View Full Version : Command Service....
yes, now i have it. Cannot remove it.
Any help will be greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 10:40:05 AM, on 7/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
E:\WINDOWS\System32\WF2K.EXE
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
E:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}\Update.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\program files\steam\steam.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Logitech\SetPoint\KEM.exe
E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\Program Files\Xfire\Xfire.exe
E:\WINDOWS\System32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Kv\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - E:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [DTVR Agent] E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [WinFoxV2] E:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Npvrsv] E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [sys_up1] E:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Aulc] "E:\DOCUME~1\Kv\MYDOCU~1\WNSXS~1\attrib.exe" -vt ndrv
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: DTV Remote Control.lnk = E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945605330
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - E:\WINDOWS\System32\zlara.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
*UPDATE*
thanks for any help.
Logfile of HijackThis v1.99.1
Scan saved at 2:44:48 PM, on 7/8/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
E:\WINDOWS\System32\WF2K.EXE
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}\Update.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\program files\steam\steam.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Logitech\SetPoint\KEM.exe
E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\Documents and Settings\Kv\Desktop\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - E:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [DTVR Agent] E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [WinFoxV2] E:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Npvrsv] E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [sys_up1] E:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Aulc] "E:\DOCUME~1\Kv\MYDOCU~1\WNSXS~1\attrib.exe" -vt ndrv
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: DTV Remote Control.lnk = E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945605330
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
Hello
No need to post more than one HJT log until a helper responds, the result of the on-line anti virus scan is preferable:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
While you are waiting for assistance please see:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)
Regards. :)
hmmm...i still need help! lol
THANK YOU!!!
Did you read this:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)
RE:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Please give feedback and again:
If you have waited FOUR days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836) ;)
LonnyRJones
2006-07-14, 14:36
Kavinda
Thanks for your patience, if your still in need of assistance and are not
recieving it at another forum, Post a fresh hijackthis log please.
hey, i think i have removed most of it, though i am not too sure
thanks for any help.
Logfile of HijackThis v1.99.1
Scan saved at 10:00:05 AM, on 7/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
E:\WINDOWS\System32\WF2K.EXE
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\Program Files\ipwins\ipwins.exe
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}\Update.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\program files\steam\steam.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
E:\Program Files\Power Mixer\pwmixer.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Logitech\SetPoint\KEM.exe
E:\Program Files\Xfire\Xfire.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Kv\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DTVR Agent] E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [WinFoxV2] E:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [IpWins] E:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Npvrsv] E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Aulc] "E:\DOCUME~1\Kv\MYDOCU~1\WNSXS~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [Power Mixer] "E:\Program Files\Power Mixer\pwmixer.exe" /m
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: DTV Remote Control.lnk = E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945605330
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-07-15, 09:05
Run hijackthis Hit "config" then "msic tools" > "open proccess manager'
select this proccess
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}\Update.exe
and click kill proccess
do that for these proccess to
E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
E:\Program Files\ipwins\ipwins.exe
Hit >back< then > Scan and Place a check next to these items.
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file
O4 - HKLM\..\Run: [IpWins] E:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [Npvrsv] E:\DOCUME~1\Kv\APPLIC~1\PPPATC~1\WCRTUP~1.EXE
O4 - HKCU\..\Run: [Aulc] "E:\DOCUME~1\Kv\MYDOCU~1\WNSXS~1\attrib.exe" -vt ndrv
=============
Now hit fix checked close hijackthis and restart your PC
manualy delete these folders
E:\Program Files\ipwins
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}
E:\Program Files\Common Files\svchostsys
E:\Program Files\ToolBar888
Post a new log
thanks for your help....
Logfile of HijackThis v1.99.1
Scan saved at 6:10:21 PM, on 7/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
E:\WINDOWS\System32\WF2K.EXE
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}\Update.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\program files\steam\steam.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Program Files\Power Mixer\pwmixer.exe
E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Logitech\SetPoint\KEM.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\WINDOWS\System32\HPZipm12.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Kv\Desktop\hijackthis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DTVR Agent] E:\Program Files\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [WinFoxV2] E:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "E:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "E:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Power Mixer] "E:\Program Files\Power Mixer\pwmixer.exe" /m
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: DTV Remote Control.lnk = E:\Program Files\V-Stream Multimedia\DVBT Utilities\DVBTRCtl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945605330
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - E:\WINDOWS\System32\pmnqguh.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
LonnyRJones
2006-07-16, 15:34
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
REGEDIT4
;
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.
Delete this folder
E:\Program Files\Common Files\{E0F8A17E-08A3-1033-1126-041201200001}
How did that go ?
LonnyRJones
2006-07-21, 17:49
Please respond to This post
http://forums.spybot.info/showpost.php?p=33200&postcount=6
If you do not plan to update 'after' cleaning.. there is no sence whatsoever in cleaning it
This topic is closed.
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.