Jump to content


i cant remove unwanted pop up and adware


  • This topic is locked This topic is locked
3 replies to this topic

#1 Guest_astefan_*

Guest_astefan_*
  • Guests

Posted 03 July 2006 - 10:16 AM

Hi,

I am a poor user and i have a big problem with unwanted pop up and adware wich i can't solve.Pls, somebody help me .
Here is my hijack log file:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:40, on 03.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Aston\aston.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Aston\XP\internat.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\test2.exe
C:\WINDOWS\system32\tapisrv.exe
C:\WINDOWS\system32\mtxclu.exe
C:\WINDOWS\system32\serialui.exe
C:\WINDOWS\system32\fm20enu.exe
C:\WINDOWS\system32\mscms.exe
C:\WINDOWS\system32\netshell.exe
C:\WINDOWS\system32\rdpcfgex.exe
C:\WINDOWS\system32\mll_mtf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\astefan\APPLIC~1\SSTEM~1\winlogon.exe
C:\WINDOWS\system32\SSTEM~1\HKDSK~1.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\astefan\LOCALS~1\Temp\Rar$EX25.429\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = astefan
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [ifsutil] "C:\WINDOWS\system32\ifsutil.exe"
O4 - HKCU\..\Run: [mcd32] "C:\WINDOWS\system32\mcd32.exe"
O4 - HKCU\..\Run: [winmm] "C:\WINDOWS\system32\winmm.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"
O4 - HKCU\..\Run: [webvw] "C:\WINDOWS\system32\webvw.exe"
O4 - HKCU\..\Run: [miglibnt] "C:\WINDOWS\system32\miglibnt.exe"
O4 - HKCU\..\Run: [netrap] "C:\WINDOWS\system32\netrap.exe"
O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\system32\pdh.exe"
O4 - HKCU\..\Run: [kbdblr] "C:\WINDOWS\system32\kbdblr.exe"
O4 - HKCU\..\Run: [kbdbr] "C:\WINDOWS\system32\kbdbr.exe"
O4 - HKCU\..\Run: [win32spl] "C:\WINDOWS\system32\win32spl.exe"
O4 - HKCU\..\Run: [nddenb32] "C:\WINDOWS\system32\nddenb32.exe"
O4 - HKCU\..\Run: [adptif] "C:\WINDOWS\system32\adptif.exe"
O4 - HKCU\..\Run: [msxml3] "C:\WINDOWS\system32\msxml3.exe"
O4 - HKCU\..\Run: [kbdtat] "C:\WINDOWS\system32\kbdtat.exe"
O4 - HKCU\..\Run: [cnetcfg] "C:\WINDOWS\system32\cnetcfg.exe"
O4 - HKCU\..\Run: [modex] "C:\WINDOWS\system32\modex.exe"
O4 - HKCU\..\Run: [icfgnt5] "C:\WINDOWS\system32\icfgnt5.exe"
O4 - HKCU\..\Run: [rastls] "C:\WINDOWS\system32\rastls.exe"
O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\system32\wowfax.exe"
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [dpserial] "C:\WINDOWS\system32\dpserial.exe"
O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"
O4 - HKCU\..\Run: [esent97] "C:\WINDOWS\system32\esent97.exe"
O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"
O4 - HKCU\..\Run: [tsddd] "C:\WINDOWS\system32\tsddd.exe"
O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\system32\mll_hp.exe"
O4 - HKCU\..\Run: [nvrsar] "C:\WINDOWS\system32\nvrsar.exe"
O4 - HKCU\..\Run: [iasrecst] "C:\WINDOWS\system32\iasrecst.exe"
O4 - HKCU\..\Run: [nvrses] "C:\WINDOWS\system32\nvrses.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mciole32] "C:\WINDOWS\system32\mciole32.exe"
O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\system32\bidispl.exe"
O4 - HKCU\..\Run: [ieaksie] "C:\WINDOWS\system32\ieaksie.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [msxmlr] "C:\WINDOWS\system32\msxmlr.exe"
O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\system32\mchgrcoi.exe"
O4 - HKCU\..\Run: [iassam] "C:\WINDOWS\system32\iassam.exe"
O4 - HKCU\..\Run: [rsfsaps] "C:\WINDOWS\system32\rsfsaps.exe"
O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\system32\kbdbu.exe"
O4 - HKCU\..\Run: [pnrpnsp] "C:\WINDOWS\system32\pnrpnsp.exe"
O4 - HKCU\..\Run: [inetcplc] "C:\WINDOWS\system32\inetcplc.exe"
O4 - HKCU\..\Run: [dxtrans] "C:\WINDOWS\system32\dxtrans.exe"
O4 - HKCU\..\Run: [ifmon] "C:\WINDOWS\system32\ifmon.exe"
O4 - HKCU\..\Run: [avtapi] "C:\WINDOWS\system32\avtapi.exe"
O4 - HKCU\..\Run: [strmfilt] "C:\WINDOWS\system32\strmfilt.exe"
O4 - HKCU\..\Run: [msstkprp] "C:\WINDOWS\system32\msstkprp.exe"
O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\system32\qedwipes.exe"
O4 - HKCU\..\Run: [msjtes40] "C:\WINDOWS\system32\msjtes40.exe"
O4 - HKCU\..\Run: [tapiperf] "C:\WINDOWS\system32\tapiperf.exe"
O4 - HKCU\..\Run: [mqupgrd] "C:\WINDOWS\system32\mqupgrd.exe"
O4 - HKCU\..\Run: [kbdca] "C:\WINDOWS\system32\kbdca.exe"
O4 - HKCU\..\Run: [olesvr] "C:\WINDOWS\system32\olesvr.exe"
O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"
O4 - HKCU\..\Run: [idq] "C:\WINDOWS\system32\idq.exe"
O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\system32\fsusd.exe"
O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"
O4 - HKCU\..\Run: [msvcirt] "C:\WINDOWS\system32\msvcirt.exe"
O4 - HKCU\..\Run: [bthci] "C:\WINDOWS\system32\bthci.exe"
O4 - HKCU\..\Run: [qdvd] "C:\WINDOWS\system32\qdvd.exe"
O4 - HKCU\..\Run: [ipxrtmgr] "C:\WINDOWS\system32\ipxrtmgr.exe"
O4 - HKCU\..\Run: [kbdcan] "C:\WINDOWS\system32\kbdcan.exe"
O4 - HKCU\..\Run: [mcdsrv32] "C:\WINDOWS\system32\mcdsrv32.exe"
O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\system32\pmspl.exe"
O4 - HKCU\..\Run: [mpg4dmod] "C:\WINDOWS\system32\mpg4dmod.exe"
O4 - HKCU\..\Run: [gwfspidgen] "C:\WINDOWS\system32\gwfspidgen.exe"
O4 - HKCU\..\Run: [xpsp1res] "C:\WINDOWS\system32\xpsp1res.exe"
O4 - HKCU\..\Run: [prflbmsg] "C:\WINDOWS\system32\prflbmsg.exe"
O4 - HKCU\..\Run: [netmsg] "C:\WINDOWS\system32\netmsg.exe"
O4 - HKCU\..\Run: [vbscript] "C:\WINDOWS\system32\vbscript.exe"
O4 - HKCU\..\Run: [iasnap] "C:\WINDOWS\system32\iasnap.exe"
O4 - HKCU\..\Run: [pifmgr] "C:\WINDOWS\system32\pifmgr.exe"
O4 - HKCU\..\Run: [winipsec] "C:\WINDOWS\system32\winipsec.exe"
O4 - HKCU\..\Run: [p2pgasvc] "C:\WINDOWS\system32\p2pgasvc.exe"
O4 - HKCU\..\Run: [svcpack] "C:\WINDOWS\system32\svcpack.exe"
O4 - HKCU\..\Run: [mqperf] "C:\WINDOWS\system32\mqperf.exe"
O4 - HKCU\..\Run: [msacm32] "C:\WINDOWS\system32\msacm32.exe"
O4 - HKCU\..\Run: [msxml] "C:\WINDOWS\system32\msxml.exe"
O4 - HKCU\..\Run: [pxmas] "C:\WINDOWS\system32\pxmas.exe"
O4 - HKCU\..\Run: [vcdex] "C:\WINDOWS\system32\vcdex.exe"
O4 - HKCU\..\Run: [cscui] "C:\WINDOWS\system32\cscui.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [test2] C:\WINDOWS\system32\test2.exe
O4 - HKCU\..\Run: [tapisrv] C:\WINDOWS\system32\tapisrv.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\system32\mtxclu.exe
O4 - HKCU\..\Run: [serialui] C:\WINDOWS\system32\serialui.exe
O4 - HKCU\..\Run: [fm20enu] C:\WINDOWS\system32\fm20enu.exe
O4 - HKCU\..\Run: [mscms] C:\WINDOWS\system32\mscms.exe
O4 - HKCU\..\Run: [netshell] C:\WINDOWS\system32\netshell.exe
O4 - HKCU\..\Run: [rdpcfgex] C:\WINDOWS\system32\rdpcfgex.exe
O4 - HKCU\..\Run: [mll_mtf] C:\WINDOWS\system32\mll_mtf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uarm] "C:\DOCUME~1\astefan\APPLIC~1\SSTEM~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Qtsvpjpv] C:\WINDOWS\system32\SSTEM~1\HKDSK~1.EXE
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132570485967
O17 - HKLM\System\CCS\Services\Tcpip\..\{8506A797-D316-4C4E-939B-7E4816A55453}: NameServer = 194.102.255.2,194.102.255.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#2 Guest_astefan_*

