Jump to content


Photo

Unknown Startups for an inspired newbie


  • This topic is locked This topic is locked
1 reply to this topic

#1 iamlechter

iamlechter

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 June 2004 - 11:33 PM

I was suffering from Media Tickets for the longest time and seems now that I have rid my system of this plague? I have learned much from my research on how to rid myself of this virus, but still have little real understanding on my PC. I am trying to learn more. In the Start-up Inspector, I found several unknowns including llserv.exe and navscanner32.exe and C:\WINDOWS\System32\NvCpl.dll. I have read the FAQs as well as 'Answersthatwork' without result.

Would appreciate any feedback on my system according to my HJT results below. I feel like a child again learning the basics, please help me to learn.

Logfile of HijackThis v1.97.7
Scan saved at 12:23:43 PM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Startup Inspector for Windows\wsInspector.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abit.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.abit.com.tw
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abit.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.abit.com.tw
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Services] lsserv.exe
O4 - HKLM\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Services] lsserv.exe
O4 - HKLM\..\RunServices: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32D.exe
O4 - HKCU\..\Run: [NAVSCANNER32] NAVSCANNER32.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.abit.com.tw
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.abit.com.tw
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Really appreciate it.
Scott

#2 Pacman

Pacman

    Member

  • Emeritus
  • Pip
  • 6 posts

Posted 30 August 2004 - 06:30 AM

X - NAVSCANNER32 (NAVSCANNER32.EXE)

Added as a result of the RBOT.QC VIRUS!

X - NVIDIA Video drivers (video_32D.exe)

Added as a result of the AGOBGOT.KV VIRUS!
Paul Collins
(aka Pacman)
Pacman's Portal




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button