1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Multiple problems, built in system recovery failed, etc. Hijack this log inside...

Discussion in 'Windows XP' started by Peter_Gibbons, Jul 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Peter_Gibbons

    Peter_Gibbons Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    19
    Oh, boy. My computer has so many problems I don't know where to start. It's just one thing after another. I know it must have multiple viruses, spyware and all that nasty stuff.

    I came to the point where I said hell with it, I'll just do a system recovery and start from scratch. Well, that failed too. My HP has a built in system recovery (no discs, like most HP) and when I tried to use it, it just failed and said the system couldn't continue. Those damn viruses must've got into my registry and completely f'ed me up.

    I'm hoping some kind person out there can help me get this thing back to working order. At least so I can do a recovery or help remove the major problems/viruses. Any help would be really apprieciated.

    Here's my Hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:53:12 PM, on 7/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\service.exe
    C:\WINDOWS\system32\csrs.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\?asks\?hkdsk.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - c:\windows\system32\defrag.dll
    O2 - BHO: (no name) - {60314F85-A219-89C8-1E67-8C8DB92387B7} - C:\WINDOWS\System32\rtine.dll
    O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\System32\XunLei.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: H - {9BBF4D32-FF94-4342-83E7-1E7793602DFA} - tehyrd12.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\ICROSO~1\explorer.exe" -vt yazb
    O4 - HKCU\..\Run: [Xblntlim] C:\WINDOWS\system32\?asks\?hkdsk.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://webmail2.ncci.com/iNotes.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183784941453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183784931859
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\service.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Lots of malware files in your log, we can attempt to clean it up. Normally this works without problems, but I expect anything with a badly infected system. Have you tried to back up what you need, or is data, files etc not a problem for you?

    If you are ready and willing to start cleaning:

    Read all down through this..then, get the downloads, and begin. You should disconnect the computer from any Internet device, not be signed into anything, if using broadband, pull out the network cable while you run what is below....then, reconnect and get the logs posted. Download everything to your desktop so it will be easy to find them when in Safe Mode. You will not have Internet access in Safe Mode, so you should either print these directions out, or save them to a blank Notepad, save it as steps.txt, to your desktop.



    CLEAN UP!

    I use CleanUP!, and find it an excellent way to clean up temp files.

    About every 2 or 3 days, as the last thing before shutting down, I run CleanUp.

    There is always a message to log off, after using it, but I sometimes do and then sometimes don't and have not noticed anything different.

    Probably you should the first time.

    And, the first time you run it, you will see a popup about using it in Demo mode, that is a good idea just to see how much junk you have, but then you will have to run CleanUp again, this time, tell it No, so it does it's thing. You won't get the "run in Demo mode" bit after the first time.


    Note: Removing all Cookies will mean that all users of the computer who use sites like TSG that require logging in to an account, will have to manually log in with usernames and passwords at ALL places they have an account....so, be sure everyone knows all their logins and passwords...

    CleanUp also has a Cookie filter, where you can enter the ones you would like to keep- you will see the Cookies tab at the top of it's window.

    Download Cleanup from here

    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET

    Now boot to safe mode.

    Restart your computer to safe mode:
    Restart your computer
    Start tapping the F8 key when the computer restarts.
    When the start menu opens, choose Safe mode
    Press Enter. The computer then begins to start in Safe mode.
    Log onto your usual account- not the Administrator account.



    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    Next:

    SD FIX

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


    Next:

    COMBO FIX:
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    IMPORTANT!
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall




    Next: AVG ANTISPYWARE- You will need to be in Normal Mode with Internet connected, to install it and to get the latest updates for detection files, then you can boot to Safe Mode to scan with AVG Antispyware....

    Install and use directions for AVG Antispyware:
    You will need the correct steps to install and run a scan so here they are:
    Note:When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

    You need to save these directions either to a Notepad text file, save to your desktop, I suggest as a filename, use steps.txt. Or, print this out.
    Please note that the actual scan will be run in Safe Mode, directions below

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security
      (These settings may not be used anymore and the defaults of "N/A" are OK)
    • Click on Change state next to Resident shield. It should now change to inactive. (What shows is n/a =that's OK)
    • Click on Change state next to Automatic updates. It should now change to inactive. (same it should look like n/a)
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
    When the progress lines stop, ususally pressing "Start Update" will just
    change back- it's done if you don't get any further Updating activity)

    (Only If you are having problems with the updater, you can use this link to manually update AVG Anti-spyware. < only if you cannot update over the web.
    AVG Antispyware Updates
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.)
    ______________________________


    • 1. On the main window, click on the "Scanner" button and choose the "Settings" tab.
      • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
      • Under "How to Scan?" check all (default).
      • Under "Possibly unwanted software" check all (default).
      • Under "What to Scan?" make sure "Scan every file" is selected (default).
      • Under "Reports" select "Automatically generate report after every scan" and
        UNcheck "Only if threats were found".
      • 2. Click the "Scan" tab to return to scanning options. You don't scan just yet!
      • 3.If you were scanning now, you would Click "Complete System Scan" to start.
      • 4. When the scan finished you'd be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
      HOW TO SCAN- Please note the scan is done in Safe Mode-read on
    • If the computer is running, shut down Windows, and then turn off the power.
    • Reboot your computer TO Safe Mode. Here's how:
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Launch AVG Antispyware
    • Click "Complete System Scan" to start.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button!
    • 5. Click on "Save Report" to view all completed scans.
    • Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20072020-142816.txt.
    • Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • 6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.



    Next: Post the ComboFix, SDFix, and AVG antispyware logs as it says. Lastly, post one brand new HJthis log made after all above is finished

    You can use more than one reply if they will not fit in one reply, or attach the logs to your reply using the "Manage Attachments" feature at the bottom of the reply window.
     
  3. Peter_Gibbons

    Peter_Gibbons Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    19
    Wow, thanks! Yes, my system is all backed up and I'm ready to recover. I won't have time to go through all these steps until this weekend. So, I'll give it a shot on Saturday and post my results.

    Thanks again for the assistance (y)
     
  4. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    You can try to order a set or a Recovery disk, but for some models, they are not available!

    Usually not for the type that recover from the preinstalled recovery partition, for those, they may have shipped with a DVD burner drive, and a software utility that you can burn your Recovery disk(s) with, ONE TIME only...

    But, the only way to be sure, is to go to the HP Support site, and type in the model/family of HP product, for example, Pavilion 513c...

    Get into the System Information, Specifications, etc section there, and see under the Parts list, if that Recovery set is or is not still available, I bought one a few years ago for XP Home, costin me $23.00 including shipping to NY.


    I would still try to clean up- not only a good experience, but the Recovery might just work afterward.
     
  6. Peter_Gibbons

    Peter_Gibbons Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    19
    Yeah, I would much rather try to fix it myself. I think it's bullsh** that I should have to pay HP anymore money for something that should come with the system, especially when their built in program fails on you. Not to mention I have another HP in the corner that is useless because the system recovery on that failed also, now I can't even logon to windows or even safe mode with it. I tried to create boot disks, created all 6 and then loaded them into the system, only to have it fail on the last disk. So, now I need at least 2 computers that work for me, I go out and buy another HP - figure I'll keep this one nice and maintained from the start. I get everything setup, install all the updates and do everything it prompts me to. Then I try to create the recovery discs from the brand new computer, first recovery DVD burns fine, then the 2nd one fails, try another disc, fails again. On a brand NEW machine.

    I don't think I'll ever buy an HP again. I'm defintely going with an APPLE next.
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, If you want to try, do what was in my reply in post #2 of the thread, post the logs, etc. and I will check them.
     
  8. Peter_Gibbons

    Peter_Gibbons Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    19

    Ok I gave it a shot, here's the results...

    SD FIX
    SDFix: Version 1.91

    Run by Owner on Sun 07/15/2007 at 01:06 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    core
    FCI
    kprof
    MsaSvc
    pe386
    poof
    runtime
    runtime2

    ImagePath:
    system32\drivers\core.sys
    C:\WINDOWS\System32\svchost.exe:ext.exe
    \??\C:\WINDOWS\System32\kprof
    C:\WINDOWS\System32\msasvc.exe
    \??\C:\WINDOWS\System32:lzx32.sys
    \??\C:\WINDOWS\System32\poof
    \??\C:\WINDOWS\System32\drivers\runtime.sys
    \SystemRoot\system32\drivers\runtime2.sys

    core - Deleted
    FCI - Deleted
    kprof - Deleted
    MsaSvc - Deleted
    pe386 - Deleted
    poof - Deleted
    runtime2 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\defrag.dll - Deleted
    C:\WINDOWS\system32\gmc.exe.exe - Deleted
    C:\Documents and Settings\Owner\Application Data\Install.dat - Deleted
    C:\WINDOWS\b103.exe - Deleted
    C:\WINDOWS\b104.exe - Deleted
    C:\WINDOWS\b122.exe - Deleted
    C:\WINDOWS\b128.exe - Deleted
    C:\WINDOWS\b129.exe - Deleted
    C:\WINDOWS\b136.exe - Deleted
    C:\WINDOWS\system32\9_exception.nls - Deleted
    C:\WINDOWS\system32\c - Deleted
    C:\WINDOWS\system32\cookie.dat - Deleted
    C:\WINDOWS\system32\csrs.exe - Deleted
    C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
    C:\WINDOWS\system32\drivers\core.sys - Deleted
    C:\WINDOWS\system32\dwdsregt.exe - Deleted
    C:\WINDOWS\system32\form.txt - Deleted
    C:\WINDOWS\system32\help.txt - Deleted
    C:\WINDOWS\system32\info.txt - Deleted
    C:\WINDOWS\system32\msnav32.ax - Deleted
    C:\WINDOWS\system32\peers.ini - Deleted
    C:\WINDOWS\system32\ps.dat - Deleted
    C:\WINDOWS\system32\service.exe - Deleted
    C:\WINDOWS\system32\setup_silent_13742.exe - Deleted
    C:\WINDOWS\system32\ssms.exe - Deleted
    C:\WINDOWS\system32\svcp.csv - Deleted
    C:\WINDOWS\system32\vx.tll - Deleted
    C:\WINDOWS\system32\winsub.xml - Deleted
    C:\WINDOWS\Temp\startdrv.exe - Deleted
    C:\WINDOWS\wr.txt - Deleted
    C:\WINDOWS\system32\drivers\runtime2.sys - Deleted


    Folder C:\Program Files\InetGet2 - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    :lzx32.sys 61114
    Total size: 61114 bytes.

    system32: deleted 61114 bytes in 1 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:svchost"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Owner\Desktop\Rapidshare\Backups\BigNaturals.com - Drew - Evil Twins(WMV)\Thumbs.db
    C:\Documents and Settings\Owner\Desktop\Rapidshare\Total.Interactive.Control.Of.Alektra.Blue.2007.XXX.READ.NFO.DiSC1.COMPLETE.NTSC.DVDR-PLEASURE\Covers\Thumbs.db
    C:\Documents and Settings\Owner\NetHood\ftp.adobe.com\Desktop.ini
    C:\Program Files\Final Draft 6\System\Rslibw32.dll
    C:\Program Files\Final Draft 6\System\Scpbw32.dll
    C:\Program Files\Final Draft 6\System\Scpw32.dll
    C:\Documents and Settings\Owner\Application Data\?icrosoft\explorer.exe
    C:\Documents and Settings\Owner\My Documents\Misc. stuff\Final Draft .exe's\Final.Draft.v6.0.2.5\Thumbs.db
    C:\Documents and Settings\Owner\My Documents\Misc. stuff\Final Draft .exe's\Final.Draft.v6.0.2.5\CRACK\Thumbs.db
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
    C:\Program Files\Detto\DettoWeb.exe
    C:\Program Files\Detto\IntelliMover Demo.exe
    C:\WINDOWS\system32\?asks\?hkdsk.exe

    Finished

    SD FIX Hijack This Report

    Logfile of HijackThis v1.99.1
    Scan saved at 1:22:55 AM, on 7/15/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\system32\?asks\?hkdsk.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\windows\system32\dwdsregt.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {60314F85-A219-89C8-1E67-8C8DB92387B7} - C:\WINDOWS\System32\rtine.dll
    O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\System32\XunLei.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: H - {83E915D4-DDDB-4450-B957-7A3240E9CE66} - zoox1.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwintndt.exe CHD003
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [{2B-BC-CA-AF-ZN}] c:\windows\system32\dwdsregt.exe CHD003
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [uisfvnli] C:\WINDOWS\System32\sjbigw.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
    O4 - HKLM\..\Run: [skyvoniconhcl] C:\WINDOWS\System32\sjbigw.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [r3FV3tj] wmpsdecd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [PINNACLE STUDIO PLUS V9.3 Crack] C:\Documents and Settings\Owner\My Documents\Limewire\PINNACLE STUDIO PLUS V9.3 Crack.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\ghoeafh.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [fork settings] C:\PROGRA~1\ONCEFO~1\Rdrliteplan.exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\ICROSO~1\explorer.exe" -vt yazb
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Xblntlim] C:\WINDOWS\system32\?asks\?hkdsk.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [d6wwud1rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\crasos.exe
    O4 - HKCU\..\Run: [a0w9RjHqe] wowddi.exe
    O4 - Startup: I.url
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\msdsrego.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwintndt.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://webmail2.ncci.com/iNotes.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183784941453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183784931859
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1599DC8C-2FCD-41FA-9F49-01D9ED5CC39B}: NameServer = 63.99.7.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4031F835-391B-4DBE-A5BA-03EBC871446B}: NameServer = 63.99.7.252
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  9. Peter_Gibbons

    Peter_Gibbons Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    19
    When I tried to run Combo Fix, I got these error messages...

    http://img165.imageshack.us/img165/9397/combofixerrorck5.png

    http://img469.imageshack.us/img469/4516/systemshutdowndk8.png

    AVG Results...

    "General properties",""
    "Report name","Complete Test"
    "Start time","7/15/2007 1:43:28 AM"
    "End time","7/15/2007 3:51:24 AM (total: 2:07:54.9 hrs)"
    "Launch method","Scanning launched manually"
    "Scanning result","No threats found"
    "Report status","Scanning completed successfully"
    " ",""
    "Object summary",""
    "Scanned","110749"
    "Threats Found","0"
    "Cleaned","0"
    "Moved to vault","0"
    "Deleted","0"
    "Errors","1"
    "C:\WINDOWS\regedit.exe","Reading error","Error"
    "C:\WINDOWS\System32\drivers\etc\hosts","Change","Changed"


    AVG Hijack this report

    Logfile of HijackThis v1.99.1
    Scan saved at 5:10:42 AM, on 7/15/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
    C:\windows\system32\dwdsregt.exe
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\?asks\?hkdsk.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\WINDOWS\System32\MsiExec.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {60314F85-A219-89C8-1E67-8C8DB92387B7} - C:\WINDOWS\System32\rtine.dll
    O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\System32\XunLei.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: H - {83E915D4-DDDB-4450-B957-7A3240E9CE66} - zoox1.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwintndt.exe CHD003
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [{2B-BC-CA-AF-ZN}] C:\windows\system32\dwdsregt.exe CHD003
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [uisfvnli] C:\WINDOWS\System32\sjbigw.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
    O4 - HKLM\..\Run: [skyvoniconhcl] C:\WINDOWS\System32\sjbigw.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [r3FV3tj] wmpsdecd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [PINNACLE STUDIO PLUS V9.3 Crack] C:\Documents and Settings\Owner\My Documents\Limewire\PINNACLE STUDIO PLUS V9.3 Crack.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\ghoeafh.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [fork settings] C:\PROGRA~1\ONCEFO~1\Rdrliteplan.exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\ICROSO~1\explorer.exe" -vt yazb
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Xblntlim] C:\WINDOWS\system32\?asks\?hkdsk.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [d6wwud1rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\crasos.exe
    O4 - HKCU\..\Run: [a0w9RjHqe] wowddi.exe
    O4 - Startup: I.url
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\msdsrego.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwintndt.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://webmail2.ncci.com/iNotes.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183784941453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183784931859
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1599DC8C-2FCD-41FA-9F49-01D9ED5CC39B}: NameServer = 63.99.7.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4031F835-391B-4DBE-A5BA-03EBC871446B}: NameServer = 63.99.7.252
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\System32\mszsrn32.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Malware has replaced your regedit file with itself....were you able to get and scan with AVG Antispyware?

    That will help clean things up a lot. You've had/ have a bunch of rootkits, trojans etc as I am sure you are well aware.

    I would try SDFix again, but download a new copy as it is updated very often

    Use the same link, it always gets you the newest version of the file, the link is in my reply back a few posts....

    You can run ComboFix in Safe Mode, in a pinch.....try that.


    Do this:

    Look2Me Destroyer
    Download Look2Me Destroyer
    • Close all windows before continuing.
    • Double-click Look2Me-Destroyer.exe to run it.
    • Put a check next to "Run this program as a task".
    • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
    • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    • Once it's done scanning, click the Remove L2M button.
    • You will receive a Done Scanning message, click OK.
    [*]When completed, you will receive this message: "Done removing infected files! Look2Me-Destroyer will now shutdown your computer", click OK.
    • Your computer will then shutdown.
    • Turn your computer back on.
      [*]Please post the contents of Look2Me-Destroyer.txt in a reply.



    Next:

    • Click Start - Control Panel - Add/Remove Programs
    • In the list of installed software, look for:
      Oin
      Yazzle by Oin
      Purityscan by Oin
      Snowballwars by Oin
      or anything similar with Oin or Outerinfo in it.
      Zolero
      Tizzletalk
      MediaTickets
      Cowabanga
    • If you find any:
      • Click on it and click Remove.
      • Reboot and delete the folder C:\Program Files\PurityScan (if it's still there).
    • If not:


    And> do an online scan, post the results....attach the results log if it is too long to put into a reply

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Multiple problems built
  1. hurdvialjm
    Replies:
    7
    Views:
    414
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594664

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice