| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 99586 | 2009-05-07 14:36:00 | My Browser keeps re-directing. Please help! | ajwhite10 (13469) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 772038 | 2009-05-07 14:36:00 | I also keep getting a pop-up msg that says "Windows - No Disk" & then some long exception code. Please help! Here is my HT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:34:36 AM, on 5/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\user\Application Data\pidle\pidle.exe C:\Documents and Settings\user\Application Data\digifast\digifast.exe C:\Documents and Settings\user\Application Data\Microsoft\Windows\opkpokf.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe \?\globalroot\C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\user\LOCALS~1\Temp\4111776344.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\user\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139 O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\user\LOCALS~1\Temp\4111776344.exe O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\user\Application Data\digifast\digifast.exe O4 - HKCU\..\Run: [SfKg6wIPuSpdc] C:\Documents and Settings\user\Application Data\Microsoft\Windows\opkpokf.exe O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\user\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-19\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3914276344.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\dyvi9ahalw.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: zcuesz.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6027 bytes Thanks! |
ajwhite10 (13469) | ||
| 772039 | 2009-05-07 15:38:00 | Quite a few nasties...Tick these and click fix checked, suggest you disable SR first. Right Click My Computer>Properties>SR Tab>Tick "disable System restore on all drives" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\user\Application Data\digifast\digifast.exe O4 - HKCU\..\Run: [SfKg6wIPuSpdc] C:\Documents and Settings\user\Application Data\Microsoft\Windows\opkpokf.exe O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\user\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-19\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [kekuyetuju] Rundll32.exe "C:\WINDOWS\system32\pulemebo.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3914276344.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\dyvi9ahalw.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: zcuesz.dll Download MBAM (download.cnet.com) and update, then perform a full scan. Post the log here with a fresh HJT log. Blam |
Blam (54) | ||
| 772040 | 2009-05-08 00:43:00 | I still keep getting this pop-up msg that reads "Windows - No Disk" "Exception Processing Message c0000013 Parameters 75b6bf7c 75b6bf7c 75b6bf7c...etc...etc... Also, I ran HT & tried to eliminate the items that you selected, but some were there again the next time I ran HT. My MBAM log showed like 5 trojans, which I checked for deletion. Throughout all this, that same Windows - No Disk msg keep popping up from time to time, & ALWAYS when I run HT. Here is my most recent HT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:42:13 PM, on 5/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\windows\ld08.exe C:\windows\pp06.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\user\Application Data\pidle\pidle.exe C:\DOCUME~1\user\LOCALS~1\Temp\4111776344.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\SYS32DLL.exe C:\Program Files\Mozilla Firefox\firefox.exe \?\globalroot\C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\New Folder\HijackThis.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\user\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139 O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\user\LOCALS~1\Temp\4111776344.exe O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\dyvi9ahalw.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\uads3.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM') O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user') O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5110 bytes Should I delete & re-download HT & MBAM? Thanks. |
ajwhite10 (13469) | ||
| 772041 | 2009-05-08 00:54:00 | Run HJT in safe mode. Tap F8 on start up. You may have to kill these processes first: C:\windows\ld08.exe C:\windows\pp06.exe C:\Documents and Settings\user\Application Data\pidle\pidle.exe C:\WINDOWS\System32\SYS32DLL.exe The "No Disk" error is probably just the virus. Once all malware is removed the message should disappear. Download TR and run: www.simplysup.com Update first. Have you disabled SR? Blam |
Blam (54) | ||
| 772042 | 2009-05-08 02:01:00 | Hitting f8 when I start back up gets me to safe mode, right? How do I kill those processes before restarting? I did disable SR. What is TR? Sorry, I'm a novice. Take through it step by step, or I'll screw it up. thnx. |
ajwhite10 (13469) | ||
| 772043 | 2009-05-08 02:30:00 | TR - trojan remover the link Blam posted. Its in my link below If hijackthis cant remove them boot into safe mode, find these files then delete them (whats in bold) Then reboot, then get trojan remover update it then scan O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\user\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139 O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\user\LOCALS~1\Temp\4111776344.exe O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\dyvi9ahalw.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\uads3.exe (User 'SYSTEM') |
Speedy Gonzales (78) | ||
| 772044 | 2009-05-08 02:36:00 | Tap F8 when booting, and select "Safe Mode" When you boot into safe mode, tick those entries I stated before. If that doesn't work boot into normalmode, kill the processes and try again. TR is Trojan remover, download it from the link, update and scan. Blam |
Blam (54) | ||
| 772045 | 2009-05-08 08:57:00 | Ok, so I was able to restart in safemode, delete the items you suggested, & then restart.....download TR & run it. There was a ton of crap to fix. This is what my HT log looks like now: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:53 AM, on 5/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\windows\mstre18.exe C:\windows\freddy42.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\SYS32DLL.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre18.exe O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy42.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_I WMPEvents@16 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4217 bytes Any issues ya'll can see? Thanks. ajw |
ajwhite10 (13469) | ||
| 772046 | 2009-05-08 09:11:00 | Tick these then tick fix checked. Close browser. Keep system restore disabled for now then reboot into safe mode. Search for these files (in bold) and delete them C:\windows\mstre18.exe C:\windows\freddy42.exe C:\WINDOWS\system32\SYS32DLL.exe O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy42.exe O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_I WMPEvents@16 (User 'SYSTEM') |
Speedy Gonzales (78) | ||
| 772047 | 2009-05-08 09:39:00 | When all is done perform a final scan with Spyware Terminator. www.spywareterminator.com Post a fresh HJT log here when done. Blam |
Blam (54) | ||
| 1 2 | |||||