Hello, for the last two weeks every time I get on a browser I get popups. And on my user account i cant get into task manager, says that it has been disabled by my administrator. I tried running Malwarebytes but it wouldn't load. And I ran McAfee which didn't work. Heres my Hijackthis logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:49 PM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-qus10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.conduit.com?SearchSource=10&ctid=CT2418376R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22ddea93-5b99-4ef4-8369-baf563de4b9f} - wutivoba.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: PlayFirst Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Update] C:\Windows\temp\WinAV.exe
O4 - HKLM\..\Run: [window.exe] C:\Windows\window.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [bizudopegi] Rundll32.exe "fidetiga.dll",s
O4 - HKLM\..\Run: [foluwageh] Rundll32.exe "c:\windows\system32\nebohipu.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Vonte')
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'Vonte')
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [Google Update] "C:\Documents and Settings\Vonte\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Vonte')
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Vonte')
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [RuneScape_Pin_BETA_V4.exe] C:\Documents and Settings\Vonte\Local Settings\Temp\ (User 'Vonte')
O4 - HKUS\S-1-5-21-2047194156-2355999041-3150669644-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Vonte')
O4 - S-1-5-21-2047194156-2355999041-3150669644-1008 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Vonte')
O4 - S-1-5-21-2047194156-2355999041-3150669644-1008 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Vonte')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AdobeUpdate.jar
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: nakonaze.dll c:\windows\system32\limowuyu.dll c:\windows\system32\vebazifa.dll c:\windows\system32\domanabi.dll c:\windows\system32\duyadaje.dll c:\windows\system32\zarajubo.dll c:\windows\system32\yefayupo.dll c:\windows\system32\nebohipu.dll
O21 - SSODL: benemojal - {bc323f69-31b3-45a6-b6f5-b76bc3d0c4a2} - (no file)
O21 - SSODL: pesefehoh - {bce3bc41-4170-4572-a50a-40fb50ca42a1} - c:\windows\system32\vebazifa.dll (file missing)
O21 - SSODL: rofupemah - {7bcf2b06-5571-4877-8421-5d6d6879dbcb} - (no file)
O21 - SSODL: dimitelur - {2ac6fd8a-23f5-4a4c-b451-e68f25d814d6} - (no file)
O21 - SSODL: hogehogef - {97d46963-8a50-44fb-b46c-3022ddcccf1c} - (no file)
O21 - SSODL: hajudulej - {c9937c0b-d11d-4a6d-a715-0f63d52f8215} - c:\windows\system32\limowuyu.dll (file missing)
O21 - SSODL: teselahuf - {d7c0b563-eb25-4114-9fd6-a4a055229c31} - (no file)
O21 - SSODL: wajirumas - {14d13836-0071-4655-b855-649c1aa85e85} - (no file)
O21 - SSODL: jejusetak - {be18abb0-ca89-42f7-80dc-0f889799690b} - (no file)
O21 - SSODL: wuzanabop - {e3c172aa-a39d-4578-b3b0-03d3abed6cbd} - (no file)
O21 - SSODL: jufobewug - {15ba15f0-d534-4ae3-8daa-3b016e1e7ced} - (no file)
O21 - SSODL: yifegotuv - {04524410-98d4-489c-8908-d0dc62b868c7} - (no file)
O21 - SSODL: zefuparat - {3e2285be-9294-443d-83ff-78c572df5d0a} - c:\windows\system32\nebohipu.dll
O22 - SharedTaskScheduler: mujuzedij - {bc323f69-31b3-45a6-b6f5-b76bc3d0c4a2} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {bce3bc41-4170-4572-a50a-40fb50ca42a1} - c:\windows\system32\vebazifa.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {7bcf2b06-5571-4877-8421-5d6d6879dbcb} - (no file)
O22 - SharedTaskScheduler: gahurihor - {2ac6fd8a-23f5-4a4c-b451-e68f25d814d6} - (no file)
O22 - SharedTaskScheduler: jugezatag - {97d46963-8a50-44fb-b46c-3022ddcccf1c} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {c9937c0b-d11d-4a6d-a715-0f63d52f8215} - c:\windows\system32\limowuyu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {d7c0b563-eb25-4114-9fd6-a4a055229c31} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {14d13836-0071-4655-b855-649c1aa85e85} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {be18abb0-ca89-42f7-80dc-0f889799690b} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {e3c172aa-a39d-4578-b3b0-03d3abed6cbd} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {15ba15f0-d534-4ae3-8daa-3b016e1e7ced} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {cbe4b943-00c6-40c3-807c-d96cef6b06e3} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {3e2285be-9294-443d-83ff-78c572df5d0a} - c:\windows\system32\nebohipu.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 13705 bytes