Major Problems

K

kioska

New member
ok i am having a LOT of problems. i will start from the beginning.

i was downloading some files on edonkey (which i will never do again by the way!!!) and i decided to leave the room for awhile. i can back about 20 minutes later and found about 30 popups on my comp. i had to restart the comp to even be able to do anything. after i restarted i ran spybot and deleted about 50 diff things with it. but after i restarted there were a bunch of problems again. then i ran my anti virus program (trend anti virus). this detected about 30 viruses which i then removed. even after that i was still having problems. i was still getting popups. i was having a problem with my windows installer poping up continually. also i couldnt and still cant get my firewall to work. it says due to an unidentified problem windows cannot display firewall settings. then i ran spybot again and removed things yet again. after i did this most of the problems were gone. then i uninstalled all my java programs intending to install the newest version. unfortunately as i was doing this all my previous problems came back and after running spybot multiple times in safemode and running my antivirus i am still having many problems. teatimer is curently blocking things continually. i am about to run spybot again and after i do i will post the log. Tashi and Md usa spybot fan have been giving me advice and i have tried to do what i can but i just cant get this fixed. PLEASE HELP!!!!!! :)

by the way i want to thank Tashi and MD for all the help so far. they have givin me hope that i can fix my problems.

Previous topic:
http://forums.spybot.info/showthread.php?t=3272
 
Last edited by a moderator:
oh by the way the things that teatimer is blocking continually are as follows

denied change of mlbjrc (category system startup global entry)
denied change of jhhkt (category system startup global entry)


they just keep poping up all the time.
 
For now turn off tea timer and dont turn it back on untill we suggest it please
Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
Click to expand...
I see youve been using msconfig, we need to see everything, do undue those changes, then a Hijackthis log made with hijackthis in a folder of its own, not ran from a temporary folder
 
ok i got hijack this and installed it. ran it and it made a log. hope this is what u need. THANK YOU very much for helping me.
 
i cant seem to attach the file ill list it here.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:10 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\windowsautomaticupdates.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\trend antivirus\PCClient.exe
E:\trend antivirus\TMOAgent.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\winrar\WinRAR.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ednvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oyuydkp.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8BC00F10-96FD-D143-AF6D-BF5E631D66C3} - C:\WINDOWS\system32\cccxt.dll (file missing)
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINDOWS\system32\OUGHYA~1.DLL (file missing)
O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - E:\anonymizer\AnonIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [w0961b1f.dll] RUNDLL32.EXE w0961b1f.dll,I2 00015a5f00961b1f
O4 - HKLM\..\Run: [PCClient.exe] "E:\trend antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\trend antivirus\TMOAgent.exe" /run
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe\Reader\reader_sl.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\bodog\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\system32\OUGHYA~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\ipod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roger Wilco Base Station - Unknown owner - E:\ROGERW~1\ROGERW~1\rwbs\rwbs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
 
Go attach this file
C:\WINDOWS\system32\windowsautomaticupdates.exe
here please http://www.thespykiller.co.uk/forum/index.php?board=1.0
let us know when thats done


Post a report from this tool if any FILES show
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download It to C:\ dont start it yet
Go start run type
blbeta /expert
and hit ok or enter, click > scan then (wait untill its finished)> next, next again then exit there will be a new txt near blacklite. post it please.
 
blacklight

hope this is what u want

04/03/06 20:03:13 [Info]: BlackLight Engine 1.0.35 initialized
04/03/06 20:03:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/03/06 20:03:13 [Note]: 7019 4
04/03/06 20:03:13 [Note]: 7005 0
04/03/06 20:03:15 [Note]: 7006 0
04/03/06 20:03:15 [Note]: 7011 1416
04/03/06 20:03:16 [Note]: 7026 0
04/03/06 20:03:16 [Note]: 7026 0
04/03/06 20:03:16 [Note]: 7024 3
04/03/06 20:03:16 [Info]: Hidden process: C:\WINDOWS\system32\ntwrse.exe
04/03/06 20:03:16 [Note]: 7024 3
04/03/06 20:03:16 [Info]: Hidden process: C:\WINDOWS\system32\ednvs.exe
04/03/06 20:03:16 [Note]: 7024 3
04/03/06 20:03:16 [Info]: Hidden process: C:\WINDOWS\system32\ednvs.exe
04/03/06 20:03:16 [Note]: 7024 3
04/03/06 20:03:16 [Info]: Hidden process: C:\WINDOWS\system32\ednvs.exe
04/03/06 20:03:16 [Note]: FSRAW library version 1.7.1015
04/03/06 20:04:44 [Info]: Hidden file: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gbisy.exe
04/03/06 20:04:44 [Note]: 10002 1
04/03/06 20:06:13 [Info]: Hidden file: C:\WINDOWS\system32\oyuydkp.exe
04/03/06 20:06:13 [Note]: 10002 1
04/03/06 20:06:18 [Info]: Hidden file: C:\WINDOWS\system32\ntwrse.exe
04/03/06 20:06:18 [Note]: 10002 1
04/03/06 20:06:19 [Info]: Hidden file: C:\WINDOWS\system32\tbvrjmb.dll
04/03/06 20:06:19 [Note]: 10002 1
04/03/06 20:06:24 [Info]: Hidden file: C:\WINDOWS\system32\ednvs.exe
04/03/06 20:06:24 [Note]: 10002 1
04/03/06 20:06:35 [Info]: Hidden file: C:\WINDOWS\modxj.dll
04/03/06 20:06:35 [Note]: 10002 1
04/03/06 20:07:55 [Note]: 7007 0
 
i posted what i think is the right thing on the other site. not really sure if i did it right. there were 2 files with the same name and neither were a .exe that i could see.

sorry if im doing things wrong im not the best with this kind of stuff.
 
Run Hijackthis click >"config" then "misc tools" >"delete file on reboot"
and delete each of these file's, click no to the message to restart the PC after each.
(exact spelling counts!!! so dont browse to the files)
Copy/Paste these into the File name box then click Open, one at a time of cource.
C:\WINDOWS\system32\dmonwv.dll
then do
C:\WINDOWS\system32\windowsautomaticupdates.exe
Exit Hijackthis

Run Blacklite again the same way,. start run blbeta /expert
scan > next > select each file and choose rename for all of them,
next , Let Blackite restart your PC
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gbisy.exe
04/03/06 20:06:13 [Info]: Hidden file: C:\WINDOWS\system32\oyuydkp.exe
04/03/06 20:06:18 [Info]: Hidden file: C:\WINDOWS\system32\ntwrse.exe
04/03/06 20:06:19 [Info]: Hidden file: C:\WINDOWS\system32\tbvrjmb.dll
04/03/06 20:06:24 [Info]: Hidden file: C:\WINDOWS\system32\ednvs.exe
04/03/06 20:06:35 [Info]: Hidden file: C:\WINDOWS\modxj.dll

=============
There will be a windows error message, windows cannot open such and such file, cancel that, post back with another hijackthis log
 
ok not sure if i did all this right but i got my fingers crossed !!! :)

Heres the new log


Logfile of HijackThis v1.99.1
Scan saved at 11:49:18 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\trend antivirus\PCClient.exe
E:\trend antivirus\TMOAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ednvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oyuydkp.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8BC00F10-96FD-D143-AF6D-BF5E631D66C3} - C:\WINDOWS\system32\cccxt.dll (file missing)
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINDOWS\system32\OUGHYA~1.DLL (file missing)
O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - E:\anonymizer\AnonIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [w0961b1f.dll] RUNDLL32.EXE w0961b1f.dll,I2 00015a5f00961b1f
O4 - HKLM\..\Run: [PCClient.exe] "E:\trend antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\trend antivirus\TMOAgent.exe" /run
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe\Reader\reader_sl.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\bodog\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\system32\OUGHYA~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\ipod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roger Wilco Base Station - Unknown owner - E:\ROGERW~1\ROGERW~1\rwbs\rwbs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Automatic Updates - Unknown owner - C:\WINDOWS\system32\windowsautomaticupdates.exe (file missing)
 
Were there any problems renaming the files with Blacklite ?
run it once more the same way , let me know if any files show or not ?
 
ok i did blacklight wrong. i just ran it not actually starting it with start run. i tried to do it again but it wont run that way. when i try to run it it says it cant find it. when i did that i just ran it by clicking on it. i saved it to my c drive. sorry about that. is there something im missing?
 
ok that worked! ran it , renamed em, restarted, got the error message and heres the new hijack log!

Logfile of HijackThis v1.99.1
Scan saved at 12:30:27 AM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\trend antivirus\PCClient.exe
E:\trend antivirus\TMOAgent.exe
E:\adobe\Reader\reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ednvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oyuydkp.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8BC00F10-96FD-D143-AF6D-BF5E631D66C3} - C:\WINDOWS\system32\cccxt.dll (file missing)
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINDOWS\system32\OUGHYA~1.DLL (file missing)
O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - E:\anonymizer\AnonIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [w0961b1f.dll] RUNDLL32.EXE w0961b1f.dll,I2 00015a5f00961b1f
O4 - HKLM\..\Run: [PCClient.exe] "E:\trend antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\trend antivirus\TMOAgent.exe" /run
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe\Reader\reader_sl.exe
O4 - Global Startup: gbisy.exe.ren
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\bodog\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\system32\OUGHYA~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\ipod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roger Wilco Base Station - Unknown owner - E:\ROGERW~1\ROGERW~1\rwbs\rwbs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Automatic Updates - Unknown owner - C:\WINDOWS\system32\windowsautomaticupdates.exe (file missing)
 
Great

Open a command prompt (start run type cmd press enter) type
sc delete "Windows Automatic Updates"
press enter, type exit and press enter to exit the command prompt


Start Hijackthis and place a check next to these items If there.
http://red.clientapps.yahoo.com/cust...ch/search.html
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ednvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oyuydkp.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {8BC00F10-96FD-D143-AF6D-BF5E631D66C3} - C:\WINDOWS\system32\cccxt.dll (file missing)
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINDOWS\system32\OUGHYA~1.DLL (file missing)
O4 - HKLM\..\Run: [w0961b1f.dll] RUNDLL32.EXE w0961b1f.dll,I2 00015a5f00961b1f
O4 - Global Startup: gbisy.exe.ren
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINDOWS\system32\OUGHYA~1.DLL

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated

Post back with another hijackthis log
 
ok i think i completed all of the above heres the log


Logfile of HijackThis v1.99.1
Scan saved at 1:42:13 AM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\trend antivirus\PCClient.exe
E:\trend antivirus\TMOAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ednvs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,oyuydkp.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\lewis\Application Data\Mozilla\Profiles\default\90h2q8uy.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - E:\anonymizer\AnonIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCClient.exe] "E:\trend antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\trend antivirus\TMOAgent.exe" /run
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe\Reader\reader_sl.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\bodog\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\ipod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roger Wilco Base Station - Unknown owner - E:\ROGERW~1\ROGERW~1\rwbs\rwbs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
You must log in or register to reply here.
Back
Top