Friends HJT

Status
Not open for further replies.
K

Ksingler

In Runtime
Messages
413
Hey, I was wondering if you could take a look at my friends PC. I had him already go over the 10 steps that Warez Monster posts. He had a lot, i mean a LOT of viruses and spyware, all that. I got him to get AVG for anti virus and it picked up a lot of stuff and healed them. Like i said, he did all 10 program step from Warez already. All he hasn't done yet is a log of HJT and defrag his comp(which he will be doing over night)

Logfile of HijackThis v1.99.1
Scan saved at 10:10:32 PM, on 7/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Ventrilo\Ventrilo.exe
D:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {AA2F6279-F194-FB12-9C4F-FCBAA267499D} - C:\WINDOWS\System32\ioc.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MySpaceBar - {547B894F-4C24-41C3-AA33-66869E00389F} - C:\PROGRA~1\MYSPAC~1\MYSPAC~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [msb.exe] C:\WINDOWS\System32\msb.exe
O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\System32\new.exe
O4 - HKLM\..\Run: [new.exeD HTML 4.] C:\WINDOWS\System32\new.exeD HTML 4.
O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: inicfg32.dll,5,,, svchost.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mstlsapi32 - Unknown owner - C:\WINDOWS\mstlsapi32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe

I had him already delete STOPzilla from add/remove programs. And he also deleted spywaregaurd from a/r programs because it wouldnt install properly.
 
remove these

C:\Program Files\Common Files\STOPzilla!\SZServer.exe

D:\Program Files\STOPzilla!\STOPzilla.exe

R3 - URLSearchHook: (no name) - {AA2F6279-F194-FB12-9C4F-FCBAA267499D} - C:\WINDOWS\System32\ioc.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll

O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe <-- WORM


O4 - HKLM\..\Run: [msb.exe] C:\WINDOWS\System32\msb.exe

O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\System32\new.exe

O4 - HKLM\..\Run: [new.exeD HTML 4.] C:\WINDOWS\System32\new.exeD HTML 4

O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /autostart

O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe

O23 - Service: mstlsapi32 - Unknown owner - C:\WINDOWS\mstlsapi32.exe (file missing)

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe

make sure nothing has added itself back to msconfig, rescan with the sypware tools, run ccleaner and cleanup again, then post a new log
 
Alright, here it is, he did another AVG scan like 5 minutes ago, came out with 3 viruses compared to 3000+ from last night(not a joke, he had over 3000 viruses). I have him running spybot+adaware and then doing ccleaner.

Logfile of HijackThis v1.99.1
Scan saved at 11:25:28 AM, on 7/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
D:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\System32\loadadv64
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153805001046
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: inicfg32.dll,5,,, svchost.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
Here is a Panda Log of my friend... it found 5 viruses, but only disinfected 1 of them, when I tried to tell him to delete them manually.. he said he couldnt open his system32 folders. He said he has a system32ftunist and a system32fthot, but was unable to open them up. Any ideas? I had him get ewido again and do scan with that


Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\180SAInstaller.exe
Adware:adware/mediatickets Not disinfected C:\WINDOWS\System32\oins.exe
Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Adware:adware program Not disinfected c:\windows\system32\key.~
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll
Adware:adware/dollarrevenue Not disinfected c:\windows\gimmygames.dat
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_22.exe
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/yazzlesudoku Not disinfected c:\program files\Yazzle Sudoku
Adware:adware/searchresults Not disinfected Windows Registry
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\cy1wgp3x.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\cy1wgp3x.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\LocalService\Cookies\system@bestoffersnetworks[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\LocalService\Cookies\system@btg.btgrab[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\LocalService\Cookies\system@cliks[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\LocalService\Cookies\system@offeroptimizer[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\4c9y3yg5.default\cookies.txt[.revenue.net/]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Steven\Application Data\s?curity\s?rvices.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Steven\Cookies\steven@atwola[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Steven\Cookies\steven@banners.searchingbooth[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Steven\Cookies\steven@c.enhance[1].txt
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\mmxp2passion.exe
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\QXGHO18X\amm06[1].ocx
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\amm06.ocx
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\gimmygames10a.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\gimmygames11.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Spyware:Spyware/7r7t Not disinfected C:\WINDOWS\srvgtiijny.exe
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\aaa00000.dll
Adware:Adware/eZula Not disinfected C:\WINDOWS\system32\adsetup.exe[²èÇ]
Adware:Adware/Zeno Not disinfected C:\WINDOWS\system32\dsysiz.exe
Adware:Adware/NewAds Not disinfected C:\WINDOWS\system32\efjekgdk.dll
Adware:Adware/Zeno Not disinfected C:\WINDOWS\system32\fsysdmiz.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ftuninst.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\ioc.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\qsdsregj.exe
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\system32\Tagasuarus5.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\system32\Tagasuarus5.exe[SYSC00.exe]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[auxe.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\ZICORN003.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\System32ftuninst.exe
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\System32tfthot.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Tagasuarus2.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\U3RldmVu\oal5xApR.vbs
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\YOINSI.exe
 
Heres the next log, he ran ewido,spybot, and adaware.. all clean, hes running panda onlinescan as i type.
EDIT: I just noticed myself that he has SP1, should he go to SP2?

Logfile of HijackThis v1.99.1
Scan saved at 8:05:19 PM, on 7/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Ventrilo\Ventrilo.exe
d:\program files\valve\steam\steamapps\krypt@csmain.com\counter-strike\hl.exe
D:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153805001046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
Not really, but when i asked whats under his msconfig, he wrote this to me.. NvCpl, nwiz, NvMcTray, jusched, iTunesHelper, qttask, avgcc, demprep 0 -k, ewido, Steam, aim , and one that is a bunch of boxes. Like symbols, also the 'command' are symbols. Location: HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows:Load
 
The only things that need to be in there are his antivirus or firewall if he has one. Everything else he can start up when he needs it, not having it sit in the tray is better because it wont be taking up memory.
 
Ok, i'll let him know.. the panda scan found 4 viruses and didn't disinfect any, also found 28 spyware. The 4 viruses's locations are

C:\WINDOWS\pf78.exe[pms111x.exe]
C:\WINDOWS\pf78.exe[SYSC00.exe]
C:\WINDOWS\system32\Tagasuarus5.exe[pms111x.exe]
C:\WINDOWS\system32\Tagasuarus5.exe[SYSC00.exe]
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom