1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My Drive does NOT detect my blank cd's. Nero caused it...

Discussion in 'Nero discussion' started by petjelly, Jun 28, 2006.

  1. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    Hey petjelly
    I'm not the best at this logs by far but I do see things that don't look good - trojan and malware.
    Looks like you may have gotten more than you bargained for finding those mp3's.

    Hang tight and let me what I can do.
     
  2. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    petjelly,
    Do the system scans again, just as binkie told you to but do them in safe mode. Then repost a copy of your Ad-Aware. Make sure you have the latest updates and .dat files. You do not need to run scan disk or defrag again yet.

    NOTE: Safe Mode does not allow for start up programs to run. This allows for complete access to your entire system.

    When you reboot check your device manager to make sure you do not have an "!" beside the drive in question. If you do then re-install the drivers for it. Good luck and keep us posted.
     
  3. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    thats the problem. an hour ago i did the scan on safe mode. i come back an hour later and i see a blank screen that says insert diskett. i totally got f#cked on my scan. now i gotta do it again. same thing happens when i do "full system scan"....after about a hour into the scan everything vanishes and a black screen comes up that says instert boot diskette or something like that.

    you said i would be able to access anything on safe mode? same thing goes for my drivE?
     
  4. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    Well, I'm not 100% sure about what you are saying, but this could be an overheating problem. Have you cleaned your system on the inside with compressed air? Your fans may not be able to cool the system properly. Get a can of compressed air and blow out all dust from the system, fans, and ventilation. You can also download a program called hmonitor. This will give your current temp within the computer. You can find that program at hmonitor.com. After installing that let me know if any of your items are running hot. For example: My processor runs between 57 and 67 Celsius. Those temperatures are pretty normal.

    The other thing I want you to do is download a program called Hijack This. You can find it at hijack-this.org. Run a full system scan and post it for me to look at. If your computer is freezing in safe mode then it is either a virus or your system is overheating. You can run this program in regular start up. Post the log for me to look at and let me know the temperature of your system.

    Thanks.
     
  5. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    @ petjelly

    You should be able to view all files and folders in safe mode if you are loged in as administrator. First let's see if we can find out what your system problem is.
     
  6. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    my fans are sooo dusty. out of the 6 years of having this pc i dont think ive ever cleaned the fans lol

    i'll do just that when i get time tommorow. thank you guys. this site is great. i appreciate the help alot.
     
  7. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    Oh my petjelly - 6 years!! Open up the case/tower and clean it out.
    You'd be surprised the diff it will make. The dust build up will cause overheating.

    Do that then run Hijack This & post the log.

    Hopefully you'll be burning again soon!
     
  8. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    exactly how do i open the monitor without breaking it? like i said before. i never tried taking it apart/opening it.
     
  9. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    WARNING: HijackThis is intended only for advanced users. It is recommended that you do not make changes using HijackThis unless you are experienced and know what you're doing, or are able to obtain expert advice. HijackThis is an advanced tool, and requires advanced knowledge about Windows, registry files, and operating systems in general. If you delete items that it finds, without knowing what they are, it can lead to more serious complications on your PC - such as your Internet no longer working or problems with running Windows itself.

    I can tell this warning is meant directly torwards me lol i am not an advance user. Sounds too risky... i'll try out spyonthis they say its user friendly.

    by the way i download the hmonitor and it's not working. It wont show my temp. I get xx.x for all 3 fans????
     
    Last edited: Jul 10, 2006
  10. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    @ petjelly
    That is strange that hmonitor is not working. I know about the warning on Hijack This. The reason I want you to run it is so that you may post the report. Don't do anything to it until I tell you what to remove. After you are finished posting the log you may close the program. One other thing is to set up Hijack This in a folder under the c:\ drive. Just make a new folder called HJT. Then after we are finished with it you may delete it from you c:\ drive.

    Go ahead and remove the hmonitor if it is not working. I wanted to see what your CPU was running at. If it is not working then we definitely have to get your system fixed. The other program you mentioned is user friendly but it does not allow me to look at your registry settings. Go ahead and run HJT, just don't make any changes on your own.
     
  11. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    About the hmonitor...I looked in the hmonitor faqs guide. I came across this. This is why its not working.

    Q: All three fans RPM looked as 'xxxx'. Why?

    First, You need to have fans with ability to read RPM data - so-called "3-wired" or "smart" fans. On the P-II boards, CPU fan usually has such option. Next, these fans must be plugged into appropriate sockets on the mainboard for receiving this information by sensors chip. Not all sensor chips can monitor all three fans; i.e. Genesys GL518 can read data from only two fans.

    Ok.. i downloaded hijackthis. I created the htj folder in my cd drive and i got 2 copys in their. Did the scan... Heres the log

    Logfile of HijackThis v1.99.1
    Scan saved at 5:32:50 PM, on 7/10/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\intell32.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 221.10.124.34:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.10.124.34:8080:0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: om
    O1 - Hosts: om
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: ind.com
    O1 - Hosts: ind.com
    O1 - Hosts: find.com
    O1 - Hosts: find.com
    O1 - Hosts: yfind.com
    O1 - Hosts: yfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .offeroptimizer.com
    O1 - Hosts: so.offeroptimizer.com
    O1 - Hosts: 1
    O1 - Hosts: 127.0.0.
    O1 - Hosts: 1 www.z
    O1 - Hosts: .com
    O1 - Hosts: ar.com
    O1 - Hosts: lbar.com
    O1 - Hosts: oolbar.com
    O1 - Hosts: rtoolbar.com
    O1 - Hosts: 127.0.
    O1 - Hosts: sertoolbar.com
    O1 - Hosts: owsertoolbar.com
    O1 - Hosts: 127
    O1 - Hosts: 2.browsertoolbar.com
    O1 - Hosts: ww2.browsertoolbar.com
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\tami\LOCALS~1\Temp\pxeyek.dat
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {ADEA969C-91E8-86C2-98DB-AE576926F4E1} - C:\WINDOWS\system32\msadblock32.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [*tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
    O4 - HKLM\..\Run: [*jpegdb] C:\WINDOWS\Driver Cache\jpegdb.exe
    O4 - HKLM\..\Run: [*utilvss] C:\WINDOWS\AppPatch\utilvss.exe
    O4 - HKLM\..\Run: [*crbak] C:\WINDOWS\Tasks\crbak.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\system32\Microsoft\expdrv.exe
    O4 - HKLM\..\Run: [*urlsvc] C:\WINDOWS\security\Database\urlsvc.exe
    O4 - HKLM\..\Run: [*mckey] C:\WINDOWS\Config\mckey.exe
    O4 - HKLM\..\Run: [*urljava] C:\WINDOWS\addins\urljava.exe
    O4 - HKLM\..\Run: [*logbas] C:\WINDOWS\Windows Update Setup Files\logbas.exe
    O4 - HKLM\..\Run: [*psvss] C:\WINDOWS\Config\psvss.exe
    O4 - HKLM\..\Run: [*xmltask] C:\WINDOWS\msagent\xmltask.exe
    O4 - HKLM\..\Run: [*mfcac] C:\WINDOWS\Web\mfcac.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\system32\msadcheck32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
    O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\system32\msadcheck32.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: http://*.windupdates.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192597396
    O20 - Winlogon Notify: dbcab - C:\DOCUME~1\tami\LOCALS~1\Temp\bacbd.dat
    O20 - Winlogon Notify: dosreg - C:\DOCUME~1\tami\LOCALS~1\Temp\gersod.dat
    O20 - Winlogon Notify: hardcat - C:\DOCUME~1\tami\LOCALS~1\Temp\tacdrah.dat
    O20 - Winlogon Notify: liburl - C:\DOCUME~1\tami\LOCALS~1\Temp\lrubil.dat
    O20 - Winlogon Notify: msvcabr - C:\DOCUME~1\tami\LOCALS~1\Temp\rbacvsm.dat
    O20 - Winlogon Notify: runun - C:\DOCUME~1\tami\LOCALS~1\Temp\nunur.dat
    O20 - Winlogon Notify: svcjava - C:\DOCUME~1\tami\LOCALS~1\Temp\avajcvs.dat
    O20 - Winlogon Notify: svrvss - C:\DOCUME~1\tami\LOCALS~1\Temp\ssvrvs.dat
    O20 - Winlogon Notify: wintask - C:\DOCUME~1\tami\LOCALS~1\Temp\ksatniw.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe





     
  12. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    @petjelly
    Not the monitor to clean out :) - the case that holds the motherboard, drives etc. Some of the older ones can be a pain. Depneds on the manufactuer. If you still have your owner manual you might find instructions on how to do it.

    But let's let syxguns take at look at your hijack this log- that I need his help on since I still need to learn how to read one!
     
  13. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    @ petjelly

    Run HJT again and place a check next to these items.

    *R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

    *O2 - BHO: (no name) - SOFTWARE - (no file)

    *O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

    *O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL

    *O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\tami\LOCALS~1\Temp\pxeyek.dat

    *O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)

    *O2 - BHO: (no name) - {ADEA969C-91E8-86C2-98DB-AE576926F4E1} - C:\WINDOWS\system32\msadblock32.dll

    *O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup –s

    *O10 - Hijacked Internet access by New.Net

    *O10 - Hijacked Internet access by New.Net

    *O10 - Hijacked Internet access by New.Net

    *O10 - Hijacked Internet access by New.Net

    *O10 - Hijacked Internet access by New.Net

    After you have checked these items press the button "Fix checked"

    [bold]Next Step[/bold]

    Find and delete:
    c:\windows\system32\msadblock32.dll <--- file
    c:\Program Files\NewDotNet\newdotnet7_22.dll

    Some malware files may be "hidden".
    Be sure to show hidden files when looking for these file(s) and/or folder(s).


    [bold]Next Step[/bold]

    Go to
    C:\WINDOWS\Driver Cache and delete all files

    [bold]Next Step[/bold]
    Open your web browser and select Tools-> Internet Options

    Empty Cookies
    Empty Temporary Internet files
    Clear URL’s & Search History

    Post a new HJT log after all this is done. I am going to see if dolphin2 will take a look at the new log.

    Thank you! Hopefully we will have you running smooth again soon.
     
  14. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    It wont let me delete c:\Program Files\NewDotNet\newdotnet7_22.dll?
    It says its being used by another program.
     
    Last edited: Jul 11, 2006
  15. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    Let me see. Can you remove it from safe mode or does your computer still not allow you to enter safe mode? Reboot and press F8 over and over until you get the option.

    In the mean time I will see if I can find another way to remove it.
     
  16. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
  17. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    just to let you know i tried deleting it in safe mode and it did not work....
     
  18. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    try that link I gave you.
     
  19. petjelly

    petjelly Member

    Joined:
    Jun 28, 2006
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    16
    I got it to delete. thanks and heres my scan log.


    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:12 PM, on

    7/11/2006
    Platform: Windows XP (WinNT

    5.01.2600)
    MSIE: Internet Explorer v6.00

    (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common

    Files\Real\Update_OB\realsched.ex

    e
    C:\WINDOWS\System32\intell32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common

    Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\Explorer.EXE
    C:\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 -

    HKCU\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://search-system.com/
    R1 -

    HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL

    =

    http://red.clientapps.yahoo.com/c

    ustomize/ie/defaults/su/ymsgr6/*h

    ttp://www.yahoo.com
    R1 -

    HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Bar =

    http://red.clientapps.yahoo.com/c

    ustomize/ie/defaults/sb/ymsgr6/*h

    ttp://www.yahoo.com/ext/search/se

    arch.html
    R1 -

    HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://us.rd.yahoo.com/customize/

    ie/defaults/sp/msgr7/*http://www.

    yahoo.com
    R0 -

    HKLM\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://www.yahoo.com/
    R0 -

    HKLM\Software\Microsoft\Internet

    Explorer\Search,CustomizeSearch =
    R1 -

    HKCU\Software\Microsoft\Internet

    Explorer\SearchURL,(Default) =

    http://us.rd.yahoo.com/customize/

    ie/defaults/su/msgr7/*http://www.

    yahoo.com
    R1 -

    HKCU\Software\Microsoft\Internet

    Explorer\Main,Window Title =

    Microsoft Internet Explorer

    provided by CenturyTel
    R1 -

    HKCU\Software\Microsoft\Windows\C

    urrentVersion\Internet

    Settings,AutoConfigURL =

    221.10.124.34:8080
    R1 -

    HKCU\Software\Microsoft\Windows\C

    urrentVersion\Internet

    Settings,ProxyServer =

    221.10.124.34:8080:0
    R0 -

    HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName

    =
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: om
    O1 - Hosts: om
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: ind.com
    O1 - Hosts: ind.com
    O1 - Hosts: find.com
    O1 - Hosts: find.com
    O1 - Hosts: yfind.com
    O1 - Hosts: yfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .offeroptimizer.com
    O1 - Hosts: so.offeroptimizer.com
    O1 - Hosts: 1
    O1 - Hosts: 127.0.0.
    O1 - Hosts: 1 www.z
    O1 - Hosts: .com
    O1 - Hosts: ar.com
    O1 - Hosts: lbar.com
    O1 - Hosts: oolbar.com
    O1 - Hosts: rtoolbar.com
    O1 - Hosts: 127.0.
    O1 - Hosts: sertoolbar.com
    O1 - Hosts: owsertoolbar.com
    O1 - Hosts: 127
    O1 - Hosts: 2.browsertoolbar.com
    O1 - Hosts:

    ww2.browsertoolbar.com
    O2 - BHO: Google Toolbar Helper -

    {AA58ED58-01DD-4d91-8333-CF105774

    73F7} - c:\program

    files\google\googletoolbar2.dll
    O3 - Toolbar: &Google -

    {2318C2B1-4965-11d4-9B18-009027A5

    CD4F} - c:\program

    files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio -

    {8E718888-423F-11D2-876E-00A0C908

    2467} -

    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [*tcpiis]

    C:\WINDOWS\system32\1028\tcpiis.e

    xe
    O4 - HKLM\..\Run: [*jpegdb]

    C:\WINDOWS\Driver

    Cache\jpegdb.exe
    O4 - HKLM\..\Run: [*utilvss]

    C:\WINDOWS\AppPatch\utilvss.exe
    O4 - HKLM\..\Run: [*crbak]

    C:\WINDOWS\Tasks\crbak.exe
    O4 - HKLM\..\Run: [*expdrv]

    C:\WINDOWS\system32\Microsoft\exp

    drv.exe
    O4 - HKLM\..\Run: [*urlsvc]

    C:\WINDOWS\security\Database\urls

    vc.exe
    O4 - HKLM\..\Run: [*mckey]

    C:\WINDOWS\Config\mckey.exe
    O4 - HKLM\..\Run: [*urljava]

    C:\WINDOWS\addins\urljava.exe
    O4 - HKLM\..\Run: [*logbas]

    C:\WINDOWS\Windows Update Setup

    Files\logbas.exe
    O4 - HKLM\..\Run: [*psvss]

    C:\WINDOWS\Config\psvss.exe
    O4 - HKLM\..\Run: [*xmltask]

    C:\WINDOWS\msagent\xmltask.exe
    O4 - HKLM\..\Run: [*mfcac]

    C:\WINDOWS\Web\mfcac.exe
    O4 - HKLM\..\Run: [MSConfig]

    C:\WINDOWS\PCHealth\HelpCtr\Binar

    ies\MSConfig.exe /auto
    O4 - HKLM\..\Run: [msadcheck]

    C:\WINDOWS\system32\msadcheck32.e

    xe
    O4 - HKLM\..\Run: [TkBellExe]

    "C:\Program Files\Common

    Files\Real\Update_OB\realsched.ex

    e" -osboot
    O4 - HKLM\..\Run: [intell32.exe]

    C:\WINDOWS\System32\intell32.exe
    O4 - HKCU\..\Run: [msadcheck]

    C:\WINDOWS\system32\msadcheck32.e

    xe
    O8 - Extra context menu item:

    &Google Search - res://c:\program

    files\google\GoogleToolbar2.dll/c

    msearch.html
    O8 - Extra context menu item:

    &Search -

    http://ka.bar.need2find.com/KA/me

    nusearch.html?p=KA
    O8 - Extra context menu item:

    Backward Links - res://c:\program

    files\google\GoogleToolbar2.dll/c

    mbacklinks.html
    O8 - Extra context menu item:

    Cached Snapshot of Page -

    res://c:\program

    files\google\GoogleToolbar2.dll/c

    mcache.html
    O8 - Extra context menu item:

    Similar Pages - res://c:\program

    files\google\GoogleToolbar2.dll/c

    msimilar.html
    O8 - Extra context menu item:

    Translate into English -

    res://c:\program

    files\google\GoogleToolbar2.dll/c

    mtrans.html
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C60

    8501} - C:\Program

    Files\Java\j2re1.4.2_04\bin\npjpi

    142_04.dll
    O9 - Extra 'Tools' menuitem: Sun

    Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C60

    8501} - C:\Program

    Files\Java\j2re1.4.2_04\bin\npjpi

    142_04.dll
    O15 - Trusted Zone:

    http://*.windupdates.com
    O16 - DPF:

    {1D4DB7D2-6EC9-47A3-BD87-1E41684E

    07BB} -

    http://ak.imgfarm.com/images/noca

    che/funwebproducts/ei/PopularScre

    enSaversInitialSetup1.0.0.8.cab
    O16 - DPF:

    {6414512B-B978-451D-A0D8-FCFDF33E

    833C} (WUWebControl Class) -

    http://update.microsoft.com/windo

    wsupdate/v6/V5Controls/en/x86/cli

    ent/wuweb_site.cab?1137192597396
    O20 - Winlogon Notify: dbcab -

    C:\DOCUME~1\tami\LOCALS~1\Temp\ba

    cbd.dat
    O20 - Winlogon Notify: dosreg -

    C:\DOCUME~1\tami\LOCALS~1\Temp\ge

    rsod.dat
    O20 - Winlogon Notify: hardcat -

    C:\DOCUME~1\tami\LOCALS~1\Temp\ta

    cdrah.dat
    O20 - Winlogon Notify: liburl -

    C:\DOCUME~1\tami\LOCALS~1\Temp\lr

    ubil.dat
    O20 - Winlogon Notify: msvcabr -

    C:\DOCUME~1\tami\LOCALS~1\Temp\rb

    acvsm.dat
    O20 - Winlogon Notify: runun -

    C:\DOCUME~1\tami\LOCALS~1\Temp\nu

    nur.dat
    O20 - Winlogon Notify: svcjava -

    C:\DOCUME~1\tami\LOCALS~1\Temp\av

    ajcvs.dat
    O20 - Winlogon Notify: svrvss -

    C:\DOCUME~1\tami\LOCALS~1\Temp\ss

    vrvs.dat
    O20 - Winlogon Notify: wintask -

    C:\DOCUME~1\tami\LOCALS~1\Temp\ks

    atniw.dat
    O23 - Service: Adobe LM Service -

    Adobe Systems - C:\Program

    Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service

    for CDROM Access - Creative

    Technology Ltd -

    C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer

    Status Agent2 (EPSONStatusAgent2)

    - SEIKO EPSON CORPORATION -

    C:\Program Files\Common

    Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver

    Table Manager (IDriverT) -

    Macrovision Corporation -

    C:\Program Files\Common

    Files\InstallShield\Driver\11\Int

    el 32\IDriverT.exe

     
  20. binkie7

    binkie7 Moderator Staff Member

    Joined:
    Feb 12, 2005
    Messages:
    17,588
    Likes Received:
    0
    Trophy Points:
    116
    @petjelly
    You haven't been forgotten :)
    Your latest log will be looked at by tomorrow.
    So hang tight!
     

Share This Page