• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Guest astefan

i cant remove unwanted pop up and adware

4 posts in this topic

Hi,

 

I am a poor user and i have a big problem with unwanted pop up and adware wich i can't solve.Pls, somebody help me .

Here is my hijack log file:

Logfile of HijackThis v1.99.1

Scan saved at 18:12:40, on 03.07.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Aston\aston.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Aston\XP\internat.exe

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\test2.exe

C:\WINDOWS\system32\tapisrv.exe

C:\WINDOWS\system32\mtxclu.exe

C:\WINDOWS\system32\serialui.exe

C:\WINDOWS\system32\fm20enu.exe

C:\WINDOWS\system32\mscms.exe

C:\WINDOWS\system32\netshell.exe

C:\WINDOWS\system32\rdpcfgex.exe

C:\WINDOWS\system32\mll_mtf.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\DOCUME~1\astefan\APPLIC~1\SSTEM~1\winlogon.exe

C:\WINDOWS\system32\SSTEM~1\HKDSK~1.EXE

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\PROGRA~1\MOZILL~1\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\astefan\LOCALS~1\Temp\Rar$EX25.429\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = astefan

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe

O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe

O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe

O4 - HKCU\..\Run: [ifsutil] "C:\WINDOWS\system32\ifsutil.exe"

O4 - HKCU\..\Run: [mcd32] "C:\WINDOWS\system32\mcd32.exe"

O4 - HKCU\..\Run: [winmm] "C:\WINDOWS\system32\winmm.exe"

O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"

O4 - HKCU\..\Run: [webvw] "C:\WINDOWS\system32\webvw.exe"

O4 - HKCU\..\Run: [miglibnt] "C:\WINDOWS\system32\miglibnt.exe"

O4 - HKCU\..\Run: [netrap] "C:\WINDOWS\system32\netrap.exe"

O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\system32\pdh.exe"

O4 - HKCU\..\Run: [kbdblr] "C:\WINDOWS\system32\kbdblr.exe"

O4 - HKCU\..\Run: [kbdbr] "C:\WINDOWS\system32\kbdbr.exe"

O4 - HKCU\..\Run: [win32spl] "C:\WINDOWS\system32\win32spl.exe"

O4 - HKCU\..\Run: [nddenb32] "C:\WINDOWS\system32\nddenb32.exe"

O4 - HKCU\..\Run: [adptif] "C:\WINDOWS\system32\adptif.exe"

O4 - HKCU\..\Run: [msxml3] "C:\WINDOWS\system32\msxml3.exe"

O4 - HKCU\..\Run: [kbdtat] "C:\WINDOWS\system32\kbdtat.exe"

O4 - HKCU\..\Run: [cnetcfg] "C:\WINDOWS\system32\cnetcfg.exe"

O4 - HKCU\..\Run: [modex] "C:\WINDOWS\system32\modex.exe"

O4 - HKCU\..\Run: [icfgnt5] "C:\WINDOWS\system32\icfgnt5.exe"

O4 - HKCU\..\Run: [rastls] "C:\WINDOWS\system32\rastls.exe"

O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\system32\wowfax.exe"

O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"

O4 - HKCU\..\Run: [dpserial] "C:\WINDOWS\system32\dpserial.exe"

O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"

O4 - HKCU\..\Run: [esent97] "C:\WINDOWS\system32\esent97.exe"

O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"

O4 - HKCU\..\Run: [tsddd] "C:\WINDOWS\system32\tsddd.exe"

O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\system32\mll_hp.exe"

O4 - HKCU\..\Run: [nvrsar] "C:\WINDOWS\system32\nvrsar.exe"

O4 - HKCU\..\Run: [iasrecst] "C:\WINDOWS\system32\iasrecst.exe"

O4 - HKCU\..\Run: [nvrses] "C:\WINDOWS\system32\nvrses.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mciole32] "C:\WINDOWS\system32\mciole32.exe"

O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\system32\bidispl.exe"

O4 - HKCU\..\Run: [ieaksie] "C:\WINDOWS\system32\ieaksie.exe"

O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"

O4 - HKCU\..\Run: [msxmlr] "C:\WINDOWS\system32\msxmlr.exe"

O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\system32\mchgrcoi.exe"

O4 - HKCU\..\Run: [iassam] "C:\WINDOWS\system32\iassam.exe"

O4 - HKCU\..\Run: [rsfsaps] "C:\WINDOWS\system32\rsfsaps.exe"

O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\system32\kbdbu.exe"

O4 - HKCU\..\Run: [pnrpnsp] "C:\WINDOWS\system32\pnrpnsp.exe"

O4 - HKCU\..\Run: [inetcplc] "C:\WINDOWS\system32\inetcplc.exe"

O4 - HKCU\..\Run: [dxtrans] "C:\WINDOWS\system32\dxtrans.exe"

O4 - HKCU\..\Run: [ifmon] "C:\WINDOWS\system32\ifmon.exe"

O4 - HKCU\..\Run: [avtapi] "C:\WINDOWS\system32\avtapi.exe"

O4 - HKCU\..\Run: [strmfilt] "C:\WINDOWS\system32\strmfilt.exe"

O4 - HKCU\..\Run: [msstkprp] "C:\WINDOWS\system32\msstkprp.exe"

O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\system32\qedwipes.exe"

O4 - HKCU\..\Run: [msjtes40] "C:\WINDOWS\system32\msjtes40.exe"

O4 - HKCU\..\Run: [tapiperf] "C:\WINDOWS\system32\tapiperf.exe"

O4 - HKCU\..\Run: [mqupgrd] "C:\WINDOWS\system32\mqupgrd.exe"

O4 - HKCU\..\Run: [kbdca] "C:\WINDOWS\system32\kbdca.exe"

O4 - HKCU\..\Run: [olesvr] "C:\WINDOWS\system32\olesvr.exe"

O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"

O4 - HKCU\..\Run: [idq] "C:\WINDOWS\system32\idq.exe"

O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\system32\fsusd.exe"

O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"

O4 - HKCU\..\Run: [msvcirt] "C:\WINDOWS\system32\msvcirt.exe"

O4 - HKCU\..\Run: [bthci] "C:\WINDOWS\system32\bthci.exe"

O4 - HKCU\..\Run: [qdvd] "C:\WINDOWS\system32\qdvd.exe"

O4 - HKCU\..\Run: [ipxrtmgr] "C:\WINDOWS\system32\ipxrtmgr.exe"

O4 - HKCU\..\Run: [kbdcan] "C:\WINDOWS\system32\kbdcan.exe"

O4 - HKCU\..\Run: [mcdsrv32] "C:\WINDOWS\system32\mcdsrv32.exe"

O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\system32\pmspl.exe"

O4 - HKCU\..\Run: [mpg4dmod] "C:\WINDOWS\system32\mpg4dmod.exe"

O4 - HKCU\..\Run: [gwfspidgen] "C:\WINDOWS\system32\gwfspidgen.exe"

O4 - HKCU\..\Run: [xpsp1res] "C:\WINDOWS\system32\xpsp1res.exe"

O4 - HKCU\..\Run: [prflbmsg] "C:\WINDOWS\system32\prflbmsg.exe"

O4 - HKCU\..\Run: [netmsg] "C:\WINDOWS\system32\netmsg.exe"

O4 - HKCU\..\Run: [vbscript] "C:\WINDOWS\system32\vbscript.exe"

O4 - HKCU\..\Run: [iasnap] "C:\WINDOWS\system32\iasnap.exe"

O4 - HKCU\..\Run: [pifmgr] "C:\WINDOWS\system32\pifmgr.exe"

O4 - HKCU\..\Run: [winipsec] "C:\WINDOWS\system32\winipsec.exe"

O4 - HKCU\..\Run: [p2pgasvc] "C:\WINDOWS\system32\p2pgasvc.exe"

O4 - HKCU\..\Run: [svcpack] "C:\WINDOWS\system32\svcpack.exe"

O4 - HKCU\..\Run: [mqperf] "C:\WINDOWS\system32\mqperf.exe"

O4 - HKCU\..\Run: [msacm32] "C:\WINDOWS\system32\msacm32.exe"

O4 - HKCU\..\Run: [msxml] "C:\WINDOWS\system32\msxml.exe"

O4 - HKCU\..\Run: [pxmas] "C:\WINDOWS\system32\pxmas.exe"

O4 - HKCU\..\Run: [vcdex] "C:\WINDOWS\system32\vcdex.exe"

O4 - HKCU\..\Run: [cscui] "C:\WINDOWS\system32\cscui.exe"

O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe

O4 - HKCU\..\Run: [test2] C:\WINDOWS\system32\test2.exe

O4 - HKCU\..\Run: [tapisrv] C:\WINDOWS\system32\tapisrv.exe

O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\system32\mtxclu.exe

O4 - HKCU\..\Run: [serialui] C:\WINDOWS\system32\serialui.exe

O4 - HKCU\..\Run: [fm20enu] C:\WINDOWS\system32\fm20enu.exe

O4 - HKCU\..\Run: [mscms] C:\WINDOWS\system32\mscms.exe

O4 - HKCU\..\Run: [netshell] C:\WINDOWS\system32\netshell.exe

O4 - HKCU\..\Run: [rdpcfgex] C:\WINDOWS\system32\rdpcfgex.exe

O4 - HKCU\..\Run: [mll_mtf] C:\WINDOWS\system32\mll_mtf.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uarm] "C:\DOCUME~1\astefan\APPLIC~1\SSTEM~1\winlogon.exe" -vt ndrv

O4 - HKCU\..\Run: [Qtsvpjpv] C:\WINDOWS\system32\SSTEM~1\HKDSK~1.EXE

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132570485967

O17 - HKLM\System\CCS\Services\Tcpip\..\{8506A797-D316-4C4E-939B-7E4816A55453}: NameServer = 194.102.255.2,194.102.255.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

I think i solve the problem, but i'm not sure.Anyway, i post here my new HijackThis log file.

Pls, someone tell me if everything is ok now.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:12:53, on 04.07.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Aston\aston.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Aston\XP\internat.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\test2.exe

C:\WINDOWS\system32\tapisrv.exe

C:\WINDOWS\system32\mtxclu.exe

C:\WINDOWS\system32\serialui.exe

C:\WINDOWS\system32\fm20enu.exe

C:\WINDOWS\system32\mscms.exe

C:\WINDOWS\system32\netshell.exe

C:\WINDOWS\system32\rdpcfgex.exe

C:\WINDOWS\system32\mll_mtf.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Office2 Server\HANSA.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\svchost.exe

D:\Kituri\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = astefan

F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe

O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe

O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe

O4 - HKCU\..\Run: [ifsutil] "C:\WINDOWS\system32\ifsutil.exe"

O4 - HKCU\..\Run: [mcd32] "C:\WINDOWS\system32\mcd32.exe"

O4 - HKCU\..\Run: [winmm] "C:\WINDOWS\system32\winmm.exe"

O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"

O4 - HKCU\..\Run: [webvw] "C:\WINDOWS\system32\webvw.exe"

O4 - HKCU\..\Run: [miglibnt] "C:\WINDOWS\system32\miglibnt.exe"

O4 - HKCU\..\Run: [netrap] "C:\WINDOWS\system32\netrap.exe"

O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\system32\pdh.exe"

O4 - HKCU\..\Run: [kbdblr] "C:\WINDOWS\system32\kbdblr.exe"

O4 - HKCU\..\Run: [kbdbr] "C:\WINDOWS\system32\kbdbr.exe"

O4 - HKCU\..\Run: [win32spl] "C:\WINDOWS\system32\win32spl.exe"

O4 - HKCU\..\Run: [nddenb32] "C:\WINDOWS\system32\nddenb32.exe"

O4 - HKCU\..\Run: [adptif] "C:\WINDOWS\system32\adptif.exe"

O4 - HKCU\..\Run: [msxml3] "C:\WINDOWS\system32\msxml3.exe"

O4 - HKCU\..\Run: [kbdtat] "C:\WINDOWS\system32\kbdtat.exe"

O4 - HKCU\..\Run: [cnetcfg] "C:\WINDOWS\system32\cnetcfg.exe"

O4 - HKCU\..\Run: [modex] "C:\WINDOWS\system32\modex.exe"

O4 - HKCU\..\Run: [icfgnt5] "C:\WINDOWS\system32\icfgnt5.exe"

O4 - HKCU\..\Run: [rastls] "C:\WINDOWS\system32\rastls.exe"

O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\system32\wowfax.exe"

O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"

O4 - HKCU\..\Run: [dpserial] "C:\WINDOWS\system32\dpserial.exe"

O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"

O4 - HKCU\..\Run: [esent97] "C:\WINDOWS\system32\esent97.exe"

O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"

O4 - HKCU\..\Run: [tsddd] "C:\WINDOWS\system32\tsddd.exe"

O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\system32\mll_hp.exe"

O4 - HKCU\..\Run: [nvrsar] "C:\WINDOWS\system32\nvrsar.exe"

O4 - HKCU\..\Run: [iasrecst] "C:\WINDOWS\system32\iasrecst.exe"

O4 - HKCU\..\Run: [nvrses] "C:\WINDOWS\system32\nvrses.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mciole32] "C:\WINDOWS\system32\mciole32.exe"

O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\system32\bidispl.exe"

O4 - HKCU\..\Run: [ieaksie] "C:\WINDOWS\system32\ieaksie.exe"

O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"

O4 - HKCU\..\Run: [msxmlr] "C:\WINDOWS\system32\msxmlr.exe"

O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\system32\mchgrcoi.exe"

O4 - HKCU\..\Run: [iassam] "C:\WINDOWS\system32\iassam.exe"

O4 - HKCU\..\Run: [rsfsaps] "C:\WINDOWS\system32\rsfsaps.exe"

O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\system32\kbdbu.exe"

O4 - HKCU\..\Run: [pnrpnsp] "C:\WINDOWS\system32\pnrpnsp.exe"

O4 - HKCU\..\Run: [inetcplc] "C:\WINDOWS\system32\inetcplc.exe"

O4 - HKCU\..\Run: [dxtrans] "C:\WINDOWS\system32\dxtrans.exe"

O4 - HKCU\..\Run: [ifmon] "C:\WINDOWS\system32\ifmon.exe"

O4 - HKCU\..\Run: [avtapi] "C:\WINDOWS\system32\avtapi.exe"

O4 - HKCU\..\Run: [strmfilt] "C:\WINDOWS\system32\strmfilt.exe"

O4 - HKCU\..\Run: [msstkprp] "C:\WINDOWS\system32\msstkprp.exe"

O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\system32\qedwipes.exe"

O4 - HKCU\..\Run: [msjtes40] "C:\WINDOWS\system32\msjtes40.exe"

O4 - HKCU\..\Run: [tapiperf] "C:\WINDOWS\system32\tapiperf.exe"

O4 - HKCU\..\Run: [mqupgrd] "C:\WINDOWS\system32\mqupgrd.exe"

O4 - HKCU\..\Run: [kbdca] "C:\WINDOWS\system32\kbdca.exe"

O4 - HKCU\..\Run: [olesvr] "C:\WINDOWS\system32\olesvr.exe"

O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"

O4 - HKCU\..\Run: [idq] "C:\WINDOWS\system32\idq.exe"

O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\system32\fsusd.exe"

O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"

O4 - HKCU\..\Run: [msvcirt] "C:\WINDOWS\system32\msvcirt.exe"

O4 - HKCU\..\Run: [bthci] "C:\WINDOWS\system32\bthci.exe"

O4 - HKCU\..\Run: [qdvd] "C:\WINDOWS\system32\qdvd.exe"

O4 - HKCU\..\Run: [ipxrtmgr] "C:\WINDOWS\system32\ipxrtmgr.exe"

O4 - HKCU\..\Run: [kbdcan] "C:\WINDOWS\system32\kbdcan.exe"

O4 - HKCU\..\Run: [mcdsrv32] "C:\WINDOWS\system32\mcdsrv32.exe"

O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\system32\pmspl.exe"

O4 - HKCU\..\Run: [mpg4dmod] "C:\WINDOWS\system32\mpg4dmod.exe"

O4 - HKCU\..\Run: [gwfspidgen] "C:\WINDOWS\system32\gwfspidgen.exe"

O4 - HKCU\..\Run: [xpsp1res] "C:\WINDOWS\system32\xpsp1res.exe"

O4 - HKCU\..\Run: [prflbmsg] "C:\WINDOWS\system32\prflbmsg.exe"

O4 - HKCU\..\Run: [netmsg] "C:\WINDOWS\system32\netmsg.exe"

O4 - HKCU\..\Run: [vbscript] "C:\WINDOWS\system32\vbscript.exe"

O4 - HKCU\..\Run: [iasnap] "C:\WINDOWS\system32\iasnap.exe"

O4 - HKCU\..\Run: [pifmgr] "C:\WINDOWS\system32\pifmgr.exe"

O4 - HKCU\..\Run: [winipsec] "C:\WINDOWS\system32\winipsec.exe"

O4 - HKCU\..\Run: [p2pgasvc] "C:\WINDOWS\system32\p2pgasvc.exe"

O4 - HKCU\..\Run: [svcpack] "C:\WINDOWS\system32\svcpack.exe"

O4 - HKCU\..\Run: [mqperf] "C:\WINDOWS\system32\mqperf.exe"

O4 - HKCU\..\Run: [msacm32] "C:\WINDOWS\system32\msacm32.exe"

O4 - HKCU\..\Run: [msxml] "C:\WINDOWS\system32\msxml.exe"

O4 - HKCU\..\Run: [pxmas] "C:\WINDOWS\system32\pxmas.exe"

O4 - HKCU\..\Run: [vcdex] "C:\WINDOWS\system32\vcdex.exe"

O4 - HKCU\..\Run: [cscui] "C:\WINDOWS\system32\cscui.exe"

O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe

O4 - HKCU\..\Run: [test2] C:\WINDOWS\system32\test2.exe

O4 - HKCU\..\Run: [tapisrv] C:\WINDOWS\system32\tapisrv.exe

O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\system32\mtxclu.exe

O4 - HKCU\..\Run: [serialui] C:\WINDOWS\system32\serialui.exe

O4 - HKCU\..\Run: [fm20enu] C:\WINDOWS\system32\fm20enu.exe

O4 - HKCU\..\Run: [mscms] C:\WINDOWS\system32\mscms.exe

O4 - HKCU\..\Run: [netshell] C:\WINDOWS\system32\netshell.exe

O4 - HKCU\..\Run: [rdpcfgex] C:\WINDOWS\system32\rdpcfgex.exe

O4 - HKCU\..\Run: [mll_mtf] C:\WINDOWS\system32\mll_mtf.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132570485967

O17 - HKLM\System\CCS\Services\Tcpip\..\{8506A797-D316-4C4E-939B-7E4816A55453}: NameServer = 194.102.255.2,194.102.255.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Hi,

 

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.

Then I'll take a look. :)

 

By the way, Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

 

The main reason why your system is infected like that is because you don't have an antivirus running :(

 

Download and install Kaspersky from here: http://www.kaspersky.com/trials?chapter=186685140

 

This is a trial for 30 days. But you really need it right now. I'll give you more tips afterwards what options you have when the trial is expired.

 

Install Kaspersky and update it. (Click Update now in the left panel)

After being updated, Click 'Scan my computer'

Let it perform a full scan and let it delete everything it is finding.

 

Reboot afterwards

 

Post a new hijackthislog after reboot.

Share this post


Link to post
Share on other sites

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0