Results 1 to 5 of 5

Thread: Noob needs help "Pipas.A"

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    2

    Default Noob needs help "Pipas.A"

    here is my HJT log


    ogfile of HijackThis v1.99.1
    Scan saved at 8:39:30 PM, on 12/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [dmwbw.exe] C:\WINDOWS\system32\dmwbw.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [dmbwi.exe] C:\WINDOWS\system32\dmbwi.exe
    O4 - Global Startup: MA111 Configuration Utility.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81E381D3-EC18-4E35-908D-9EE295183EFD}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E2179F-48BC-4A03-84ED-7F3EEDC3132B}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A6FBF2-47D8-471E-AE72-77ADD99100D1}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2FCBD025-11B6-495E-A66B-1B938C8B3DB9}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corp

  2. #2
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    Please download FixWareout from one of these sites:

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  3. #3
    Junior Member
    Join Date
    Dec 2006
    Posts
    2

    Default

    Fixwareout
    Last edited 12/06/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    Searching by size/names...


    Search five digit cs, dm kd and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS\SYSTEM32\DMBWI.EXE 60,458 2006-02-28
    C:\WINDOWS\SYSTEM32\DMWBW.EXE 60,458 2006-02-28

    Other suspects.
    Directory of C:\WINDOWS\system32

    Misc files.

    Checking for older varients covered by the Rem3 tool.




    Logfile of HijackThis v1.99.1
    Scan saved at 9:40:17 AM, on 12/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\AIM\AIM Pro\aimpro.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\fixwareout\SUB\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - Global Startup: MA111 Configuration Utility.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81E381D3-EC18-4E35-908D-9EE295183EFD}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E2179F-48BC-4A03-84ED-7F3EEDC3132B}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A6FBF2-47D8-471E-AE72-77ADD99100D1}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  4. #4
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    First download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the programNOTE: this is a different program, not to be confused with AVG Antivirus

    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

    next open hiajckthis, click do a system scan only.
    checkmark these lines:
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81E381D3-EC18-4E35-908D-9EE295183EFD}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E2179F-48BC-4A03-84ED-7F3EEDC3132B}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A6FBF2-47D8-471E-AE72-77ADD99100D1}: NameServer = 85.255.114.22,85.255.112.205
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.205


    then close all other programs, leaving only hijackthis running
    and click fix checked


    then:
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


    also post the results of a fresh hijackthis scan

    good luck
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •