Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe restarting and Internet Explorer Popups.

Started by Basil_Evenstar , Nov 15 2006 11:38 PM

  • This topic is locked This topic is locked

#1
Basil_Evenstar
Posted 15 November 2006 - 11:38 PM

Basil_Evenstar

    Member

  • Member
  • PipPip
  • 12 posts
It's an age old story.
Man goes online.
Man picks up spyware.
Man destroys computer.

Well, I decided to be a little different and skip the last 1/3 of that story.

The problem is that explorer.exe likes to crash/restart often. Usually several times in a row. This is the result of spyware trying to open Internet Explorer and give me ads for spyware removal tools (gee, how nice of them). Usually its just explorer.exe that restarts and doesn't get to the pop ups though every once in a while I will get a pop up on Mozilla Firefox as well. Anyways, I've tried all the normal methods to getting rid of this stuff and it didn't get it all, so I come to you.

I use Ad-aware SE, SpyBlaster, Spybot S&D, and AVG Anti-spyware 7.5 (which is about to expire... I miss ewido already) for protection and detection currently.

Thanks in advance for your help!
Scott


HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:37:02 AM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Programs\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Programs\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Program Files\Trillian\trillian.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
D:\PROGRAMS\PROGRA~1\MOZILLA\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programs\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzos.dll,startup
O4 - HKLM\..\Run: [ktsjvbn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ktsjvbn.dll,zostvvf
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Fmajtxy] C:\Documents and Settings\Scott\My Documents\?racle\?xplorer.exe
O4 - Startup: Xfire.lnk = D:\Programs\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
Kat
Posted 16 November 2006 - 05:48 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo. My name is Kat, and I will be helping you!

Have you fixed entries using HijackThis already? If you have, please do NOT follow the instructions below. Instead, please perform the following to revert to the backup. I need to see everything that was there, in order to effectively help you.

To restore the backups:
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next to everything in that window
  • Click Restore
  • Click Yes
  • Reboot your computer
  • Run HiJackThis and post a new HiJackThis log for review.

_______________________________________

If you have NOT fixed anything with HijackThis, please follow these instructions:

1. Download ComboFix.exe using either of these links:

BleepingComputer

TechSupportForum

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#3
Basil_Evenstar
Posted 16 November 2006 - 04:57 PM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Well I did remove a few things but since it didn't solve the problem I restored them all before posted my original log, since I figured that would be better in catching everything.

ComboFix Log:

Scott - 06-11-16 17:40:37.10 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Scott"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Scott\My Documents\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\?icrosoft.NET


((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


2006-11-15 17:42 110,612 --a------ C:\WINDOWS\system32\nlofcaqb.exe
2006-11-13 17:27 110,612 --a------ C:\WINDOWS\system32\brvtpxsp.exe
2006-11-12 17:27 776,055 ---hs---- C:\WINDOWS\system32\xbeeg.bak2
2006-11-12 17:27 110,612 --a------ C:\WINDOWS\system32\rdsjcrnh.exe
2006-11-12 16:28 110,612 --a------ C:\WINDOWS\system32\fopbnldm.exe
2006-11-12 16:27 842,261 ---hs---- C:\WINDOWS\system32\xbeeg.bak1
2006-11-12 16:27 692,276 ---hs---- C:\WINDOWS\system32\geebx.dll
2006-11-12 16:22 94,208 --a------ C:\WINDOWS\system32\ktsjvbn.dll
2006-11-12 16:22 72,704 --a------ C:\WINDOWS\system32\hnwsesk.dll
2006-11-12 16:22 2 --a------ C:\WINDOWS\system32\wintsvcc.exe
2006-11-12 16:22 101,888 --a------ C:\WINDOWS\system32\drvzos.dll
2006-10-21 21:54 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-18 23:00 1,379 --a------ C:\WINDOWS\system32\sdbackup.reg
2006-10-18 21:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2006-10-18 21:08 197,120 --a------ C:\WINDOWS\patchw32.dll
2006-10-18 20:46 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-18 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-18 19:35 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-18 19:35 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-18 19:32 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-10-18 19:28 89,360 --------- C:\WINDOWS\system32\Vb5db.dll
2006-10-18 19:28 407,312 --------- C:\WINDOWS\system32\Msrepl35.dll
2006-10-18 19:28 368,912 --------- C:\WINDOWS\system32\Vbar332.dll
2006-10-18 19:28 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-18 19:28 252,176 --------- C:\WINDOWS\system32\Msrd2x35.dll
2006-10-18 19:28 24,848 --------- C:\WINDOWS\system32\Msjter35.dll
2006-10-18 19:28 123,664 --------- C:\WINDOWS\system32\Msjint35.dll
2006-10-18 19:28 1,045,776 --------- C:\WINDOWS\system32\Msjet35.dll
2006-10-18 19:20 46,080 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-18 19:20 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-18 19:20 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-10-18 18:29 9,728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys
2006-10-18 18:29 8,192 -ra------ C:\WINDOWS\system32\sysinfo.sys
2006-10-18 18:29 69,632 -ra------ C:\WINDOWS\system32\sw24.exe
2006-10-18 18:29 53,248 -ra------ C:\WINDOWS\system32\Nvgpio.dll
2006-10-18 18:29 208,896 -ra------ C:\WINDOWS\system32\sw20.exe
2006-10-18 18:29 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-18 18:29 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-18 18:29 114,688 -ra------ C:\WINDOWS\system32\sysinfo.dll
2006-10-18 18:29 1,474,560 -ra------ C:\WINDOWS\system32\msicpl.dll
2006-10-18 18:13 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-18 17:41 56,832 -ra------ C:\WINDOWS\system32\NicEtCoE.dll
2006-10-18 17:41 21,504 -ra------ C:\WINDOWS\system32\NicCo.dll
2006-10-18 17:41 20,480 -ra------ C:\WINDOWS\system32\NicInstE.dll
2006-10-18 17:41 199,168 -ra------ C:\WINDOWS\system32\drivers\e1e5132.sys
2006-10-18 17:41 163,840 -ra------ C:\WINDOWS\system32\e1000msg.dll
2006-10-18 17:41 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2006-10-18 17:34 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-18 17:34 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-18 17:34 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-18 17:34 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-18 17:34 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-18 17:34 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-18 17:34 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-18 17:34 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-18 17:34 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-10-18 17:34 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-18 17:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-18 17:34 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-18 17:34 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-18 17:34 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-18 17:34 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-10-18 17:33 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2006-10-18 17:33 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-10-18 17:33 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-10-18 17:33 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-10-18 17:33 4,271,616 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-10-18 17:33 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-10-18 17:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-18 17:33 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2006-10-18 17:33 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-10-18 17:33 16,206,848 -r------- C:\WINDOWS\RTHDCPL.exe
2006-10-18 17:33 1,448,960 --a------ C:\WINDOWS\SkyTel.exe
2006-10-18 17:27 71,758 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2006-10-18 17:27 55,042 --------- C:\WINDOWS\system32\drivers\L8042MOU.SYS
2006-10-18 17:27 24,766 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2006-10-18 17:17 38,146 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2006-10-18 17:17 37,888 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-10-18 17:17 15,008 --a------ C:\WINDOWS\system32\drivers\LUsbKbd.sys
2006-10-18 17:17 13,106 --------- C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2006-10-18 17:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-18 17:13 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-18 17:13 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-18 16:14 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-18 16:14 0 -rahs---- C:\MSDOS.SYS
2006-10-18 16:14 0 -rahs---- C:\IO.SYS
2006-10-18 16:14 0 --a------ C:\CONFIG.SYS
2006-10-18 16:14 0 --a------ C:\AUTOEXEC.BAT
2006-10-18 16:12 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-18 16:12 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-18 16:12 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-18 16:12 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-18 16:12 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-18 16:12 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-18 16:12 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-18 16:12 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-18 16:12 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-18 16:12 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-18 16:12 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-18 16:12 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-18 16:12 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-18 16:12 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-18 16:12 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-18 16:12 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-18 16:12 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-18 16:12 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-18 16:12 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-18 