Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 07-21-2006, 02:21 AM   #1
Beta Member
Join Date: Jul 2006
Posts: 4
Exclamation Please Help

Can anyone please tell me what is wrong with my pc...and how to fix it..
i ran spybot and it told me that I have problems with, windows update (disabled) Antivirus (disabled, override) firewall (disable, override), SP2update (disabled). These were all in the registry. I have just brought this P4 second hand and I am unsure what they have done to the reg. I need to know how to change or what to use to change the reg so I and use a firewall, antivirus and so on.. I have put in a log from Hijack this if that helps any one.. I do believe I have a virus or 4 but can not do anything about it until the reg has been changed.
Cheers and thank you for ur time.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:10 PM, on 7/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetComm\NB2\dslstat.exe
C:\Program Files\NetComm\NB2\dslagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Windows Core Kernel Update] C:\WINDOWS\System32\win32bootcfg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\NetComm\NB2\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\NetComm\NB2\dslagent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1153446372109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153446333875
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F006CB2-0F71-4380-95C5-3B806187BB49}: NameServer =
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: K4NV - Unknown owner - C:\WINDOWS\k4nv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

holdengirl_75 is offline   Reply With Quote
Old 07-21-2006, 02:36 AM   #2
Deathstar's Avatar
Join Date: Mar 2006
Posts: 756
Default Re: Please Help

This one is the only one I can see that looks suspect.......O23 - Service: K4NV - Unknown owner - C:\WINDOWS\k4nv.exe

Run this BitDefender free online scan and see what it finds, you will need to install the ActiveX control for it to run.

Meanwhile I'll go look up O23 - Service: K4NV - Unknown owner - C:\WINDOWS\k4nv.exe and see what I can find.

EDIT: You have been into the Security Centre and tried to re enable your firewall, updates, AV etc yeah??

EDIT 2: Delete the folder C:\WINDOWS\k4nv.exe and delete any registry entries under the same name

Let us know what BitDefender found as well, and once all that is done try re enabling everything in the Security Centre again

Deathstar is offline   Reply With Quote
Old 07-21-2006, 03:22 AM   #3
Golden Master
ArrizX's Avatar
Join Date: Apr 2005
Posts: 16,069
Send a message via MSN to ArrizX
Default Re: Please Help

Im sorry, to go off topic, but, do you live In Holden Village, up Lake Chelan?

If you do, that would be too weird, lol
. ()()()()
./l ,[_\_\ ],
l---L ()lllllll()-
()_) ()_)--o-)_)
ArrizX is offline   Reply With Quote
Old 07-21-2006, 03:54 AM   #4
Deathstar's Avatar
Join Date: Mar 2006
Posts: 756
Default Re: Please Help

Originally Posted by ArrizX
Im sorry, to go off topic, but, do you live In Holden Village, up Lake Chelan?.......
Originally Posted by holdengirl_75
...... Cheers and thank you for ur time......
Sounds like she's an Aussie to me, Holden is a brand of car down here with a "cult" following
Deathstar is offline   Reply With Quote
Old 07-21-2006, 07:37 AM   #5
Beta Member
Join Date: Jul 2006
Posts: 4
Default Re: Please Help

thanks Death star will run the program first thing in the morning.... And yeah you are right im an Aussie and very much into "The Cult" lol...

Will let you know how I go.

holdengirl_75 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 04:20 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0