JrDave2324

Yeah so i've had my computer hooke up to the internet for two days, and after visiting one site, i was thrown with a shit load of spyware and garbage. I removed most of it, but i thought id post my HiJackThis log to see if anyone can tell me what to get rid of and the like...

Logfile of HijackThis v1.97.7
Scan saved at 11:06:17 AM, on 8/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\AOL Instant Messenger\aim.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4445
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4445
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AOL Instant Messenger\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...183.4836458333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab






so if anyone knows about this kinda stuff, help me out please

__________________
AMD Athlon 64 3000+
Gigabyte GA-K8NS Pro
Geil 1024MB PC3200
160GB, 7200, 8MB
Gigabyte ATI Radeon 9600XT

JrDave2324

ok seperate from this issue, notepad will not open any files (.txt, .log, .nfo) i doubleclick on. i have to go open notepad, the file >> open then find the file....why did this happen

__________________
AMD Athlon 64 3000+
Gigabyte GA-K8NS Pro
Geil 1024MB PC3200
160GB, 7200, 8MB
Gigabyte ATI Radeon 9600XT

Flash_AAA

Ok go to Cnet and download the free Ad-aware 6.0 and Spybot search & destroy. That should clean up any spyware. Go to start > run > type msconfig > click startup tab. Now go to this site http://www.sysinfo.org/startuplist.php type a program from startup and it will tell you whether or not to uncheck it and get rid of it.

this is the system they use

"Y" - Normally leave to run at start-up

"N" - Not required - typically infrequently used tasks that can be started manually if necessary

"U" - User's choice - depends whether a user deems it necessary

"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"

"?" - Unknown

good luck ill get back with you on the processes have to find that link.

__________________
AMD 3000+, ASUS A7N8X-LA, 512mb PC2700, 17in LCD,
____________________________________________
"Trust in the Lord with all your heart and lean not on your own understanding in all your ways acknowledge him and he shall direct your paths. Prov 3:5-6