16:12 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-18 16:12 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-18 16:12 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-18 16:12 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-18 16:12 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-18 16:12 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-18 16:12 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-18 16:12 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-18 16:12 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-18 16:12 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-10-18 16:12 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-18 16:12 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-18 16:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-18 16:12 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-18 16:12 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-18 16:12 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-18 16:12 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-18 16:12 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-18 16:12 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-18 16:12 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-10-18 16:12 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-18 16:12 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-18 16:12 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-18 16:12 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-18 16:12 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-18 16:12 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-18 16:11 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-18 16:11 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-18 16:11 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-18 16:11 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-18 16:11 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-18 16:11 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-18 16:11 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-18 16:11 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-18 16:11 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-18 16:11 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-18 16:11 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-18 16:11 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-18 16:11 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-18 16:11 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-18 16:11 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-18 16:11 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-18 16:11 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-18 16:11 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-18 16:11 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-18 16:11 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-18 16:11 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-18 16:11 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-18 16:11 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-18 16:11 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-18 16:11 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-18 16:11 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-18 16:11 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-18 16:11 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-18 16:11 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-18 16:11 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-18 16:11 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-18 16:11 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-18 16:11 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-18 16:11 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-18 16:11 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-18 16:11 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-18 16:11 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-18 16:10 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-18 16:10 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-18 16:10 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-18 16:10 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-18 16:10 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-18 16:10 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-18 16:10 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-18 16:10 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-18 16:10 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-18 16:10 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-18 16:10 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-18 16:10 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-18 16:10 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-18 16:10 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-18 16:10 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-18 16:10 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-18 16:10 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-18 16:10 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-18 16:10 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-18 16:10 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-18 16:10 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-18 16:10 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-18 16:10 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-18 16:10 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-18 16:10 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-18 16:10 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-18 16:10 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-18 16:10 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-18 16:10 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-18 16:10 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-18 16:10 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-18 16:10 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-18 16:10 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-18 16:10 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-18 16:10 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-18 16:10 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-18 16:10 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-18 16:10 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-18 16:10 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-18 16:10 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-18 16:10 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-18 16:10 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-18 16:10 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-18 16:10 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-18 16:10 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-18 16:10 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-18 16:10 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-18 00:53 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-18 00:53 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2006-10-18 00:53 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-18 00:52 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-18 00:52 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-18 00:51 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-18 00:51 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-18 00:51 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-18 00:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-18 00:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-18 00:50 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-18 00:49 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-18 00:49 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-18 00:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-18 00:49 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-18 00:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-18 00:49 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-18 00:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-18 00:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-18 00:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-18 00:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-18 00:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-18 00:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-18 00:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-18 00:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-18 00:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-18 00:49 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-18 00:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-18 00:49 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-18 00:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-16 17:38 -------- d-------- C:\Documents and Settings\Scott\Application Data\Xfire
2006-11-16 17:31 -------- d-------- C:\Program Files\Common Files
2006-11-12 16:43 -------- d-------- C:\Documents and Settings\Scott\Application Data\Help
2006-11-07 22:24 -------- d-------- C:\Documents and Settings\Scott\Application Data\Sun
2006-11-02 23:54 -------- d-------- C:\Documents and Settings\Scott\Application Data\AdobeUM
2006-10-21 21:23 -------- d-------- C:\Program Files\Apple Software Update
2006-10-20 20:21 -------- d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
2006-10-18 23:00 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-18 23:00 -------- d-------- C:\Documents and Settings\Scott\Application Data\My Games
2006-10-18 22:41 -------- d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2006-10-18 22:34 -------- d-------- C:\Documents and Settings\Scott\Application Data\DivX
2006-10-18 22:19 -------- d-------- C:\Documents and Settings\Scott\Application Data\Macromedia
2006-10-18 22:17 -------- d-------- C:\Program Files\Yahoo!
2006-10-18 22:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-18 21:08 -------- d-------- C:\Program Files\Common Files\PocketSoft
2006-10-18 21:08 -------- d-------- C:\Documents and Settings\Scott\Application Data\Leadertech
2006-10-18 21:06 -------- d-------- C:\Program Files\Microsoft Games
2006-10-18 20:58 -------- d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Games
2006-10-18 19:43 -------- d-------- C:\Program Files\Common Files\Java
2006-10-18 19:39 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-18 19:36 -------- d-------- C:\Program Files\Internet Explorer
2006-10-18 19:36 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-18 19:35 -------- d-------- C:\Program Files\Windows Media Player
2006-10-18 19:35 -------- d-------- C:\Program Files\Winamp
2006-10-18 19:28 -------- d-------- C:\Program Files\Your Company
2006-10-18 19:20 -------- d-------- C:\Program Files\Google
2006-10-18 19:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 19:18 879 --a------ C:\Documents and Settings\Scott\Application Data\AdobeDLM.log
2006-10-18 19:18 0 --a------ C:\Documents and Settings\Scott\Application Data\dm.ini
2006-10-18 19:18 -------- d-------- C:\Program Files\Adobe
2006-10-18 19:16 -------- d-------- C:\Documents and Settings\Scott\Application Data\Lavasoft
2006-10-18 18:12 -------- d-------- C:\Documents and Settings\Scott\Application Data\Mozilla
2006-10-18 17:41 -------- d-------- C:\Program Files\Intel
2006-10-18 17:33 -------- d-------- C:\Program Files\Realtek
2006-10-18 17:23 -------- d-------- C:\Documents and Settings\Scott\Application Data\Logitech
2006-10-18 17:17 -------- d-------- C:\Program Files\Logitech
2006-10-18 17:17 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-18 16:22 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-18 16:22 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-18 16:22 -------- d-------- C:\Documents and Settings\Scott\Application Data\Identities
2006-10-18 16:14 -------- d-------- C:\Program Files\xerox
2006-10-18 16:14 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-18 16:13 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-18 16:12 -------- d-------- C:\Program Files\Outlook Express
2006-10-18 16:12 -------- d-------- C:\Program Files\NetMeeting
2006-10-18 16:12 -------- d-------- C:\Program Files\Movie Maker
2006-10-18 16:12 -------- d-------- C:\Program Files\Common Files\System
2006-10-18 16:12 -------- d-------- C:\Program Files\Common Files\Services
2006-10-18 16:12 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-18 16:11 -------- d-------- C:\Program Files\Windows NT
2006-10-18 16:11 -------- d-------- C:\Program Files\Online Services
2006-10-18 16:11 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-18 16:11 -------- d-------- C:\Program Files\Messenger
2006-10-18 16:11 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-18 16:10 -------- d-------- C:\Program Files\MSN
2006-10-18 00:50 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-18 00:50 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-18 00:49 62 --ahs---- C:\Documents and Settings\Scott\Application Data\desktop.ini
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Fmajtxy"="C:\\Documents and Settings\\Scott\\My Documents\\?racle\\?xplorer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"!AVG Anti-Spyware"="\"D:\\Programs\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"QuickTime Task"="\"D:\\Programs\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="D:\\Programs\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"DAEMON Tools"="\"D:\\Programs\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvzos.dll,startup"
"ktsjvbn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ktsjvbn.dll,zostvvf"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"nwiz"="nwiz.exe /install"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,50,00,00,00,00,00,00,00,d0,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,50,00,00,00,00,00,00,00,d0,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-16 17:41:20.67
C:\ComboFix.txt ... 06-11-16 17:41
  • 0

#4
Kat
Posted 17 November 2006 - 04:40 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Can you post a fresh HijackThis log now, please? :whistling:
  • 0

#5
Basil_Evenstar
Posted 17 November 2006 - 05:28 PM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:30:23 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Programs\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Programs\Program Files\Xfire\Xfire.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
D:\Programs\Program Files\Trillian\trillian.exe
D:\PROGRAMS\PROGRA~1\MOZILLA\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programs\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzos.dll,startup
O4 - HKLM\..\Run: [ktsjvbn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ktsjvbn.dll,zostvvf
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Fmajtxy] C:\Documents and Settings\Scott\My Documents\?racle\?xplorer.exe
O4 - Startup: Xfire.lnk = D:\Programs\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Basil_Evenstar, 17 November 2006 - 05:31 PM.

  • 0

#6
Kat
Posted 18 November 2006 - 11:59 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Thanks for that! Before we go any further, could I please see an uninstall list?? It's very simple to get, and takes only a few seconds. :whistling:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

I also see a nasty case of Vundo trying to hide on us. I need you to go to C:\HJT\HijackThis.exe. Right click on HijackThis, and choose the rename option. Rename it to Katstoy.exe then run HijackThis again, and post a fresh HJT log along with your Uninstall list. :blink:
  • 0

#7
Basil_Evenstar
Posted 18 November 2006 - 05:31 PM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My HJT never lets me show the Uninstall List, it crashes when I try. So here is a screenshot of the list that should work.
Uninstall_List_2.JPG

Logfile of HijackThis v1.99.1
Scan saved at 6:30:23 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Programs\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Programs\Program Files\Xfire\Xfire.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
D:\Programs\Program Files\Trillian\trillian.exe
D:\PROGRAMS\PROGRA~1\MOZILLA\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\Katstoy.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC502F9-29AD-4C88-BB26-8885F2AD67D0} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {32F3C14A-1FA1-2917-D9C5-092E81CBB111} - C:\WINDOWS\system32\hnwsesk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\pnejlwfa.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programs\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzos.dll,startup
O4 - HKLM\..\Run: [ktsjvbn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ktsjvbn.dll,zostvvf
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Fmajtxy] C:\Documents and Settings\Scott\My Documents\?racle\?xplorer.exe
O4 - Startup: Xfire.lnk = D:\Programs\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#8
Kat
Posted 18 November 2006 - 08:30 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Logs needed for next reply:

Vundo Log
new HJT log
  • 0

#9
Basil_Evenstar
Posted 19 November 2006 - 12:04 AM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
VundoFix:


VundoFix V6.2.8

Checking Java version...

Sun Java not detected
Scan started at 12:59:05 AM 11/19/2006

Listing files found while scanning....

C:\WINDOWS\system32\hnwsesk.dll
C:\WINDOWS\system32\ktsjvbn.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hnwsesk.dll
C:\WINDOWS\system32\hnwsesk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ktsjvbn.dll
C:\WINDOWS\system32\ktsjvbn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbeeg.bak2
C:\WINDOWS\system32\xbeeg.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 1:04:05 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Programs\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Programs\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAMS\PROGRA~1\MOZILLA\FIREFOX.EXE
D:\Programs\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\Katstoy.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DC502F9-29AD-4C88-BB26-8885F2AD67D0} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {32F3C14A-1FA1-2917-D9C5-092E81CBB111} - C:\WINDOWS\system32\hnwsesk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\pnejlwfa.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programs\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzos.dll,startup
O4 - HKLM\..\Run: [ktsjvbn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ktsjvbn.dll,zostvvf
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Fmajtxy] C:\Documents and Settings\Scott\My Documents\?racle\?xplorer.exe
O4 - Startup: Xfire.lnk = D:\Programs\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#10
Kat
Posted 19 November 2006 - 08:09 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. Please print or save these instructions to your desktop.

2. Please be sure you can view hidden files and folders:
  • Click Start
  • Double click on “My Computer”
  • Select Tools menu, and click on Folder Options..then click the View tab
  • Under Hidden Files and Folders heading, select “Show hidden files and folders”
  • uncheck the “hide protected operating systems files” options.
  • uncheck the “Hide file extensions for known file types” box
  • Click “yes” to confirm, then click “ok”


3. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)

O2 - BHO: (no name) - {2DC502F9-29AD-4C88-BB26-8885F2AD67D0} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {32F3C14A-1FA1-2917-D9C5-092E81CBB111} - C:\WINDOWS\system32\hnwsesk.dll (file missing)
O2 - BHO: (no name) - {BA7920E7-B508-E185-7F96-BD9EFE405098} - C:\WINDOWS\system32\kesmez.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\pnejlwfa.dll (file missing)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzos.dll,startup
O4 - HKLM\..\Run: [ktsjvbn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ktsjvbn.dll,zostvvf
O4 - HKCU\..\Run: [Fmajtxy] C:\Documents and Settings\Scott\My Documents\?racle\?xplorer.exe

O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)



4. Now close all windows other than HiJackThis, then click Fix Checked.

5. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

6. Delete this folder if found:

C:\Documents and Settings\Scott\My Documents\RACLE.. (whatever folder begins with those six letters)

7. Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\drvzos.dll
C:\WINDOWS\system32\ktsjvbn.dll


87. Reboot normally

9. Please open your AVG Anti spyware, and update it to the newest definitions. Then reboot to safe mode again, and run AVG as follows:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
10. Please post back here with a new HJT log, the AVG report, and the contents of the .bat file from the beginning of the fix.
  • 0

#11
Basil_Evenstar
Posted 20 November 2006 - 03:22 AM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm not exactly sure what you mean by "the contents of the .bat file from the beginning of the fix". Here are the other two things.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:17:03 AM 11/20/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{BB585690-6E51-4038-BE30-C7EDFA67D482}\RP50\A0005763.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{BB585690-6E51-4038-BE30-C7EDFA67D482}\RP51\A0006392.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{BB585690-6E51-4038-BE30-C7EDFA67D482}\RP52\A0006648.dll -> Adware.Agent : Cleaned.
:mozilla.315:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.155:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.156:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.157:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.223:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.224:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.310:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.311:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.312:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.262:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.263:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.264:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.265:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.266:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.258:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.71:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.257:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.104:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.105:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.106:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.274:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.275:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.307:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.308:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.309:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.300:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.301:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.302:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.293:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.294:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.210:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.211:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.212:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.213:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.214:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.190:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.191:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.192:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.193:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.194:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.168:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.170:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.268:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.277:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.278:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.279:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.280:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.281:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.282:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.283:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.284:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.256:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.58:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.85:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.86:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\hhopcb6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 4:20:24 AM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Programs\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Programs\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programs\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
D:\Programs\Program Files\Trillian\trillian.exe
D:\PROGRAMS\PROGRA~1\MOZILLA\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\Katstoy.exe

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programs\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programs\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: Xfire.lnk = D:\Programs\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programs\Program Files\Yahoo\Messenger\YahooMessenger.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programs\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#12
Kat
Posted 20 November 2006 - 10:28 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Sorry about that thing about the .bat file. I meant to delete that. :whistling:

Your log is clean. How is everything running now? Are you still having any issues??
  • 0

#13
Basil_Evenstar
Posted 21 November 2006 - 02:26 PM

Basil_Evenstar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Everything seems to be running like it should. Haven't had any errors, pop ups, or explorer.exe crashes since I ran the VundoFix.

Thank you for all your help.
Scott
  • 0

#14
Kat
Posted 21 November 2006 - 02:27 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Congratulations! Your log is now clean! :whistling:

Here are some items that you will want to add to your to-do list:

These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future:
I would strongly recommend reviewing and installing the following applications if you dont currently have them running on your system:

Use Anti-Virus Software
It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online and stand-alone Anti-Virus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software
It is imperitive that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Spyware/Adware Detection and Removal Programs:
Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE
How to use Ad-Aware SE to remove Spyware
[/list]Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D
How to use Spybot to remove Spyware
[/list]I strongly recommend using both of these programs to catch most spyware/adware

Prevention Programs:
  • SpywareBlaster -- SpywareBlaster will prevent spyware from being installed.
  • SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar -- Get the free Google Toolbar to help stop pop up windows.
Other Necessary Programs:
  • A More Secure Browser
    Internet Explorer is not the most secure and best browser.
    There are safer and better alternatives available. I recommend using Firefox
Be sure to also keep up with Windows and IE updates.

Windows Security and Critical Updates
http://v4.windowsupdate.microsoft.com/en/default.asp

Internet Explorer Security and Critical Updates
http://www.microsoft.com/windows/ie/default.asp

And also see TonyKlein's good advice
So how did I get infected in the first place?

Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

  • 0

#15
Kat
Posted 22 November 2006 - 12:50 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP