Free Malware Removal Forum

[thamior]

I downloaded Hijackthis and got the following:

Code: Select all

Logfile of HijackThis v1.99.1
Scan saved at 5:45:09 AM, on 11/3/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\svcnva.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\Robert\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocnva.dll/blank.html
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [FSH] C:\WINDOWS\system32\svcnva.exe home
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = upstairs
O17 - HKLM\Software\..\Telephony: DomainName = upstairs
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = upstairs
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = upstairs
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

any help would be much appreciated

[dobhar]

Hi thamior...

My name is dobhar and I will be looking over your log. Please give me some time to go look it over and I will post back as soon as possible. If you have any questions please post back as a reply to this Thread\Topic and I will be advised by email so I can return and help you. Please do not start another Thread\Topic.

Thank You,

[dobhar]

Hi thamior...

Two items need to be taken care of first...

(1) We can definitely help you, but first you need to help us. You are quite behind on your Windows Updates and Patches!!

• The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
  For WinXP SP1a please click here
• Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
  For Windows Update please click here

(2) You are running HijackThis from a zip file within a Temp folder. Two strikes!. HijackThis for one needs to run in a folder on it's own...not in the temp directory as one of the fixes we get you to run is to clean out the Temp folders so by you runnng the program from Temp it would get deleted along with any backup files that were created. Secondly your running HJT from the zip file and by doing than we cannot create backups.

Please download a self extracting copy of HijackThis from here and save it to your desktop. Double-click on the file hijackthis_sfx.exe file and it will self extract into it's own folder in C:\Program Files\HijackThis.
_____________________________________

After updating your Windows XP to SP1a please post back a new fresh log using HijackThis from it's new location.

Also please do not use the "code" or "quote" tags when posting back your new log as it is very hard to read the log. Instead of using these tags just paste the log into the thread

Thank You...

[thamior]

ok will do, I dont have much time now, but I wil llater and I already moved the Hijackthis since it told me to do so

[thamior]

yeaI dled the service pack but dont have the "privelgaeS" to install them so I have to wait for my father...whenever he feels like installing them...so it may be awhile...

[Nellie2]

thamior, please post a fresh hijack log once you have installed SP1a and dobhar will be happy to continue helping you. If we don't hear from you for 14 days then this thread will be closed, however you can ask for it to be re-opened or start a new one when you are ready.

[NonSuch]

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.