Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJack this Log and a Ewindo file

Started by rusty38dei , Oct 21 2006 11:52 AM

  • This topic is locked This topic is locked

#1
rusty38dei
Posted 21 October 2006 - 11:52 AM

rusty38dei

    Member

  • Member
  • PipPip
  • 85 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:51:36 PM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\THDBG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Giles Family\Desktop\HijackThis(2).exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THDBG] C:\WINDOWS\THDBG.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
O4 - HKCU\..\Run: [Ojj] C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe
O4 - HKCU\..\Run: [scvhost] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [Osiw] "C:\DOCUME~1\GILESF~1\MYDOCU~1\ASEMBL~1\wowexec.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1133097428000
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe








---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:44:48 PM 10/21/2006

+ Scan result:



C:\Program Files\Mozilla Firefox\SetupPoker.exe -> Adware.Casino : No action taken.
C:\WINDOWS\system32\scvhost.exe -> Backdoor.Bifrose.wr : No action taken.
C:\Program Files\PestPatrol\Quarantine\20060610195037.zip/Documents and Settings/Giles Family/Cookies/giles family@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\PestPatrol\Quarantine\20060610195037.zip/Documents and Settings/Giles Family/Cookies/giles family@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.12:C:\Documents and Settings\Giles Family\Application Data\Mozilla\Firefox\Profiles\u6td62f6.Default User\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\PestPatrol\Quarantine\20060610195037.zip/Documents and Settings/Giles Family/Cookies/giles family@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.17:C:\Documents and Settings\Giles Family\Application Data\Mozilla\Firefox\Profiles\u6td62f6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.18:C:\Documents and Settings\Giles Family\Application Data\Mozilla\Firefox\Profiles\u6td62f6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.19:C:\Documents and Settings\Giles Family\Application Data\Mozilla\Firefox\Profiles\u6td62f6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.20:C:\Documents and Settings\Giles Family\Application Data\Mozilla\Firefox\Profiles\u6td62f6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Program Files\PestPatrol\Quarantine\20060610195037.zip/Documents and Settings/Giles Family/Cookies/giles family@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.


::Report end






PLEASE HELP :whistling:



I have noticed my task manager is also messed up now, I went and shut down firefox one time since this has been going on, and now when i go to task manager all my tabs are gone. Please Help I have no clue what to do next


I have scanned my pc with XoftSpy v.4.22 and I am alarmed at what i found, but it wont let me delete things unless i buy it :blink:......
I would be more than happy to make a contribution to someone that can help me out here... Some of the things found are as follows..................Cowabanga,,, Adshooter,,,,Adwareloader,,,,mediamotor (3) times,,,,overspy,,,,,CIA,,,,,,PuriatyScan,,,,,,Yazzle Cowabunga

Edited by rusty38dei, 23 October 2006 - 07:17 PM.

  • 0

Advertisements

#2
rusty38dei
Posted 23 October 2006 - 08:13 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
:blink:


:whistling:
  • 0

#3
andydf
Posted 25 October 2006 - 11:33 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi rusty38dei

Please follow these instructions.

1. Download combofix.exe from one of the links below:

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let me know how your system's working. :blink:

Andy :whistling:
  • 0

#4
rusty38dei
Posted 25 October 2006 - 04:02 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Thanks Andy, I greatly appreciate your help here are this items you asked for


Giles Family - 06-10-25 17:56:09.75 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Giles Family\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\Program Files\Cowabanga

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Giles Family\Application Data\SSTEM3~1
C:\QooBox\Purity\Documents and Settings\Giles Family\Application Data\SSTEM3~1\?ti2evxx.exe
C:\QooBox\Purity\Documents and Settings\Giles Family\My Documents\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Giles Family\My Documents\ASEMBL~1\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Giles Family\My Documents\ASEMBL~1\wowexec.exe
C:\QooBox\Purity\Program Files\Common Files\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))


2006-10-23 21:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-23 21:40 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-21 11:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-20 19:59 131,072 --a------ C:\WINDOWS\system32\mqtktmxh.dll
2006-10-07 12:02 2 --a------ C:\WINDOWS\system32\wtstr.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-25 17:56 -------- d-------- C:\Program Files\Common Files
2006-10-25 17:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-25 17:50 -------- d-------- C:\Documents and Settings\Giles Family\Application Data\Azureus
2006-10-24 20:45 -------- d-------- C:\Program Files\ShotOnline International
2006-10-23 21:42 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-23 21:40 -------- d-------- C:\Documents and Settings\Giles Family\Application Data\PC Tools
2006-10-23 21:10 -------- d-------- C:\Program Files\NoAdware4
2006-10-23 21:07 -------- d-------- C:\Program Files\XoftSpy
2006-10-22 15:03 -------- dr-h----- C:\Documents and Settings\Giles Family\Application Data\yahoo!
2006-10-22 15:02 -------- d-------- C:\Program Files\Yahoo!
2006-10-21 17:32 -------- d-------- C:\Program Files\rFactor
2006-10-21 11:43 -------- d-------- C:\Program Files\Grisoft
2006-10-20 19:59 -------- d-------- C:\Documents and Settings\Giles Family\Application Data\àdobe
2006-10-10 21:26 -------- d-------- C:\Program Files\Azureus
2006-10-06 14:02 -------- d---s---- C:\Documents and Settings\Giles Family\Application Data\Microsoft
2006-10-06 14:02 -------- d-------- C:\Program Files\PC MightyMax
2006-10-06 13:47 -------- d-------- C:\Program Files\Online Services
2006-10-04 19:47 -------- d-------- C:\Program Files\WinZip
2006-09-21 18:40 -------- d-------- C:\Program Files\OpenSpeedWay OnlineCarUpdate
2006-08-31 18:04 -------- d-------- C:\Program Files\C-Media
2006-08-25 16:05 -------- d-------- C:\Program Files\SpywareBot
2006-08-19 14:20 873 --a--c--- C:\Documents and Settings\Giles Family\Application Data\AdobeDLM.log
2006-08-19 14:20 0 --a--c--- C:\Documents and Settings\Giles Family\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Start WingMan Profiler"=""
"BitTorrent"="C:\\Program Files\\BitTorrent\\bittorrent.exe --force_start_minimized"
"Ojj"="C:\\Documents and Settings\\Giles Family\\Application Data\\s?stem32\\?ti2evxx.exe"
"Osiw"="\"C:\\DOCUME~1\\GILESF~1\\MYDOCU~1\\ASEMBL~1\\wowexec.exe\" -vt ndrv"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"C-Media Mixer"="Mixer.exe /startup"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"THDBG"="C:\\WINDOWS\\THDBG.EXE"
"spywarebot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
"location"="Common Startup"
"item"="HPAiODevice(hp psc 700 series) - 1"
"command"="C:\\PROGRA~1\\HEWLET~1\\AiO\\HPPSC7~1\\Bin\\hpobrt07.exe -DeviceID 1093960242"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Giles Family^Start Menu^Programs^Startup^PalNetaware.lnk]
"location"="Startup"
"item"="PalNetaware"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Giles Family^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"location"="Startup"
"item"="PowerReg Scheduler V3"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APVXDWIN"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro 1"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetHook"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtray2k"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtraylsi"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sais]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sais"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Inicio"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Trjscan"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McAfee AntiSpyware.job

Completion time: 06-10-25 17:57:15.85
C:\ComboFix.txt ... 06-10-25 17:57





Logfile of HijackThis v1.99.1
Scan saved at 6:00:48 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\THDBG.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\DOCUME~1\GILESF~1\MYDOCU~1\ASEMBL~1\wowexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Giles Family\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THDBG] C:\WINDOWS\THDBG.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
O4 - HKCU\..\Run: [Ojj] C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe
O4 - HKCU\..\Run: [Osiw] "C:\DOCUME~1\GILESF~1\MYDOCU~1\ASEMBL~1\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1133097428000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#5
rusty38dei
Posted 25 October 2006 - 06:44 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Andy, It is still screwed up its like 2 programs I use to play golf with are fighting over resourses....... Just my luck
  • 0

#6
andydf
Posted 26 October 2006 - 01:09 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi rusty38dei

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1.
First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Click This link for further help.

2.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {6732CD43-50D2-202D-D4AA-77B59BB3DF96} - C:\WINDOWS\system32\mqtktmxh.dll
O4 - HKCU\..\Run: [Osiw] "C:\DOCUME~1\GILESF~1\MYDOCU~1\ASEMBL~1\wowexec.exe" -vt ndrv

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these folders using Windows Explorer(if present):
Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!

C:\DOCUME~1\GILESF~1\MYDOCU~1\ASEMBL~1

Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

C:\WINDOWS\system32\mqtktmxh.dll

After that, Reboot.

3.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let me know how your system's working. :blink:

Andy :whistling:

Edited by andydf, 26 October 2006 - 01:38 PM.

  • 0

#7
rusty38dei
Posted 26 October 2006 - 07:44 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Only question i have Andy is, I had problems rebooting into safe mode for whatever reason. Michelle helped me out one time here and that was a snag but she got it back up to snuff somehow. So should I go ahead and do this without actaully rebooting in safe mode?

Thanks again for helping me Andy


:whistling:
  • 0

#8
andydf
Posted 27 October 2006 - 03:07 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
yes, perform the fix in normal windows
  • 0

#9
rusty38dei
Posted 27 October 2006 - 03:34 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Ok Andy, I hope I dont this right

ABC (remove only)
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Azureus
CCleaner (remove only)
CleanUp!
Codec Pack - All In 1 6.0.2.4
Dale Earnhardt Mainback
DivX Player
DVD Decrypter (Remove Only)
dvdSanta 4.00
HijackThis 1.99.1
HistoryWasher v1.04.1
J2SE Runtime Environment 5.0 Update 7
K-Lite Codec Pack 2.71 Full
Late Model Mod V2
Logitech Gaming Software
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Word Viewer 97
Mozilla Firefox (1.5.0.7)
NASCAR® Racing 2003 Season
Nero 7 Demo
NoAdware v4.0
NVIDIA Drivers
OpenSpeedWay Online Car Update
Paltalk Messenger
PCI Audio Driver
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
ShotOnline International
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
System Cleaner (remove only)
TaxACT 2004
TaxACT Georgia 2004
THOMSON USB Mass Storage Driver Installation
Update for Windows XP (KB898461)
USB Storage Adapter FX (THD)
VentriloMIX
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
XoftSpy







Logfile of HijackThis v1.99.1
Scan saved at 5:32:01 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\THDBG.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Giles Family\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [THDBG] C:\WINDOWS\THDBG.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
O4 - HKCU\..\Run: [Ojj] C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1133097428000
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




I also couldnt find those 2 files you were talking about deleting, I did a search on the PC from start/search/all files and folders and it found nothing
  • 0

#10
andydf
Posted 29 October 2006 - 01:52 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi rusty38dei

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please download Registrar Registry Manager Lite

Install it, then please run the program.

Copy and paste the follow text into the address bar, then hit 'Go':

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

In the panel on the right are the values associated with that key.

We want to find this one:

_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Notice the underscore at the beginning.

Right click on it, and select delete.
If you get a confirmation question, respond OK then close out the program.

Next
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Ojj] C:\Documents and Settings\Giles Family\Application Data\s?stem32\?ti2evxx.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Please delete this folder using Windows Explorer(if present):

C:\Documents and Settings\Giles Family\Application Data\s?stem32

The ? in the folder path could be any character, if it is there delete the whole folder.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let me know how your system's working. :blink:

Andy :whistling:
  • 0

#11
rusty38dei
Posted 30 October 2006 - 05:21 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hey Andy, Thanks again for your help, my computer seems to be a little bit faster now. Man you guys sure know your stuff. I wont know for sure though till I play the golf game and have ventrillo up at the same time. The golf game is down tonight for maintainance :whistling:

Here is the new HiJack this log file

Logfile of HijackThis v1.99.1
Scan saved at 6:18:02 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\THDBG.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Giles Family\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [THDBG] C:\WINDOWS\THDBG.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1133097428000
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Andy, why would my task manager be messed up,, used to I could see the tabs with Applications then Processes and so forth. Now when i hit control alt delete all i see is task and status. To close it i have to go to the system trey and right click and then close

Edited by rusty38dei, 30 October 2006 - 07:10 PM.

  • 0

#12
andydf
Posted 31 October 2006 - 02:25 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi rusty38dei

It sounds like your viewing the task manager in simple mode, try double clicking the outer edge of the task manager display (not the top). Try that and let me know what happens.

Also you may want to look HERE the program NoAdware has been de-listed from this list but you may wish to read it for information.

Andy :whistling:
  • 0

#13
rusty38dei
Posted 31 October 2006 - 09:19 PM

rusty38dei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Yep thats my problem, DOHHHH,,,, thought that was a virus or something intended to keep me from shutting a task down......Shows how bright I am....... :whistling:

So I guess you dont see any other problems with my pc? Thanks for your help man I honestly do appreciate it.
  • 0

#14
andydf
Posted 01 November 2006 - 01:18 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi rusty38dei

Congratulations, your log is clean :blink:

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
Only use one antivirus and one firewall, more than one may cause conflicts.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Andy :whistling:
  • 0

#15
andydf
Posted 04 November 2006 - 01:15 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP