task manager disabled, pop ups...etc

Hello im new here and am having many problems with my computer.
1. my task manager isn't working. Whenever i press Ctrl+Shift+Esc it says that it's been disabled by the administrator even though im the administrator and didn't disable it.
2. I keep getting kicked off of line and afterward a message pops up saying dailing failed error #678. i know the name of the prgm is 125209.dlr but it won't stay deleted
3. a message saying danger...secure yourself spyware blah blah blah has replaced my background but whenever i delete it it returns the next time i log on. its a webpage. the url is http://213.159.117.130/?affid=NAT-25.
4. POP -UPs

hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 8:14:47 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\windows\temp\uuMe.exe
C:\WINDOWS\System32\mlqfor.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\cmpbk325.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\jawa32.exe
C:\WINDOWS\System32\cdsm3265.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alset\HelpExpress\Administrator\HXDL.EXE
C:\WINDOWS\System32\packager.exe
C:\WINDOWS\System32\GdytuJ.exe
C:\WINDOWS\System32\KiwY.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\CompuServe 2000\wcs2000.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.114-deleon.dll
O2 - BHO: (no name) - {D64FE69A-077D-4C64-BBEA-5FB4CB9A4EFB} - C:\WINDOWS\System32\dgsetjup.dll
O2 - BHO: (no name) - {EBFD2E49-E8F5-430F-89DE-3E359AA10C5B} - C:\WINDOWS\System32\najpl.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.114-deleon.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [2CC56HN52K#H7J] C:\WINDOWS\System32\Vich.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [uuMe] C:\windows\temp\uuMe.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [zdfdyrvjhu] C:\WINDOWS\System32\mlqfor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [0343c73f5888] C:\WINDOWS\System32\cmpbk325.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\Wast2.exe 2
O4 - HKLM\..\Run: [7293846bf9e3] C:\WINDOWS\System32\cdsm3265.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\Administrator\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE"
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000\cstray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsy...l/T_27/QDow.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0008.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0014.exe
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0019.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0014.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79D22082-11DD-4911-9638-5EFD87542BC1}: NameServer = 205.188.146.145
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll
O18 - Filter: text/plain - {2B869057-97F8-4A55-A323-4E24F4BD8A13} - C:\WINDOWS\System32\pip.dll
O20 - AppInit_DLLs: mad.dll
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

First off, go here and run an online scan:

Panda Active Scan

After the scan finishes go to Add/Remove Programs and Uninstall TVMedia.

Then you will need is your Windows CD. What we need to do is remove the mad.dll from the recovery console. So, get your Windows CD, put it in your drive, and reboot your PC. Let your PC boot to the CD. It will start scanning for hardware, etc... Let it do that, then you will come to a screen that says Welcome to Setup where you can choose to Repair Windows XP, you want to hit R to repair the installation, then on the next screen you will have a choice of the recovery console or emergency repair, you want to choose the recovery console, (I believe you hit R to get into it, it will say on the screen) Now, once in the recovery console. At the first prompt hit 1 then at the next enter your administrator password, if you don't have one, just hit enter. Next do the following.

Type: cd \windows\system32 & press the enter key
Type: del mad.dll & press the enter key
Assuming you get no errors,
Remove the Boot CD and type: exit & press the enter key

Then reboot to safe mode ( how to boot to safe mode: http://www.computerh...s/chsafe.htm#02 )

Then go to C:\windows\system32 find mad.dll and delete it.

Next, close all Windows and have HJT fix the following:

O20 - AppInit_DLLs: mad.dll

Also, from safe mode go to C:\Program Files\TV Media <-- Delete that folder and everything that may be in it.

Then reboot into normal mode and download and install SP1a from here:
http://www.microsoft...p1/default.mspx

After it's installed, post a new logfile.

Good luck! :tazz:

#1
lalaa16

Posted 23 June 2005 - 06:23 PM

Advertisements

#2
Besttechie

Posted 23 June 2005 - 07:47 PM

#3
Besttechie

Posted 23 June 2005 - 08:17 PM

#4
lalaa16

Posted 25 June 2005 - 09:57 AM

#5
Besttechie

Posted 25 June 2005 - 01:02 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us