seem to have solved that issue, but you do have a lot of things that need to be cleared out of your system. I will help you clear them but please note :


  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

===============================

On the Windows 2000 taskbar:Click Start, point to Settings > Control Panel, and then click Add/Remove Programs.

Click Surf Sidekick and remove it.

Reboot your machine into Safe Mode
  1. Reboot the machine and wait for the beep.
  2. Rapidly press the F8 key until a menu of boot options appears
  3. Select Safe Mode

If your keyboard has a soft F lock remember to press it to enable the F8 key.

Run HijackThis and do a Scan Only

Check the box at the begining of each of these lines

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - C:\WINNT\system32\gultsjjw.dll (file missing)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - C:\WINNT\system32\lzxpjkzk.dll (file missing)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - C:\WINNT\system32\fmczibaa.dll (file missing)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - C:\WINNT\system32\ydmhjihe.dll (file missing)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - C:\WINNT\system32\xtpgnrzb.dll (file missing)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - C:\WINNT\system32\lfpfmczl.dll (file missing)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - C:\WINNT\system32\mjkglpwn.dll (file missing)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - C:\WINNT\system32\cusfgucr.dll (file missing)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - C:\WINNT\system32\xhsafhqv.dll (file missing)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - C:\WINNT\system32\yvyomurp.dll (file missing)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - C:\WINNT\system32\mvvdhcqp.dll (file missing)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - C:\WINNT\system32\nyzghcss.dll (file missing)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - C:\WINNT\system32\ppssfjux.dll (file missing)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - C:\WINNT\system32\rtyttboj.dll (file missing)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - C:\WINNT\system32\mjombrqn.dll (file missing)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - C:\WINNT\system32\itpzjfdx.dll (file missing)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - C:\WINNT\system32\azbjlivx.dll (file missing)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - C:\WINNT\system32\cbgewyuq.dll

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Microsofts Security Manager] khsi.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab



O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll

<<====== leave this line if you recognise the process

CLOSE ALL OTHER WINDOWS and click Fix Checked

Close HijackThis.

Unhide hidden files:
Double-Click on My Computer
Click on the View menu and then click on Folder Options.
(Windows 2000, XP; go to Tools menu, then Folder Options)
Click on the View tab.
In the dialogue box that pops up, find where it says "Show all files" and click to select it (if it wasn't already selected).
Find "Hide file extensions for known file types" and remove the check mark in the box by clicking on it.
Click on "Like Current Folder" button (near the top).
Click Apply button, then click OK and close My Computer.

Find and delete the following files - they may not be there so don't worry if you don't see them



k:\Buchfuehrung\HRInstmon.dll
<<====== leave this file if you recognise the process
C:\WINNT\system32\gultsjjw.dll
C:\WINNT\system32\lzxpjkzk.dll
C:\WINNT\system32\fmczibaa.dll
C:\WINNT\system32\ydmhjihe.dll
C:\WINNT\system32\xtpgnrzb.dll
C:\WINNT\system32\lfpfmczl.dll
c:\WINNT\system32\mjkglpwn.dll
C:\WINNT\system32\cusfgucr.dll
C:\WINNT\system32\xhsafhqv.dll
C:\WINNT\system32\yvyomurp.dll
C:\WINNT\system32\mvvdhcqp.dll
C:\WINNT\system32\nyzghcss.dll
C:\WINNT\system32\ppssfjux.dll
C:\WINNT\system32\rtyttboj.dll
C:\WINNT\system32\mjombrqn.dll
C:\WINNT\system32\itpzjfdx.dll
C:\WINNT\system32\azbjlivx.dll
C:\WINNT\system32\cbgewyuq.dll
khsi.exe
<<=====location unknown

find and delete this directory and all of it's content:

C:\Programme\SurfSideKick 3

Reboot in normal mode
run HijackThis and post a new log here for review.
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

Unread postby strigga » August 9th, 2005, 6:01 am

This is the new logfile.

I did not remove

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

as that appears to be part of the acrobat reader.

Th the rest of the logfile looking OK to you?

André


Logfile of HijackThis v1.99.1
Scan saved at 12:03:27, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\System32\ZipToA.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINNT\Explorer.EXE
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\Dit.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programme\Acrobat Reader\Reader\reader_sl.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - (no file)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - (no file)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - (no file)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - (no file)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - (no file)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - (no file)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - (no file)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - (no file)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - (no file)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - (no file)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - (no file)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - (no file)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - (no file)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - (no file)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - (no file)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - (no file)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - (no file)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8114349B-88A0-4F46-B082-2D5CD7587E6E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Unread postby NikkJ » August 9th, 2005, 7:23 am

Thank you André,

You are correct to leave the line in. I left it there by mistake :oops: :oops:

You need to go back into safe mode
Run HJT - Scan Only
Check the following lines

02 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - (no file)
02 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - (no file)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - (no file)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - (no file)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - (no file)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - (no file)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - (no file)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - (no file)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - (no file)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - (no file)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - (no file)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - (no file)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - (no file)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - (no file)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - (no file)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - (no file)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - (no file)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - (no file)


Make sure that all other windows are closed and click Fix Checked.

Reboot and post another HJT log here for a last look (I hope).
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

Unread postby strigga » August 9th, 2005, 9:36 am

Hi Nikkj,

I´ll have to leave these lines as they are right now as I´m running out of time. If I got that right, they won´t do no harm. I´ll remove these on Friday and post the logfile.

Many thanks for your help wich is much appreciated!
André
P.S. Leave this board as it is. It´s working!!!!!!
strigga
Active Member
 
Posts: 7
Joined: August 8th, 2005, 7:31 pm

Unread postby NikkJ » August 9th, 2005, 10:44 am

:lol: Ok
Remember the thread is closed off after 14 days. If you have problems after that follow the forum instructions to have it re-opened.


Nick
User avatar
NikkJ
MRU Honors Grad Emeritus
 
Posts: 413
Joined: June 16th, 2005, 12:26 pm
Location: London

Unread postby NonSuch » August 22nd, 2005, 1:40 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27215
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware