Please Help Me Guys! HIJACK THIS LOG

[eNd_iT]

In desperation mode! Computer is on the fritz and I have a new job starting! Ahhhhhhhh


Thanks so much, here's the log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CB\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [win32hlp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Hgetkkt] C:\WINDOWS\system32\SSTEM3~1\TSKMGR~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[ghost]

O4 - HKCU\..\Run: [Hgetkkt] C:\WINDOWS\system32\SSTEM3~1\TSKMGR~1.EXE

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

Click on the tick box and fix/delete. Reboot then go to C:\ and delete winstall.exe (you might have to turn on "view hidden files" to delete this")

 

[eNd_iT]

first - thaks fo ryour help man!

ok so i deleted that first hting u mentioned but i can find n trace of winstall.exe anywhere


another curious problem - when i turn off my comp and restartit after it gets to the Windows XP black loading screen my computer automatically shuts down...i have to use it in safe mode to work


any other ideas?

 

[ghost]

yeah try safe mode and do the hijack log again, try to find winstall.exe and delete. Then reboot.

 

[eNd_iT]

ok unless i go into safe mode my computer jsut keeps restarting everytime it gets t the Windows XP black loading screen during start-tup.

I found a winstall file in my C: and deleted it along with a bunch of other weird stuff...but still my comp seems to be crazy. Only safe mode works. There is also a red circle with an "X" in it at the bottom of my screen by the clock that says"Your Computer is infected!"

Here is latest HJTL:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\updwebmin.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\svchost.exe
c:\yrroeef.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\ktkphal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CB\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [win32hlp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updwebmin] c:\windows\system32\updwebmin.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\ktkphal.exe
O4 - HKLM\..\RunServices: [updwebmin] c:\windows\system32\updwebmin.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updwebmin] c:\windows\system32\updwebmin.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[edifier]

Please try this.

Reboot your computer.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select 'Last known Good Config', then press "Enter".

If this allows you to get into normal windows, post a new HJT log.