Proplems W/peopleonpeople&multiple others

MadMax45MadMax45
edited February 2005 in Spyware & Virus Removal
:( To any and all That may be able to Help,
I posted here a few days ago and SpywareShooter attempted to assist
me (much appreciated, by the way). Unfortunately, my tale of woe continues...after doing all that was suggested and them some, I still have
all sorts of problems and kinks with my system. I am using Xp service pack2,
I'm firewalled(well xps), running Ez antivirus and several different spyware services(which detect all sorts of spyware after each bootup) My current Hijackthis log appears as so:

Logfile of HijackThis v1.99.0
Scan saved at 1:01:57 AM, on 2/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\SYSTEM32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
F:\Program Files\Executive Software\Diskeeper\DkService.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
F:\Program Files\Microsoft IntelliType Pro\type32.exe
F:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
F:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Maxwell\Desktop\dwnlds\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [type32] "F:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [VetTray] F:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "F:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098293043576
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{819FB936-D72E-4593-B9AC-59B390B3BD24}: NameServer = 151.164.70.201,151.164.1.8
O23 - Service: CA ISafe - Computer Associates International, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

I am unable to use system restore, though I attempted to even from safe mode. I don't really want to reformat....any ideas would be appreciated. I
have run cwshredder and hsremove with no joy.
Thanks,
MadMax

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited February 2005
    Please run these two online scans.
    Make sure they are set to clean automatically:

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    If there are files that can not be removed by the scans please include that information in your next post. Let me know what the virus scans find and if it has made any difference with your problems.



    Reboot and post a new hijackthis log.
  • MadMax45MadMax45
    edited February 2005
    Buckeye_Sam wrote:
    Please run these two online scans.
    Make sure they are set to clean automatically:

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    If there are files that can not be removed by the scans please include that information in your next post. Let me know what the virus scans find and if it has made any difference with your problems.



    Reboot and post a new hijackthis log.
    Well I appreciate the help Buckeye_Sam, I hadn't tried those particular sites before...but whatever I've got they didn't get it. They found about 28 or so problems between the two and said they were fixed and then I ran about buster,hsremove, cw shreddar, adawarese, scan spyware,eztrust anti-virus
    and then I rebooted....Gee I start running the scans again They're back. I got afeeling I'm gonna have to reformat...Oh well, here is my latest hijack this log...
    Logfile of HijackThis v1.99.0
    Scan saved at 3:47:51 PM, on 2/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    F:\Program Files\Executive Software\Diskeeper\DkService.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Microsoft IntelliType Pro\type32.exe
    F:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    F:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
    F:\Documents and Settings\Maxwell\Desktop\dwnlds\hijackthis\HijackThis.exe
    F:\WINDOWS\system32\wuauclt.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [type32] "F:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [VetTray] F:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "F:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098293043576
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{819FB936-D72E-4593-B9AC-59B390B3BD24}: NameServer = 151.164.70.201,151.164.1.8
    O23 - Service: CA ISafe - Computer Associates International, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service - SiSoftware - F:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
    O23 - Service: VET Message Service - Computer Associates International, Inc. - F:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

    I've got a lot of video files and such that I need to process before I can wipe er down so if you see anything in the log let me know. Thanks again.
    MadMax45
    P.S. Spybot too, was run.
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited February 2005
    There's nothing in your log that would indicate a problem. Can you remember what the online scans found? What kind of issues are you having?
Sign In or Register to comment.