Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Need help.

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 3 posts
Hey this is my first time posting here.so if you could just work with me.ne ways whenever i startup windows and get to the log on screen of XP and then log on my screen name as soon as i log on my computer restarts. it does this for all the screen names on our comp.and we can only boot up in safe mode.ive run all the programs taht this site told me to except the shreder one and the avg virus scan cause they dont work in safe mode which is the only we can boot up ne ways please help. thanks in advance
  • 0




    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please visit this page and scroll down to Step 5. Follow the instructions there to download a tool called Hijackthis and post a log here as a reply to this post.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hey sam thank you soo much for your help you are the greatest.well here is my log i think i did it right.and thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 9:18:57 AM, on 10/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O1 - Hosts: view.atdmt.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {4BE36B5D-5845-EBD2-5168-BD5451EFDC12} - C:\WINDOWS\System32\wawudurj\jowirfya.dll
O2 - BHO: (no name) - {4DB479BF-6334-F5A9-9CE4-109EB0226FB0} - C:\WINDOWS\System32\yykjyylh.dll (file missing)
O2 - BHO: (no name) - {57156A64-D2C7-056B-0108-200E45C07E03} - C:\WINDOWS\System32\jnupffiu\fqbmxtni.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {807C9674-19E7-B612-F24B-A154612635C6} - C:\WINDOWS\System32\cvrbskqe.dll
O2 - BHO: (no name) - {8241B216-B757-8AA3-C25F-939F8406BB3A} - C:\WINDOWS\System32\mlxnvvdm.dll (file missing)
O2 - BHO: (no name) - {F1C2D4C0-D39F-4C7A-D89E-947417080C27} - C:\WINDOWS\System32\khnveeqd.dll
O2 - BHO: (no name) - {F87C71A2-6E63-C678-CB74-A793466CCD76} - C:\WINDOWS\System32\jhcmsivf\qsofuljb.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\cyb2k.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe
O4 - HKCU\..\RunOnce: [Windows USB Driver Support] WINDOWSUSB.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://webmail.dotd....a.us/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://webmail.dotd..../dolcontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104696479026
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.47/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: sgwuquojbm - Unknown owner - C:\WINDOWS\System32\quojbm\sgwu.exe
O23 - Service: Symantec Core LC - Symantec - C:\WINDOWS\System32\symlcsvc.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: vodirnvpbeur - Unknown owner - C:\WINDOWS\System32\nvpbeur\vodir.exe
O23 - Service: yqjuvfbptvjbw - Unknown owner - C:\WINDOWS\System32\tvjbw\yqjuvfbp.exe
  • 0



    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You've got quite a few things going on there, but the first issue that must be addressed before we can go any further is your Windows updates. You are far behind on critical updates. Please visit Windows Update and install SP1a.


It's important that you do not install SP2 yet. Problems can occur if you install SP2 on an infected computer.

Once you have installed SP1 please post a new hijackthis log and we'll get you fixed up. :tazz:
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hey sam sry its been so long our internet got knocked out for some reason.but ne ways. i think we have a bootleg version of xp because it wont let me install that update on my comp because of an invalid number or somthin like that.ne ways i dont know what to do now.
  • 0



    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
While we understand that you may not have been aware, your copy of Windows is not legitimate. Unfortunately, we are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitmate copies of Windows. Thank you for understanding.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP