This morning i went to get on my pc and my desktop wouldn't load up...then all of a sudden Netscape kept firing up screens with ads and everything else on them. I since have got WinAnti Virus 06, Regrun,Xoft SpySE, and have removed 12000 plud infected files, and still have to operate in the safe mode with all the popups from IE and Netscape making life a real drag. Can anyone offer me any help on whats going on and how do i get rid of IT! ANy help will be greatly appreciated...you know what its like when you can't use your computer!!!!!!! Thanks
Download Hijackthis! HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. Hjt download -> http://www.filepedia.com/desktop_software/desktop_security/hijackthis.cfm -> download -> Unzip to C:\HJT-> Press Ok and Close window Make sure that you actually extract HijackThis to its own folder: C:\HJT. DO NOT run it from within a zip manager (Winzip), or Desktop as no backups will be saved. ---------------------------------------------------------------------- Step 1: Scan your computer Now Open Hijackthis -> Click "Do a system scan and save log file" Hjt will scan your computer for about 15 sec. -> Log file will pop up. Most items are perfectly fine. You should not remove them. Never remove everything by yourself. This forum will now help you work with the Experts to clean up your system. -> Copy and paste the contents of the HijackThis log into your post. Make new thread for your own log Post full log, begins with: Logfile of HijackThis v1.99.1... etc --------------------------------------------------------------------- Step 2: Wait for help. Remember: Never remove, checkmark and fix by yourself. Post the COMPLETE HJT LOG in the correct forum, http://forums.afterdawn.com/forum_view.cfm/166 Make a new post and list THE ENTIRE HJT log, One of the uber talented individuals here will analyze the log, And help you get your system clean. Good luck and welcome to the forums.
here is my HiJack this log file: Logfile of HijackThis v1.99.1 Scan saved at 7:25:51 PM, on 7/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Greatis\RegRunSuite\WatchDog.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE C:\Documents and Settings\Administrator.COMPAQ\Desktop\Software\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.medchecker.com/side.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.medchecker.com/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.medchecker.com/?q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.1_02\bin\jusched.exe O4 - HKLM\..\Run: [Winspector_s] %windir%\system32\drivers\shellz\sup2.lnk O4 - HKLM\..\Run: [Winspector] %windir%\system32\drivers\shellz\winspector.lnk O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [GNP Generic Host Process] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O20 - Winlogon Notify: RunEx - C:\WINDOWS\system32\h60qlgd5160.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