Guest_astefan_*
  • Guests

Posted 04 July 2006 - 02:17 AM

I think i solve the problem, but i'm not sure.Anyway, i post here my new HijackThis log file.
Pls, someone tell me if everything is ok now.


Logfile of HijackThis v1.99.1
Scan saved at 10:12:53, on 04.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Aston\aston.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Aston\XP\internat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\test2.exe
C:\WINDOWS\system32\tapisrv.exe
C:\WINDOWS\system32\mtxclu.exe
C:\WINDOWS\system32\serialui.exe
C:\WINDOWS\system32\fm20enu.exe
C:\WINDOWS\system32\mscms.exe
C:\WINDOWS\system32\netshell.exe
C:\WINDOWS\system32\rdpcfgex.exe
C:\WINDOWS\system32\mll_mtf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Office2 Server\HANSA.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
D:\Kituri\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = astefan
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [ifsutil] "C:\WINDOWS\system32\ifsutil.exe"
O4 - HKCU\..\Run: [mcd32] "C:\WINDOWS\system32\mcd32.exe"
O4 - HKCU\..\Run: [winmm] "C:\WINDOWS\system32\winmm.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"
O4 - HKCU\..\Run: [webvw] "C:\WINDOWS\system32\webvw.exe"
O4 - HKCU\..\Run: [miglibnt] "C:\WINDOWS\system32\miglibnt.exe"
O4 - HKCU\..\Run: [netrap] "C:\WINDOWS\system32\netrap.exe"
O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\system32\pdh.exe"
O4 - HKCU\..\Run: [kbdblr] "C:\WINDOWS\system32\kbdblr.exe"
O4 - HKCU\..\Run: [kbdbr] "C:\WINDOWS\system32\kbdbr.exe"
O4 - HKCU\..\Run: [win32spl] "C:\WINDOWS\system32\win32spl.exe"
O4 - HKCU\..\Run: [nddenb32] "C:\WINDOWS\system32\nddenb32.exe"
O4 - HKCU\..\Run: [adptif] "C:\WINDOWS\system32\adptif.exe"
O4 - HKCU\..\Run: [msxml3] "C:\WINDOWS\system32\msxml3.exe"
O4 - HKCU\..\Run: [kbdtat] "C:\WINDOWS\system32\kbdtat.exe"
O4 - HKCU\..\Run: [cnetcfg] "C:\WINDOWS\system32\cnetcfg.exe"
O4 - HKCU\..\Run: [modex] "C:\WINDOWS\system32\modex.exe"
O4 - HKCU\..\Run: [icfgnt5] "C:\WINDOWS\system32\icfgnt5.exe"
O4 - HKCU\..\Run: [rastls] "C:\WINDOWS\system32\rastls.exe"
O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\system32\wowfax.exe"
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [dpserial] "C:\WINDOWS\system32\dpserial.exe"
O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"
O4 - HKCU\..\Run: [esent97] "C:\WINDOWS\system32\esent97.exe"
O4 - HKCU\..\Run: [mqad] "C:\WINDOWS\system32\mqad.exe"
O4 - HKCU\..\Run: [tsddd] "C:\WINDOWS\system32\tsddd.exe"
O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\system32\mll_hp.exe"
O4 - HKCU\..\Run: [nvrsar] "C:\WINDOWS\system32\nvrsar.exe"
O4 - HKCU\..\Run: [iasrecst] "C:\WINDOWS\system32\iasrecst.exe"
O4 - HKCU\..\Run: [nvrses] "C:\WINDOWS\system32\nvrses.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mciole32] "C:\WINDOWS\system32\mciole32.exe"
O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\system32\bidispl.exe"
O4 - HKCU\..\Run: [ieaksie] "C:\WINDOWS\system32\ieaksie.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [msxmlr] "C:\WINDOWS\system32\msxmlr.exe"
O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\system32\mchgrcoi.exe"
O4 - HKCU\..\Run: [iassam] "C:\WINDOWS\system32\iassam.exe"
O4 - HKCU\..\Run: [rsfsaps] "C:\WINDOWS\system32\rsfsaps.exe"
O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\system32\kbdbu.exe"
O4 - HKCU\..\Run: [pnrpnsp] "C:\WINDOWS\system32\pnrpnsp.exe"
O4 - HKCU\..\Run: [inetcplc] "C:\WINDOWS\system32\inetcplc.exe"
O4 - HKCU\..\Run: [dxtrans] "C:\WINDOWS\system32\dxtrans.exe"
O4 - HKCU\..\Run: [ifmon] "C:\WINDOWS\system32\ifmon.exe"
O4 - HKCU\..\Run: [avtapi] "C:\WINDOWS\system32\avtapi.exe"
O4 - HKCU\..\Run: [strmfilt] "C:\WINDOWS\system32\strmfilt.exe"
O4 - HKCU\..\Run: [msstkprp] "C:\WINDOWS\system32\msstkprp.exe"
O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\system32\qedwipes.exe"
O4 - HKCU\..\Run: [msjtes40] "C:\WINDOWS\system32\msjtes40.exe"
O4 - HKCU\..\Run: [tapiperf] "C:\WINDOWS\system32\tapiperf.exe"
O4 - HKCU\..\Run: [mqupgrd] "C:\WINDOWS\system32\mqupgrd.exe"
O4 - HKCU\..\Run: [kbdca] "C:\WINDOWS\system32\kbdca.exe"
O4 - HKCU\..\Run: [olesvr] "C:\WINDOWS\system32\olesvr.exe"
O4 - HKCU\..\Run: [kbdpo] "C:\WINDOWS\system32\kbdpo.exe"
O4 - HKCU\..\Run: [idq] "C:\WINDOWS\system32\idq.exe"
O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\system32\fsusd.exe"
O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"
O4 - HKCU\..\Run: [msvcirt] "C:\WINDOWS\system32\msvcirt.exe"
O4 - HKCU\..\Run: [bthci] "C:\WINDOWS\system32\bthci.exe"
O4 - HKCU\..\Run: [qdvd] "C:\WINDOWS\system32\qdvd.exe"
O4 - HKCU\..\Run: [ipxrtmgr] "C:\WINDOWS\system32\ipxrtmgr.exe"
O4 - HKCU\..\Run: [kbdcan] "C:\WINDOWS\system32\kbdcan.exe"
O4 - HKCU\..\Run: [mcdsrv32] "C:\WINDOWS\system32\mcdsrv32.exe"
O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\system32\pmspl.exe"
O4 - HKCU\..\Run: [mpg4dmod] "C:\WINDOWS\system32\mpg4dmod.exe"
O4 - HKCU\..\Run: [gwfspidgen] "C:\WINDOWS\system32\gwfspidgen.exe"
O4 - HKCU\..\Run: [xpsp1res] "C:\WINDOWS\system32\xpsp1res.exe"
O4 - HKCU\..\Run: [prflbmsg] "C:\WINDOWS\system32\prflbmsg.exe"
O4 - HKCU\..\Run: [netmsg] "C:\WINDOWS\system32\netmsg.exe"
O4 - HKCU\..\Run: [vbscript] "C:\WINDOWS\system32\vbscript.exe"
O4 - HKCU\..\Run: [iasnap] "C:\WINDOWS\system32\iasnap.exe"
O4 - HKCU\..\Run: [pifmgr] "C:\WINDOWS\system32\pifmgr.exe"
O4 - HKCU\..\Run: [winipsec] "C:\WINDOWS\system32\winipsec.exe"
O4 - HKCU\..\Run: [p2pgasvc] "C:\WINDOWS\system32\p2pgasvc.exe"
O4 - HKCU\..\Run: [svcpack] "C:\WINDOWS\system32\svcpack.exe"
O4 - HKCU\..\Run: [mqperf] "C:\WINDOWS\system32\mqperf.exe"
O4 - HKCU\..\Run: [msacm32] "C:\WINDOWS\system32\msacm32.exe"
O4 - HKCU\..\Run: [msxml] "C:\WINDOWS\system32\msxml.exe"
O4 - HKCU\..\Run: [pxmas] "C:\WINDOWS\system32\pxmas.exe"
O4 - HKCU\..\Run: [vcdex] "C:\WINDOWS\system32\vcdex.exe"
O4 - HKCU\..\Run: [cscui] "C:\WINDOWS\system32\cscui.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [test2] C:\WINDOWS\system32\test2.exe
O4 - HKCU\..\Run: [tapisrv] C:\WINDOWS\system32\tapisrv.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\system32\mtxclu.exe
O4 - HKCU\..\Run: [serialui] C:\WINDOWS\system32\serialui.exe
O4 - HKCU\..\Run: [fm20enu] C:\WINDOWS\system32\fm20enu.exe
O4 - HKCU\..\Run: [mscms] C:\WINDOWS\system32\mscms.exe
O4 - HKCU\..\Run: [netshell] C:\WINDOWS\system32\netshell.exe
O4 - HKCU\..\Run: [rdpcfgex] C:\WINDOWS\system32\rdpcfgex.exe
O4 - HKCU\..\Run: [mll_mtf] C:\WINDOWS\system32\mll_mtf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132570485967
O17 - HKLM\System\CCS\Services\Tcpip\..\{8506A797-D316-4C4E-939B-7E4816A55453}: NameServer = 194.102.255.2,194.102.255.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 11 July 2006 - 12:41 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :)

By the way, Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

The main reason why your system is infected like that is because you don't have an antivirus running :(

Download and install Kaspersky from here: http://www.kaspersky...apter=186685140

This is a trial for 30 days. But you really need it right now. I'll give you more tips afterwards what options you have when the trial is expired.

Install Kaspersky and update it. (Click Update now in the left panel)
After being updated, Click 'Scan my computer'
Let it perform a full scan and let it delete everything it is finding.

Reboot afterwards

Post a new hijackthislog after reboot.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 17 July 2006 - 05:15 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button