Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:34:58 PM, on 4/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\All Users\Application Data\lqjmnehw\zqdytqpe.exe C:\WINDOWS\system32\drivers\spools.exe C:\WINDOWS\TEMP\mso13.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Best Buy Rhapsody\rhaphlpr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\bak\HPBootOp.exe" /run O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168307971\ee\AOLSoftware.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Compaq_Owner\cftmon.exe O4 - HKLM\..\Run: [DelayLoad] C:\WINDOWS\TEMP\mso13.exe O4 - HKLM\..\Run: [BM0b4b1af6] Rundll32.exe "C:\WINDOWS\system32\caalyrss.dll",s O4 - HKLM\..\Run: [0878296a] rundll32.exe "C:\WINDOWS\system32\syyfvjkh.dll",b O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\YMBOLS~1\fast.exe" -vt yazb O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Compaq_Owner\cftmon.exe O4 - HKLM\..\Policies\Explorer\Run: [DLjFh8olHZ] C:\Documents and Settings\All Users\Application Data\lqjmnehw\zqdytqpe.exe O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 85.255.114.83,85.255.112.113 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF4EBC18-E203-4347-AF82-EE039A3A09F3}: NameServer = 85.255.114.83,85.255.112.113 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.113 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.113 O21 - SSODL: vadokmxt - {EB1610E5-5F5F-4F62-BE58-59336085C325} - C:\WINDOWS\vadokmxt.dll O21 - SSODL: wdpoefan - {3ED69B2A-83E1-4AD3-B81E-9DD76BFD4789} - C:\WINDOWS\wdpoefan.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 6432 bytes Ok, I tried fixing the stupid malware and crap myself but when I tried fixing it, HijackThis just blocked everything...... Even my internet service. I know Hijack This is a good program when used properly, So I really trust this program...... But I stopped the virus's at the exspence of using the internet. Someone please help me with what files I should delete and which ones I should keep...... I'm really getting pissed off at stupid error cleaner and the other two gay files that come with it..... Someone please help.
Please someone help. The pop ups are getting worse =/ Now when I'm typing, It stops typing and I'm like what the hell..... =[ So now when it does that, I have to click back into the box that im typing into =/ Very annoying..... And I keep getting a pop up called http://www.systemerrorcleaner.com Please help. Thanks in advance for whoever helps me ^.^
Howdy there Dont mess with HJT without guidance, it is in effect a registry editor, most of what it displays is genuine. Please reverse any changes you made with HJT by doing the following Open HJT and select the view list of backups option Place a check next to the entries you removed Now click on the restore button and confirm this action by clicing ok in the next requester Now reboot your computer Next... Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum [/list] Please scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure that combofix is saved to (and run from) your desktop When the tool is finished, it will produce a report for you. Please post the C:\ComboFix.txt, sdfix log along with a new HijackThis log so we may continue cleaning the system.
