Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Please HELLLLLLLP

Started by indianahx , Sep 28 2007 05:14 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 indianahx

indianahx

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 28 September 2007 - 05:14 PM

my last topic was closed without my getting a response from the user that was helping me. Is there anyone who can help me out w/ my HJT log and removal of all this ridiculous spyware/malware/popups....WHATEVER it's called?!?!?!?? THANKS GUYS!!!!

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 29 September 2007 - 04:22 AM

Hi We are very busy here, so if a topic goes 5 days without a response from you, we will close it. Can you post a new HijackThis log, with a brief description of your problems?
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 indianahx

indianahx

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 29 September 2007 - 10:08 AM

i am currently at work but will be able to get you an HJT log by the end of the night. and i had actually responded to my topic but it was because i received no response from the person helping me i guess?? went almost 10 days or so w/o getting a response so i posted this new one. i'll get on that log......

#4 indianahx

indianahx

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 02 October 2007 - 08:27 PM

Logfile of HijackThis v1.99.1 Scan saved at 10:19:39 PM, on 10/2/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\Grisoft\AVG7\avginet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Security Tools\iesplg.dll (file missing) O2 - BHO: Editor plugin - {41F0460B-6B45-45de-8717-B27BC18360A6} - restorem.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe StartupList report, 10/2/2007, 10:21:26 PM StartupList version: 1.52.2 Started from : C:\HJT\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\Grisoft\AVG7\avginet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] customize__IE.lnk = C:\hp\region\customizeIe.wsf -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run BlockTracker = c:\hp\bin\BlockTracker.exe hpsysdrv = c:\windows\system\hpsysdrv.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe KBD = C:\HP\KBD\KBD.EXE StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot WCOLOREAL = "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize nwiz = nwiz.exe /installquiet /keeploaded ATIModeChange = Ati2mdxx.exe ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PS2 = C:\WINDOWS\system32\ps2.exe AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NVIEW = rundll32.exe nview.dll,nViewLoadHook Aim6 = MSMSGS = "C:\Program Files\Messenger\MSMSGS.EXE" /background Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Security Tools\iesplg.dll (file missing) - {1C3C4699-B285-475F-BE47-0B26088CE876} (no name) - restorem.dll (file missing) - {41F0460B-6B45-45de-8717-B27BC18360A6} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,557 bytes Report generated in 0.172 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Adobe Acrobat 5.0 Adobe Flash Player ActiveX America Online AOL Coach Version 1.0(Build:20011028.1) Apple Software Update ATI Control Panel ATI Display Driver AVG 7.5 AVG Anti-Spyware 7.5 Coloreal HijackThis 1.99.1 Inactive HP Printer Drivers (Remove only) Indeo® Software Intel® 82845G Graphics Driver Software InterVideo WinDVD 4 Java 2 Runtime Environment Standard Edition v1.3.1_02 Java 2 Runtime Environment, SE v1.4.0_01 Java Web Start Java™ 6 Update 2 KBD LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Microsoft .NET Framework (English) v1.0.3705 Mozilla Firefox (2.0.0.7) NVIDIA Windows 2000/XP Display Drivers PS2 RealOne Player RecordNow RecordNow Update Manager S3Display S3Gamma2 S3Info2 S3Overlay Simple Installer - Multilanguage Version Snowboard Extreme Space Rocks Update for Windows XP (KB898461) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB842773 Windows XP Hotfix (SP2) [See q330638 for more information] Windows XP Hotfix (SP2) [See Q331060 for more information] Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Toolbar

#5 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 03 October 2007 - 02:06 AM

Hi


Download and Run ComboFix
  • Download this file from below:

    Here
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 October 2007 - 03:17 AM

Still needing help here?
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#7 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 09 October 2007 - 08:29 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·