alexng83
asked on
having a bunch of popups come up on my computer. i already ran spybot, adware, and norton anti virus but they did not help. here is the log file from hijack.
having a bunch of popups come up on my computer. i already ran spybot, adware, and norton anti virus but they did not help. here is the log file from hijack.
Logfile of HijackThis v1.99.1
Scan saved at 7:16:09 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VIAudioi\SBADeck\ADe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MICROS~4\GAMEC
C:\Program Files\Java\jre1.5.0_04\bin
C:\Program Files\Anti-Blaxx\Anti-Blax
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\program files\valve\steam\steam.ex
C:\WINDOWS\system32\ctfmon
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
C:\DOCUME~1\Ngs\MYDOCU~1\Y
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServi
C:\WINDOWS\system32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\UAServ
C:\Program Files\iPod\bin\iPodService
C:\WINDOWS\system32\rundll
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThi
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jdisg.
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMEC
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blax
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.ex
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.e
O4 - HKCU\..\Run: [Crua] "C:\DOCUME~1\Ngs\MYDOCU~1\
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.ht
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\gp2sl3
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftwar
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftwar
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServi
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAServ
---------------
here is the l2mfix log file.
L2MFIX find log 032106
These are the registry keys present
**************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Softwa
[HKEY_LOCAL_MACHINE\Softwa
"Asynchronous"=dword:00000
"DllName"="C:\\WINDOWS\\sy
"Impersonate"=dword:000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"{9B748971-8D0F-1C55-8328-
**************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"{00022613-0000-0000-C000-
"{176d6597-26d3-11d1-b350-
"{1F2E5C40-9550-11CE-99D2-
"{3EA48300-8CF6-101B-84FB-
"{40dd6e20-7c17-11ce-a804-
"{41E300E0-78B6-11ce-849B-
"{42071712-76d4-11d1-8b24-
"{42071713-76d4-11d1-8b24-
"{42071714-76d4-11d1-8b24-
"{4E40F770-369C-11d0-8922-
"{513D916F-2A8E-4F51-AEAB-
"{56117100-C0CD-101B-81E2-
"{59099400-57FF-11CE-BD94-
"{59be4990-f85c-11ce-aff7-
"{5DB2625A-54DF-11D0-B6C4-
"{675F097E-4C4D-11D0-B6C1-
"{764BF0E1-F219-11ce-972D-
"{77597368-7b15-11d0-a0c2-
"{7988B573-EC89-11cf-9C00-
"{853FE2B1-B769-11d0-9C4E-
"{85BBD920-42A0-1069-A2E4-
"{88895560-9AA2-1069-930E-
"{BD84B380-8CA2-1069-AB1D-
"{DBCE2480-C732-101B-BE72-
"{F37C5810-4D3F-11d0-B4BF-
"{f81e9010-6ea4-11ce-a7ff-
"{f92e8c40-3d33-11d2-b1aa-
"{7444C717-39BF-11D1-8CD9-
"{7444C719-39BF-11D1-8CD9-
"{7007ACC7-3202-11D1-AAD2-
"{992CFFA0-F557-101A-88EC-
"{E211B736-43FD-11D1-9EFB-
"{FB0C9C8A-6C50-11D1-9F1D-
"{905667aa-acd6-11d2-8080-
"{3F953603-1008-4f6e-A73A-
"{83bbcbf3-b28a-4919-a5aa-
"{F0152790-D56E-4445-850E-
"{60254CA5-953B-11CF-8C96-
"{2206CDB2-19C1-11D1-89E0-
"{DD2110F0-9EEF-11cf-8D8E-
"{797F1E90-9EDD-11cf-8D8E-
"{D6277990-4C6A-11CF-8D87-
"{2559a1f7-21d7-11d4-bdaf-
"{5F327514-6C5E-4d60-8F16-
"{0DF44EAA-FF21-4412-828E-
"{2559a1f0-21d7-11d4-bdaf-
"{2559a1f1-21d7-11d4-bdaf-
"{2559a1f2-21d7-11d4-bdaf-
"{2559a1f3-21d7-11d4-bdaf-
"{2559a1f4-21d7-11d4-bdaf-
"{2559a1f5-21d7-11d4-bdaf-
"{D20EA4E1-3957-11d2-A40B-
"{D20EA4E1-3957-11d2-A40B-
"{596AB062-B4D2-4215-9F74-
"{9DB7A13C-F208-4981-8353-
"{875CB1A1-0F29-45de-A1AE-
"{40C3D757-D6E4-4b49-BB41-
"{E4B29F9D-D390-480b-92FD-
"{87D62D94-71B3-4b9a-9489-
"{A6FD9E45-6E44-43f9-8644-
"{c5a40261-cd64-4ccf-84cb-
"{5E6AB780-7743-11CF-A12B-
"{22BF0C20-6DA7-11D0-B373-
"{91EA3F8B-C99B-11d0-9815-
"{6413BA2C-B461-11d1-A18A-
"{F61FFEC1-754F-11d0-80CA-
"{7BA4C742-9E81-11CF-99D3-
"{30D02401-6A81-11d0-8274-
"{169A0691-8DF9-11d1-A1C4-
"{07798131-AF23-11d1-9111-
"{AF4F6510-F982-11d0-8595-
"{01E04581-4EEE-11d0-BFE9-
"{A08C11D2-A228-11d0-825B-
"{00BB2763-6A77-11D0-A535-
"{7376D660-C583-11d0-A3A5-
"{6756A641-DE71-11d0-831B-
"{6935DB93-21E8-4ccc-BEB9-
"{7e653215-fa25-46bd-a339-
"{acf35015-526e-4230-9596-
"{00BB2764-6A77-11D0-A535-
"{03C036F1-A186-11D0-824A-
"{00BB2765-6A77-11D0-A535-
"{ECD4FC4E-521C-11D0-B792-
"{3CCF8A41-5C85-11d0-9796-
"{ECD4FC4C-521C-11D0-B792-
"{ECD4FC4D-521C-11D0-B792-
"{DD313E04-FEFF-11d1-8ECD-
"{EF8AD2D1-AE36-11D1-B2D2-
"{EFA24E61-B078-11d0-89E4-
"{0A89A860-D7B1-11CE-8350-
"{E7E4BC40-E76A-11CE-A9BB-
"{A5E46E3A-8849-11D1-9D8C-
"{FBF23B40-E3F0-101B-8488-
"{3C374A40-BAE4-11CF-BF7D-
"{FF393560-C2A7-11CF-BFF4-
"{7BD29E00-76C1-11CF-9DD0-
"{7BD29E01-76C1-11CF-9DD0-
"{CFBFAE00-17A6-11D0-99CB-
"{A2B0DD40-CC59-11d0-A3A5-
"{67EA19A0-CCEF-11d0-8024-
"{131A6951-7F78-11D0-A979-
"{9461b922-3c5a-11d2-bf8b-
"{3DC7A020-0ACD-11CF-A9BB-
"{871C5380-42A0-1069-A2EA-
"{EFA24E64-B078-11d0-89E4-
"{9E56BE60-C50F-11CF-9A2C-
"{9E56BE61-C50F-11CF-9A2C-
"{88C6C381-2E85-11D0-94DE-
"{E6FB5E20-DE35-11CF-9C87-
"{ABBE31D0-6DAE-11D0-BECA-
"{F5175861-2688-11d0-9C5E-
"{08165EA0-E946-11CF-9C87-
"{E3A8BDE6-ABCE-11d0-BC4B-
"{E8BB6DC0-6B4E-11d0-92DB-
"{7D559C10-9FE9-11d0-93F7-
"{E6CC6978-6B6E-11D0-BECA-
"{D8BD2030-6FC9-11D0-864F-
"{7FC0B86E-5FA7-11d1-BC7C-
"{352EC2B7-8B9A-11D1-B8AE-
"{0B124F8F-91F0-11D1-B8B5-
"{CFCCC7A0-A282-11D1-9082-
"{e84fda7c-1d6a-45f6-b725-
"{66e4e4fb-f385-4dd0-8d74-
"{00E7B358-F65B-4dcf-83DF-
"{3F30C968-480A-4C6C-862D-
"{9DBD2C50-62AD-11d0-B806-
"{EAB841A0-9550-11cf-8C16-
"{eb9b1153-3b57-4e68-959a-
"{CC6EEFFB-43F6-46c5-9619-
"{add36aa8-751a-4579-a266-
"{6b33163c-76a5-4b6c-bf21-
"{58f1f272-9240-4f51-b6d4-
"{7A9D77BD-5403-11d2-8785-
"{BD472F60-27FA-11cf-B8B4-
"{888DCA60-FC0A-11CF-8F0F-
"{f39a0dc0-9cc8-11d0-a599-
"{f3aa0dc0-9cc8-11d0-a599-
"{f3ba0dc0-9cc8-11d0-a599-
"{f3da0dc0-9cc8-11d0-a599-
"{f3ea0dc0-9cc8-11d0-a599-
"{692F0339-CBAA-47e6-B5B5-
"{63da6ec0-2e98-11cf-8d82-
"{883373C3-BF89-11D1-BE35-
"{A9CF0EAE-901A-4739-A481-
"{8EE97210-FD1F-4B19-91DA-
"{0EEA25CC-4362-4A12-850B-
"{6A205B57-2567-4A2C-B881-
"{28F8A4AC-BBB3-4D9B-B177-
"{8A23E65E-31C2-11d0-891C-
"{9E51E0D0-6E0F-11d2-9601-
"{163FDC20-2ABC-11d0-88F0-
"{F020E586-5264-11d1-A532-
"{0D45D530-764B-11d0-A1CA-
"{62AE1F9A-126A-11D0-A14B-
"{ECF03A33-103D-11d2-854D-
"{ECF03A32-103D-11d2-854D-
"{4a7ded0a-ad25-11d0-98a8-
"{750fdf0e-2a26-11d1-a3ea-
"{10CFC467-4392-11d2-8DB4-
"{AFDB1F70-2A4C-11d2-9039-
"{143A62C8-C33B-11D1-84FE-
"{ECCDF543-45CC-11CE-B9BF-
"{60fd46de-f830-4894-a628-
"{7A80E4A8-8005-11D2-BCF8-
"{0CD7A5C0-9F37-11CE-AE65-
"{32714800-2E5F-11d0-8B85-
"{8DD448E6-C188-4aed-AF92-
"{CE3FB1D1-02AE-4a5f-A6E9-
"{F1B9284F-E9DC-4e68-9D7E-
"{1D2680C9-0E2A-469d-B787-
"{640167b4-59b0-47a6-b335-
"{cc86590a-b60a-48e6-996b-
"{BDEADF00-C265-11D0-BCED-
"{0006F045-0000-0000-C000-
"{42042206-2D85-11D3-8CFF-
"{E0D79304-84BE-11CE-9641-
"{E0D79305-84BE-11CE-9641-
"{E0D79306-84BE-11CE-9641-
"{E0D79307-84BE-11CE-9641-
"{7C9D5882-CB4A-4090-96C8-
"{D9872D13-7651-4471-9EEE-
"{32020A01-506E-484D-A2A8-
"{F0CB00CD-5A07-4D91-97F5-
"{FED7043D-346A-414D-ACD7-
"{2C49B5D0-ACE7-4D17-9DF0-
"{B41DB860-8EE4-11D2-9906-
"{B9E1D2CB-CCFF-4AA6-9579-
"{21569614-B795-46b1-85F4-
"{A70C977A-BF00-412C-90B7-
"{FFB699E0-306A-11d3-8BD1-
"{1CDB2949-8F65-4355-8456-
"{1E9B04FB-F9E5-4718-997B-
"{1E9B04FB-F9E5-4718-997B-
"{842BD3E2-B9AB-41A7-AD72-
"{59F88AA4-2469-4C96-9416-
"{656E5BEA-D2E0-401D-A922-
"{BD0C745E-8EBF-4CE3-933E-
**************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@="C:\\WINDOWS\\system32\\
"ThreadingModel"="Apartmen
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@="C:\\WINDOWS\\system32\\
"ThreadingModel"="Apartmen
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@=""
[HKEY_CLASSES_ROOT\CLSID\{
@="C:\\WINDOWS\\system32\\
"ThreadingModel"="Apartmen
**************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
gdi32.dll Wed Dec 28 2005 9:54:36p A.... 280,064 273.50 K
gp2sl3~1.dll Sun Mar 26 2006 6:32:08p ..S.R 236,603 231.05 K
mvlul9~1.dll Sun Mar 26 2006 7:07:30p ..S.R 234,217 228.73 K
nv4_disp.dll Fri Mar 17 2006 9:31:00a A.... 3,974,656 3.79 M
nvapi.dll Fri Mar 17 2006 9:31:00a A.... 98,304 96.00 K
nvcod.dll Fri Mar 17 2006 9:31:00a A.... 35,840 35.00 K
nvcodins.dll Fri Mar 17 2006 9:31:00a A.... 35,840 35.00 K
nvcpl.dll Fri Mar 17 2006 9:31:00a A.... 7,561,216 7.21 M
nvhwvid.dll Fri Mar 17 2006 9:31:00a A.... 573,440 560.00 K
nview.dll Fri Mar 17 2006 9:31:00a A.... 1,466,368 1.40 M
nvmccs.dll Fri Mar 17 2006 9:31:00a A.... 229,376 224.00 K
nvmccsrs.dll Fri Mar 17 2006 9:31:00a A.... 45,056 44.00 K
nvmctray.dll Fri Mar 17 2006 9:31:00a A.... 86,016 84.00 K
nvnt4cpl.dll Fri Mar 17 2006 9:31:00a A.... 286,720 280.00 K
nvoglnt.dll Fri Mar 17 2006 9:31:00a A.... 5,419,008 5.17 M
nvshell.dll Fri Mar 17 2006 9:31:00a A.... 466,944 456.00 K
nvwddi.dll Fri Mar 17 2006 9:31:00a A.... 81,920 80.00 K
nvwdmcpl.dll Fri Mar 17 2006 9:31:00a A.... 1,662,976 1.59 M
nvwimg.dll Fri Mar 17 2006 9:31:00a A.... 1,019,904 996.00 K
s32evnt1.dll Tue Jan 3 2006 3:31:44p A.... 91,904 89.75 K
webclnt.dll Tue Jan 3 2006 10:35:06p A.... 68,096 66.50 K
wodmtp.dll Sun Mar 26 2006 7:07:32p ..... 236,603 231.05 K
ybroxck.dll Sat Mar 25 2006 8:30:04p A.... 51,712 50.50 K
23 items found: 23 files (2 H/S), 0 directories.
Total of file sizes: 24,242,783 bytes 23.12 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
guard.tmp Sun Mar 26 2006 7:09:32p ..S.R 236,603 231.05 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,603 bytes 231.05 K
**************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 4CC8-8493
Directory of C:\WINDOWS\System32
03/26/2006 07:09 PM 236,603 guard.tmp
03/26/2006 07:07 PM 234,217 mvlul9391.dll
03/26/2006 06:32 PM 236,603 gp2sl3f71.dll
03/10/2006 07:58 AM <DIR> dllcache
03/12/2005 12:31 PM <DIR> Microsoft
3 File(s) 707,423 bytes
2 Dir(s) 10,399,555,584 bytes free
Not sure what these programs are doing but they are running within your shell (ie, Explorer)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jdisg. exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM 32\Userini t.exe,txpv qyy.exe
If you don't recognise them as something you have asked to install, then chances are they could be malware. I don't have either of these in my system or on my computers.
Make a copy of the system.ini and then remove these out. See if that helps.
Hope this helps
Barny
IPKON Networks Ltd
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jdisg.
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM
If you don't recognise them as something you have asked to install, then chances are they could be malware. I don't have either of these in my system or on my computers.
Make a copy of the system.ini and then remove these out. See if that helps.
Hope this helps
Barny
IPKON Networks Ltd
Another thing you might want to do is type "msconfig" in the Run dialog box and make sure that these programs arn't loading in the startup.
Hope This Helps
Hope This Helps
You might also wanna try this website to check if you have any parasites that was missed from adaware, spybot, etc.
http://www.doxdesk.com/parasites
http://www.doxdesk.com/parasites
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I see you have SpySweeper, that must be an older version, SpySweeper version 4.5 up is supposed to remove look2me,
>>>Not sure what these programs are doing but they are running within your shell (ie, Explorer)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jdisg. exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM 32\Userini t.exe,txpv qyy.exe<<<
Those entries above are dropped by narrator/qoologic trojan, it has more entries than those showing up in Hijackthis log.
so is this one, the rest are look2me:
[HKEY_CLASSES_ROOT\CLSID\{ 59F88AA4-2 469-4C96-9 416-81871A 9E3CF3}\In procServer 32]
@="C:\\WINDOWS\\system32\\ kddir.dll"
"ThreadingModel"="Apartmen t"
>>>Not sure what these programs are doing but they are running within your shell (ie, Explorer)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jdisg.
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM
Those entries above are dropped by narrator/qoologic trojan, it has more entries than those showing up in Hijackthis log.
so is this one, the rest are look2me:
[HKEY_CLASSES_ROOT\CLSID\{
@="C:\\WINDOWS\\system32\\
"ThreadingModel"="Apartmen
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.hijackthis.de/
and then click analyse
Go back to hijack this and remove the one that are reported as nasty on the above site