Oh God! What Happened?!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Renegade313

Thread Starter
Joined
May 25, 2004
Messages
151
look. I have...s.crewed myself over somehow. I went into safe mode, and ran a bunch of programs to clean up my system.

problem one: One program uninstalled my video drivers.

problem two: my computer's defenses are GONE it seems because I'm getitng more pop mups and error messages than EVER before. I have an AD on my desktop. a CLICKABLE ad is on my desktop as a background image. I can close that, but behind it theres an error message image. I'veb been running sometuff on my comp again to try to get rid of it, but nothings working, what should i do?!

Heres my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:19:24 PM, on 1/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\igps.exe
C:\WINDOWS\newfrn.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\pgws.exe
C:\Program Files\Desktop Macros\MacroS.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\winstall.exe
C:\WINDOWS\System32\sywsvcs.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jerry\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [PCI TV Card Remote Control Applet] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [0go40948.dll] RUNDLL32.EXE 0go40948.dll,b 17887750
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Desktop Macros] C:\Program Files\Desktop Macros\MacroS.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [frou] C:\PROGRA~1\COMMON~1\frou\froum.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O21 - SSODL: fldrsys - {C634E959-DF86-4874-9139-925D38410D8E} - fldrsys.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_12.dll
O21 - SSODL: XHbvuAdobV - {F06BDAED-5AC1-7047-EC0D-706AC1CBF048} - C:\WINDOWS\System32\pqixi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
Joined
Dec 6, 2004
Messages
96
I'd suggest you run Spybot. I say a program called 'PayTime' listed there twice, so that can't be good. Clear your startup environment also by doing this: Start->Run->msconfig->under the startup tab, click 'disable all'->under the services tab click 'hide all microsoft services' then click 'disable all'->choose apply, if not there, choose close->restart your system. This should take care of most things.

I don't know what program uninstalled the video drivers, but those are easily gotten back by downloading them from the internet, or, if you have a resource CD, you can usually pull them from there.
 
Joined
Aug 17, 2003
Messages
17,584
The PC is about as inected as I have ever seen!

Click on the little triangle in the top right of your post and ask a moderator to move it to the security forum where the experts can deal with it.

It's going to take more than just spybot to eradicate that lot!
 
Joined
Jan 5, 2006
Messages
275
I would suggest that you post your hijack this log in the security forum - http://forums.techguy.org/54-security/

I would also suggest that you download spybot, ad-aware, zonealarm, a-squared.
Once installed update and run them. Also run a full virus scan, if you don't have any anti-virus software download Avast or AVG they are both free.
 

Renegade313

Thread Starter
Joined
May 25, 2004
Messages
151
I actually installed my video drivers already. all that other stuff is what i need to be rid of.
 
Joined
Jul 26, 2002
Messages
46,353
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
  • If the link to SmitRem above is not working try this one.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Any reason that you have no Windows XP Service Packs installed?
 

Renegade313

Thread Starter
Joined
May 25, 2004
Messages
151
My computer has been mildly screwed for a while, so when they actually released the service pack 2, i tried to get it, and it didnt work. BUT....we bought another home PC and a windows installation cd came with it, and it has the service pack on it. I'll try to use it.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
A cd from another computer more than likely isn't going to work on this one.

However, please elaborate, what happened when you tried to get it? What does 'it didn't work' mean?
 

Renegade313

Thread Starter
Joined
May 25, 2004
Messages
151
ummm. If i can remmeber correctly When i tried installing it, the window popped up basically telling me i had to stop the installation. but where theres usually buttons saying "continue anyway" or "Stop installation",it only had an option for "Stop installation".


anywho, i finished with the other steps besides the online scan. That other stuff took hours. Like Ewido and the disk clean up. and before I finish i jsut wanna elt it be known that i appreciate all the help guys.
 

Renegade313

Thread Starter
Joined
May 25, 2004
Messages
151
i actually just tried the activescan and my activeX controls are too emssed up to allow me to do this. I've been having troudble out of my activeX controls for so long. whcih is why i avoid IE and i just use Firefox
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top