Junior Member
Hi!
I searched quite a lot today but couldn´t find a solution.
I have removed LinkOptimizer some weeks ago but there is still an entry in the Control Panel -> Add and Remove Software saying LinkOptimizer. But as I know it doesn´t help I didn´t use that option.
Is there any way to remove also that entry in the control panel?
Thanks for listening..
Member
Administrator
Please give us a HiJackThis log.
Junior Member
Hijack this file should be there now.
I startet also this Spy Sweeper...it found still some parts from LinkOptimizer and navexcel navhelper.
But I have no Idea whats left of them.
Administrator
Let's start at the beginning. This is the only way we know that #1 these things ARE on the computer, and #2, we have gotten them all removed.
There ARE entries in your log indicating some nasty items. There are ways to remove all, but steps must be followed correctly, and in order so begin here;
READ ME Before Posting A Request For Assistance!
Follow each step, IN ORDER. Once you have completed all steps, including running all the programs specified in SAFE MODE and having each program fix everything it finds, plus saving any logs noted including running and fixing with Spysweeper and and saving that entire log. Then reboot to normal mode, run a NEW HJT scan and save that log also.
Then post back here with ALL logs and we will see where we stand.
P.S.
Your log shows evidence of both AVG, which I assume is your current Anti-virus program and at least some remainders of Norton Anti-virus indicated by these entries;
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
Please do a search for all folders and files named Norton and also Symantec and delete all that you find.
There were also three instances of Internet Explorer running when you did your HiJackThis scan. Please be certain that all unnecessary programs, spysweeper, prevx, Motherboard Monitor, zBrowser Launcher, Skype and ALL browsers are closed when you run your next HJT scan.
Also, HiJackThis must be run from it's OWN folder so please be sure you locate it in it's own folder which you create.
Last edited by jholland1964; 09-17-2006 at 02:41 PM.
Junior Member
Hi!
I ran the whole order of instructions. So far I can say I got rid of quite some infections. And I haven´t found any recently after removing all of them hopefully.
In the log file there are still some empty entries and I have no idea what to do about them.
Administrator
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and Click ENTER.
HiJackThis then should be moved to this file C:\HiJackThis. It should not be run from another file. This is where backups will be saved in case they are needed and it won't save files to any other file name.
Secondly, you have programs that you have disabled by using msconfig. Please go back to msconfig and renable ALL start up programs. This is the only was we can be certain that all nasty programs have been removed. Once all this is finished then you can disable unnecessary programs, but for now we need to see everything in that auto start. So please re-enable those programs via msconfig.
Third, turn off background scanning of Windows Defender,
Ewido. These can be re-enabled later, but for now they should be turned off.
Fourth, turn off the program running from your "I" drive which is the mIRC Internet Relay Chat utility which allows you to connect to Internet based servers. This is a non-essential process and was NOT running during your first HJT scan.
Next go to C:\Windows\taskmgr.exe and remove the file noted in red. Don't delete the entire folder just that file.
Now go to C:\Programme\Prevx1\ and delete the file noted in Red.
Now run HJT again and place checkmarks next to the following entries if still present;
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programme\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINDOWS\taskmgr.exe (file missing)
Now once you have placed those checkmarks click the FIX button. Exit HJT.
Reboot and run HJT again. Save that new log and post it here.
Junior Member
Here we go...
So, I have done as you said.
I deleted the whole Prevx1 directory and the taskmgr.exe has been killed by Panda Antivirus this morning.
I only found C:\WINDOWS\taskman.exe. The file info says that its from Microsoft but the Filename quite suspicious.
There is also taskmanager.ocx, TaskMangr, TaskMgrHlp.dll; TaskMgrRunDll.
The last file opened with notepad shows this nice entry:
+---[ System Stats ]----------------------------------+
¦
¦ * Uptime....... %ServerDays Days, %ServerHours Hours, %ServerMins Mins, %ServerSecs Secs
¦ * Currently logged in..................... %UNow
¦ * Logged in total..................... %UAll
¦ * Average Speed.................... %ServerAvg kb/sec
¦ * Current Speed.................... %ServerKBps Kb/sec
¦ * Amount of files downloaded................ %ServerFilesDown
¦ * Amount of files uploaded.................. %ServerFilesUp
¦ * Current HD space.................... %dfree MB
¦
¦ * *
¦
+---[ XBOX-HAVEN ]------------------------------+
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-[ RAPE THE BANDWITH ]-
__
/ \
[ ]
\__/
\ |
\|\
| \ /---
/\----------------| X |
/ \ \ \_O
/ \ \
-[ MICROSOFT LOSES! ]-
But It seems these files are all not in use.
I also attached some WPfind logs. Maybe they can be helpful.
BR Ulle
Administrator
I have asked a couple others to take a look and see what they think here. One of us will get back to you asap.
Judy
Administrator
Still going through the logs. Have YOU personally installed the FamilyKeyLogger program?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote