Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help


  • Please log in to reply
1 reply to this topic

#1 Kevin3310

Kevin3310

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 AM

Posted 04 January 2005 - 04:36 PM

can someone help me mai computer doesnt allow me to even run tha computer if u run all startups and services so i cant so i just start with random stuff i dont kno wat im turning on to run mai computer.... heres a safe mode log and a log of mai selective start up i hope u guys can help mee....

heres saffe mode:
Logfile of HijackThis v1.99.0
Scan saved at 11:21:37 AM, on 1/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.makemesearch.com/?said=394
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\john\Local Settings\Temp\fo7b.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [[Ephemeral 2.5] by TreeHugger, ] C:\DOCUME~1\john\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [xfGDfogPg] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [wzservice] hess.exe
O4 - HKLM\..\Run: [WindowsPrintServices] task.exe
O4 - HKLM\..\Run: [Windows Startup] svhost33.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Task Help] wualcts.exe
O4 - HKLM\..\Run: [syste.exe] servi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [s3FX3nP] tsbninst.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QF6U] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [qbgdlh] C:\WINDOWS\System32\ptkjkgd.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\System32\wkwogg.exe
O4 - HKLM\..\Run: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\Run: [MSN Update] msn32.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\Run: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvjkr32.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fyxsemj.exe
O4 - HKLM\..\Run: [C] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [AITwoLoaderEnvSrvAITwoUpdater] "C:\DOCUME~1\john\LOCALS~1\Temp\~compoundinst0\ai_update_loader.exe"
O4 - HKLM\..\Run: [*windows update] wuaruclt.exe
O4 - HKLM\..\Run: [C.exe] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [O7dD.exe] c:\documents and settings\john\local settings\temp\O7dD.exe
O4 - HKLM\..\Run: [icVEuThQ.exe] c:\documents and settings\john\local settings\temp\icVEuThQ.exe
O4 - HKLM\..\Run: [H.exe] c:\documents and settings\john\local settings\temp\H.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [*windows update] wuaruclt.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\RunServices: [Windows Startup] svhost33.exe
O4 - HKLM\..\RunServices: [Windows Compliant] dehqof.exe
O4 - HKLM\..\RunServices: [syste.exe] servi.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [MSN Update] msn32.exe
O4 - HKLM\..\RunServices: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Task Help] wualcts.exe
O4 - HKCU\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [usbdrv] servicetask.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [*windows update] wruauclt.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - Global Startup: hnhpii.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Bgkchj32.dll
O23 - Service: Task Help - Unknown - C:\WINDOWS\System32\wualcts.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

heres selective startup:
Logfile of HijackThis v1.99.0
Scan saved at 11:35:17 AM, on 01/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\crss.exe
C:\WINDOWS\System32\winssv.exe
C:\WINDOWS\System32\systemwin32s.exe
C:\WINDOWS\System32\syshelper.exe
C:\WINDOWS\System32\task.exe
C:\WINDOWS\System32\servicetask.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\syshelped.exe
C:\WINDOWS\System32\fileroller.exe
C:\WINDOWS\System32\kernel33.exe
C:\WINDOWS\System32\HP_DeskJet_500.exe
C:\WINDOWS\System32\wkwogg.exe
C:\WINDOWS\System32\wuaruclt.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\mssw32.exe
C:\WINDOWS\System32\msa.exe
C:\WINDOWS\System32\systcpm.exe
C:\WINDOWS\System32\crsss.exe
C:\WINDOWS\System32\winsup.exe
C:\WINDOWS\System32\dehqof.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\msn32.exe
C:\WINDOWS\System32\wincfg32.exe
C:\Documents and Settings\john\Application Data\uooo.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [*windows update] wuaruclt.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [MSN Update] msn32.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [*windows update] wuaruclt.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\RunServices: [Windows Startup] svhost33.exe
O4 - HKLM\..\RunServices: [Windows Compliant] dehqof.exe
O4 - HKLM\..\RunServices: [syste.exe] servi.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [MSN Update] msn32.exe
O4 - HKLM\..\RunServices: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [*windows update] wuaruclt.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [Windows Compliant] dehqof.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [MSN Update] msn32.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [WindowsPrintServices] task.exe
O4 - HKCU\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - HKCU\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemwin32s.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Bgkchj32.dll


pelase help me so i can do regular start up wiwhtou selectie bull shyt

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 PM

Posted 05 January 2005 - 08:19 AM

Wow! That's a lot of viruses! This may take a few steps, but let's get rid of the bulk of these programs so you can at least run a few scans.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.



O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [[Ephemeral 2.5] by TreeHugger, ] C:\DOCUME~1\john\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [xfGDfogPg] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [wzservice] hess.exe
O4 - HKLM\..\Run: [WindowsPrintServices] task.exe
O4 - HKLM\..\Run: [Windows Startup] svhost33.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Task Help] wualcts.exe
O4 - HKLM\..\Run: [syste.exe] servi.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [s3FX3nP] tsbninst.exe
O4 - HKLM\..\Run: [QF6U] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [qbgdlh] C:\WINDOWS\System32\ptkjkgd.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\System32\wkwogg.exe
O4 - HKLM\..\Run: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\Run: [MSN Update] msn32.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\Run: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvjkr32.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fyxsemj.exe
O4 - HKLM\..\Run: [C] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [AITwoLoaderEnvSrvAITwoUpdater] "C:\DOCUME~1\john\LOCALS~1\Temp\~compoundinst0\ai_update_loader.exe"
O4 - HKLM\..\Run: [*windows update] wuaruclt.exe
O4 - HKLM\..\Run: [C.exe] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [O7dD.exe] c:\documents and settings\john\local settings\temp\O7dD.exe
O4 - HKLM\..\Run: [icVEuThQ.exe] c:\documents and settings\john\local settings\temp\icVEuThQ.exe
O4 - HKLM\..\Run: [H.exe] c:\documents and settings\john\local settings\temp\H.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [start uploading] crsss.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [*windows update] wuaruclt.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\RunServices: [Windows Startup] svhost33.exe
O4 - HKLM\..\RunServices: [Windows Compliant] dehqof.exe
O4 - HKLM\..\RunServices: [syste.exe] servi.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunServices: [usbdrv] servicetask.exe
O4 - HKLM\..\RunServices: [MSN Update] msn32.exe
O4 - HKLM\..\RunServices: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemwin32s.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunOnce: [WindowsPrintServices] task.exe
O4 - HKLM\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Task Help] wualcts.exe
O4 - HKCU\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [usbdrv] servicetask.exe
O4 - HKCU\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [Win32 Network Driver] crss.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKCU\..\Run: [*windows update] wruauclt.exe
O4 - HKCU\..\RunOnce: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\RunOnce: [usbdrv] servicetask.exe
O4 - HKCU\..\RunOnce: [Win32 Network Driver] crss.exe
O4 - HKCU\..\RunOnce: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdates] syshelped.exe
O4 - Global Startup: hnhpii.exe


Reboot your computer into Safe Mode


Now delete all of the files associated with the lines that you fixed with hijackthis. Be very careful because there will be other files with very similar names that you should not delete. Only delete the files listed above.


Delete temp files

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin



Reboot back to normal mode.

Please run these two online scans.
Make sure they are set to clean automatically:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/co...n_principal.htm

If there are files that can not be removed by the scans please include that information in your next post.



Please post a new hijackthis log from normal mode.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users