Log Help please! Dont know what to remove

I've run adware and spybot multiple times. Just got this suggestion from this board. Here is the log. Please help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:16 AM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\addye.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\addgd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\psiti.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\psiti.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\psiti.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\psiti.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\psiti.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\psiti.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.espn.com
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {18C2FFB3-2CF1-8321-B820-911675DD61A5} - C:\WINDOWS\system32\mfcev32.dll
O2 - BHO: Class - {684D8316-B9C2-464B-BD62-8EF1A6D52F75} - C:\WINDOWS\system32\addty32.dll
O4 - HKLM\..\Run: [addgd.exe] C:\WINDOWS\system32\addgd.exe
O4 - HKLM\..\Run: [netoj32.exe] C:\WINDOWS\system32\netoj32.exe
O4 - HKLM\..\Run: [apijr32.exe] C:\WINDOWS\system32\apijr32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysds.exe] C:\WINDOWS\system32\sysds.exe
O4 - HKLM\..\Run: [ntti32.exe] C:\WINDOWS\system32\ntti32.exe
O4 - HKLM\..\Run: [crwn.exe] C:\WINDOWS\system32\crwn.exe
O4 - HKLM\..\Run: [d3qy.exe] C:\WINDOWS\d3qy.exe
O4 - HKLM\..\Run: [d3vt.exe] C:\WINDOWS\system32\d3vt.exe
O4 - HKLM\..\Run: [ipka.exe] C:\WINDOWS\system32\ipka.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iecr32.exe] C:\WINDOWS\system32\iecr32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addye.exe" /s (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

Hi mrdisgusting2005 and Welcome to GeekstoGo!

Please download these tools first but dont run them yet,just update the ones I ask you to!

CWShredder
http://cwshredder.ne.../CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated

ABout Buster
http://www.besttechi...?showtopic=1488

Follow the Instructions inside the link to Update it

CleanUp!
http://downloads.ste...p/CleanUp40.exe

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket KillBox from here:
http://www.bleepingc...les/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Once all those are downloaded and any updated that need it!

Post a fresh HijackThis log and try to avoid restarting until I post back!

#1
mrdisgusting2005

Posted 12 August 2005 - 12:06 PM

Advertisements

#2
Wizard

Posted 12 August 2005 - 07:10 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us