Results 1 to 4 of 4

Thread: needupdate? Shoot me.

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Default needupdate? Shoot me.

    First post here, so thanks for any advice you may be able to provide.

    So, I'm at the point where I'm almost tempted to abandon ship on this stupid computer and let it sink to the bottom of the depths of the sea.

    This lends me the question that someone here might be able to answer: "At what point do we simply say this operating system is hooped and it's time for the old save what documents you can, reformat and reinstall windows with stronger protection?" I mean, I'm an old school computer guy having started on XT's and that always worked in the old days. I've been surfing these websites since yesterday and installing kaspersky, Ewido, and about a dozen other anti-malware programs. Some of which say 'it's all gone, don't worry about it'. Others that say there are still almost 200 infected files and 4 different virii on my machine, etc. Either way, the needupdate page still comes up every time I load IE, so I'm not convinced all is well. There is no way I'm going to even consider doing any banking on this thing in the near future, so is all of this for nothing?

    I tried the safe mode, system restore off, run all antimalware stuff, etc. and at this point...Norton AV says there's nothing there but now it gives a warning that Windows thinks my AV software may or may not even be able to protect me. I'm a sitting duck from their viewpoint!

    Well, here we go. I guess the first part of requesting help here is to post a 'highjackthis' report? I downloaded and ran this today. Here's the report:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:21:57 AM, on 12/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\mssearchnet.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    d:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Bill\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cknw.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cknw.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6565.tmp
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


    Anyhoo, there ya have it. Any help would be greatly appreciated. And seriously, after hearing that there's almost 200 infected files can the operating system still be reliable. I'm not as knowledgeable about the guts of windows as I used to be about DOS (no I'm not over 40!).

    Regards, JohnSmith7145

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi johnsmith7145

    I agree sometimes a format & new windows install is easyer, safer to.

    If youd like to try cleaning >
    Download smitRem.exe and save the file to your desktop. (By noahdfear.)
    Double click on the file to extract it to it's own folder on the desktop.
    Dont run it yet

    If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup
    Don't run it yet!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Start Hijackthis and place a check next to these items If there.
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6565.tmp
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

    ====================================
    Hit fix checked and close Hijackthis.
    In addremove program's uninstall P2P Networking !!
    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    Open Spybot check for and fix any problems found.
    Open Ad-aware and do a full scan. Remove all it finds.

    Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
    Get this free onlines scan and post the results

    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.

    Download System Security Suite.
    http://www.igorshpak.net/
    If that site is unavailable use this link please
    http://forums.subratam.org/index.php...=post&id=25013
    Extract it from the zip file and run setup.exe
    after the install you can delete setup.exe and the downloaded zip file
    Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
    'Clear Selected Items'. You will be prompted to reboot, do so.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
    Let us know if any problems persist

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    How is the pc acting John ?

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,694

    Default

    Due to lack of a response this topic will be archived.
    If you need it re-opened please pm me or a forum mod.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •