PDA

View Full Version : alright. time to clean my computer



finalfxtidus
2008-11-23, 04:00
okay im dedicating the next couple of hours to cleaning my computer of all the viruses. a notice to the helper who reads this. i have limewire and vuse installed on my computer. i use these safely and am positive that they are not the source of my problems. i am not willing to remove these. if you are still willing to help me then here is my log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:29 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\netdde.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\clipsrv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\imapi.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\tlntsvr.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\vssvc.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\System32\dmadmin.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\dllhost.exe
E:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\Creative\Shared Files\CTSched.exe
E:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Vuze\Azureus.exe
E:\WINDOWS\system32\rundll32.exe
E:\Documents and Settings\Jacob\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {1CF662BF-4AFD-4778-8306-1F0EB8284EBB} - E:\WINDOWS\system32\ssqononk.dll
O2 - BHO: (no name) - {271E6C9A-32FE-44A2-88C0-AB0A7EF5A2BC} - E:\WINDOWS\system32\wvUkHBSJ.dll
O2 - BHO: (no name) - {4A3E6D6A-7B34-4F74-B785-40BFEC1EF1E8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BE9D157-C854-484C-AA5B-59E12AFDC734} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTAPR2] "E:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [jovujimayo] Rundll32.exe "E:\WINDOWS\system32\kajoveka.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [SpybotDeletingA8172] command /c del "E:\WINDOWS\system32\lqhjlukp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC714] cmd /c del "E:\WINDOWS\system32\lqhjlukp.dll_old"
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CreativeTaskScheduler] "E:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [SkinClock] E:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Creative Software Update] "E:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2144] command /c del "E:\WINDOWS\system32\lqhjlukp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7772] cmd /c del "E:\WINDOWS\system32\lqhjlukp.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "E:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - S-1-5-18 Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O20 - AppInit_DLLs: tqwaqk.dll evafbh.dll rzavpd.dll
O20 - Winlogon Notify: ssqononk - E:\WINDOWS\SYSTEM32\ssqononk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9479 bytes

finalfxtidus
2008-11-23, 04:09
okay. i read the sticky about p2p programs. i have changed my mind and am willing to delete these after appox. 30 mins because im downloading something. if you dont mind going ahead and creating a list of things i need to do i would really appreciate it.

pskelley
2008-11-25, 18:41
Being helped here:
http://forums.spybot.info/showthread.php?t=37096

Please read the directions and stop posting multiple topics!
http://forums.spybot.info/showthread.php?t=288 <<< directions

Thanks